Whoops! Forgot a test.
This commit is contained in:
parent
d8e06f6db9
commit
fff30ec27f
|
@ -159,4 +159,9 @@ class SanitizeTest < Test::Unit::TestCase
|
||||||
sanitize_html(%(<div style="width: expression(alert('XSS'));">foo</div>))
|
sanitize_html(%(<div style="width: expression(alert('XSS'));">foo</div>))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_img_vbscript
|
||||||
|
assert_equal '<img />',
|
||||||
|
sanitize_html(%(<img src='vbscript:msgbox("XSS")' />))
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue