Project

General

Profile

Revision b0dc3a2e

Added by Julien Enselme over 7 years ago

Update to Drupal 7.52

View differences:

drupal7/modules/filter/filter.test
1120 1120
    $f = filter_xss("<img src=\"jav\0a\0\0cript:alert(0)\">", array('img'));
1121 1121
    $this->assertNoNormalized($f, 'cript', 'HTML scheme clearing evasion -- embedded nulls.');
1122 1122

  
1123
    $f = filter_xss('<img src=" &#14;  javascript:alert(0)">', array('img'));
1124
    $this->assertNoNormalized($f, 'javascript', 'HTML scheme clearing evasion -- spaces and metacharacters before scheme.');
1123
    // @todo This dataset currently fails under 5.4 because of
1124
    //   https://www.drupal.org/node/1210798. Restore after it's fixed.
1125
    if (version_compare(PHP_VERSION, '5.4.0', '<')) {
1126
      $f = filter_xss('<img src=" &#14;  javascript:alert(0)">', array('img'));
1127
      $this->assertNoNormalized($f, 'javascript', 'HTML scheme clearing evasion -- spaces and metacharacters before scheme.');
1128
    }
1125 1129

  
1126 1130
    $f = filter_xss('<img src="vbscript:msgbox(0)">', array('img'));
1127 1131
    $this->assertNoNormalized($f, 'vbscript', 'HTML scheme clearing evasion -- another scheme.');

Also available in: Unified diff