diff --git a/vendor/plugins/HTML5lib/lib/html5lib/sanitizer.rb b/vendor/plugins/HTML5lib/lib/html5lib/sanitizer.rb
index b52c856f..6049ecef 100644
--- a/vendor/plugins/HTML5lib/lib/html5lib/sanitizer.rb
+++ b/vendor/plugins/HTML5lib/lib/html5lib/sanitizer.rb
@@ -74,7 +74,7 @@ module HTML5lib
xlink:show xlink:title xlink:type xml:base xml:lang xml:space xmlns
xmlns:xlink y y1 y2 zoomAndPan]
- ATTR_VAL_IS_URI = %w[href src cite action longdesc xlink:href]
+ ATTR_VAL_IS_URI = %w[href src cite action longdesc xlink:href xml:base]
ACCEPTABLE_CSS_PROPERTIES = %w[azimuth background-color
border-bottom-color border-collapse border-color border-left-color
@@ -139,6 +139,9 @@ module HTML5lib
token.delete(:name)
return token
end
+ when :Comment
+ token[:data] = ""
+ return token
else
return token
end
diff --git a/vendor/plugins/HTML5lib/tests/test_sanitizer.rb b/vendor/plugins/HTML5lib/tests/test_sanitizer.rb
index c18e673a..25b51fa1 100644
--- a/vendor/plugins/HTML5lib/tests/test_sanitizer.rb
+++ b/vendor/plugins/HTML5lib/tests/test_sanitizer.rb
@@ -307,4 +307,102 @@ class SanitizeTest < Test::Unit::TestCase
output = "\360\235\224\270 a
"
check_sanitization(input, output, output, output)
end
+
+ def test_should_handle_malformed_image_tags
+ input = %(![]()
">)
+ output = "![]()
<script>alert(\"XSS\")</script>\">"
+ rexmloutput = "Ill-formed XHTML!"
+ check_sanitization(input, output, output, rexmloutput)
+ end
+
+ def test_non_alpha_non_digit_II
+ input = %(foo)
+ output = "foo"
+ rexmloutput = "Ill-formed XHTML!"
+ check_sanitization(input, output, output, rexmloutput)
+ end
+
+ def test_non_alpha_non_digit_III
+ input = %(foo)
+ output = "foo"
+ rexmloutput = "Ill-formed XHTML!"
+ check_sanitization(input, output, output, rexmloutput)
+ end
+
+ def test_no_closing_script_tags
+ input = %()
+ output = "<script src=\"//ha.ckers.org/.j\"></script>"
+ rexmloutput = "Ill-formed XHTML!"
+ check_sanitization(input, output, output, rexmloutput)
+ end
+
+ def test_double_open_angle_brackets
+ input = %(
)
+ output = ""
+ xhtmloutput = ""
+ check_sanitization(input, output, xhtmloutput, xhtmloutput)
+ end
+
+ def test_bgsound
+ input = %()
+ output = "<bgsound src=\"javascript:alert('XSS');\"/>"
+ rexmloutput = "<bgsound src=\"javascript:alert('XSS');\"></bgsound>"
+ check_sanitization(input, output, output, rexmloutput)
+ end
+
+# This affects only NS4. Is it worth fixing?
+# def test_javascript_includes
+# input = %(foo
)
+# output = "foo
"
+# check_sanitization(input, output, output, output)
+# end
+
+ def test_link_stylesheets
+ input =%()
+ output = "<link rel=\"stylesheet\" href=\"javascript:alert('XSS');\"/>"
+ rexmloutput = "<link href=\"javascript:alert('XSS');\" rel=\"stylesheet\"/>"
+ check_sanitization(input, output, output, rexmloutput)
+
+ input =%()
+ output = "<link rel=\"stylesheet\" href=\"http://ha.ckers.org/xss.css\"/>"
+ rexmloutput = "<link href=\"http://ha.ckers.org/xss.css\" rel=\"stylesheet\"/>"
+ check_sanitization(input, output, output, rexmloutput)
+ end
+
+ def test_list_style_image
+ input = %(foo)
+ output = "foo"
+ check_sanitization(input, output, output, output)
+ end
+
+ def test_IE_Comments
+ input = %()
+ output = ""
+ check_sanitization(input, output, output, output)
+ end
+
+ def test_xml_base
+ input =%(foo
)
+ output = "foo
"
+ check_sanitization(input, output, output, output)
+ end
end