Whoops! Forgot a test.

This commit is contained in:
Jacques Distler 2007-02-23 15:09:12 -06:00
parent d8e06f6db9
commit fff30ec27f

View file

@ -159,4 +159,9 @@ class SanitizeTest < Test::Unit::TestCase
sanitize_html(%(<div style="width: expression(alert('XSS'));">foo</div>)) sanitize_html(%(<div style="width: expression(alert('XSS'));">foo</div>))
end end
def test_img_vbscript
assert_equal '<img />',
sanitize_html(%(<img src='vbscript:msgbox("XSS")' />))
end
end end