deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix XSS vulnerabilities in chunk-handling

Browse source
This commit is contained in:
Jacques Distler 2007-09-23 19:30:39 +00:00
parent 36b86a9d41
commit a3d3f1c536
6 changed files with 55 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
test/unit/chunks/nowiki_test.rb
View file

@ -12,4 +12,10 @@ class NoWikiTest < Test::Unit::TestCase
)
end
def test_sanitized_nowiki
match(NoWiki, 'This sentence contains <nowiki><span>a b</span> <script>alert("XSS!");</script></nowiki>. Do not touch!',
:plain_text => '<span>a b</span> &lt;script&gt;alert("XSS!");&lt;/script&gt;'
)
end
end