Révision b0dc3a2e
Ajouté par Julien Enselme il y a plus de 7 ans
| drupal7/modules/filter/filter.test | ||
|---|---|---|
| 1120 | 1120 |
$f = filter_xss("<img src=\"jav\0a\0\0cript:alert(0)\">", array('img'));
|
| 1121 | 1121 |
$this->assertNoNormalized($f, 'cript', 'HTML scheme clearing evasion -- embedded nulls.'); |
| 1122 | 1122 |
|
| 1123 |
$f = filter_xss('<img src="  javascript:alert(0)">', array('img'));
|
|
| 1124 |
$this->assertNoNormalized($f, 'javascript', 'HTML scheme clearing evasion -- spaces and metacharacters before scheme.'); |
|
| 1123 |
// @todo This dataset currently fails under 5.4 because of |
|
| 1124 |
// https://www.drupal.org/node/1210798. Restore after it's fixed. |
|
| 1125 |
if (version_compare(PHP_VERSION, '5.4.0', '<')) {
|
|
| 1126 |
$f = filter_xss('<img src="  javascript:alert(0)">', array('img'));
|
|
| 1127 |
$this->assertNoNormalized($f, 'javascript', 'HTML scheme clearing evasion -- spaces and metacharacters before scheme.'); |
|
| 1128 |
} |
|
| 1125 | 1129 |
|
| 1126 | 1130 |
$f = filter_xss('<img src="vbscript:msgbox(0)">', array('img'));
|
| 1127 | 1131 |
$this->assertNoNormalized($f, 'vbscript', 'HTML scheme clearing evasion -- another scheme.'); |
Formats disponibles : Unified diff
Update to Drupal 7.52