deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
instiki/test
History
Jacques Distler 52c1f74ecc Add a couple of XSS tests. 
Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.
2009-01-05 16:25:27 -06:00
..
fixtures Sanitize url refs in SVG attributes 2007-10-27 17:34:29 -05:00
functional @import In Published View 2008-12-22 12:19:18 -06:00
unit Two Bugs 2009-01-01 02:38:12 -06:00
watir Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00
sanitizer.dat Add a couple of XSS tests. 2009-01-05 16:25:27 -06:00
test_helper.rb Uploaded Pictures Should Display in "Published" Mode 2008-12-20 13:56:50 -06:00