Révision b0dc3a2e
Ajouté par Julien Enselme il y a plus de 7 ans
drupal7/modules/filter/filter.test | ||
---|---|---|
1120 | 1120 |
$f = filter_xss("<img src=\"jav\0a\0\0cript:alert(0)\">", array('img')); |
1121 | 1121 |
$this->assertNoNormalized($f, 'cript', 'HTML scheme clearing evasion -- embedded nulls.'); |
1122 | 1122 |
|
1123 |
$f = filter_xss('<img src="  javascript:alert(0)">', array('img')); |
|
1124 |
$this->assertNoNormalized($f, 'javascript', 'HTML scheme clearing evasion -- spaces and metacharacters before scheme.'); |
|
1123 |
// @todo This dataset currently fails under 5.4 because of |
|
1124 |
// https://www.drupal.org/node/1210798. Restore after it's fixed. |
|
1125 |
if (version_compare(PHP_VERSION, '5.4.0', '<')) { |
|
1126 |
$f = filter_xss('<img src="  javascript:alert(0)">', array('img')); |
|
1127 |
$this->assertNoNormalized($f, 'javascript', 'HTML scheme clearing evasion -- spaces and metacharacters before scheme.'); |
|
1128 |
} |
|
1125 | 1129 |
|
1126 | 1130 |
$f = filter_xss('<img src="vbscript:msgbox(0)">', array('img')); |
1127 | 1131 |
$this->assertNoNormalized($f, 'vbscript', 'HTML scheme clearing evasion -- another scheme.'); |
Formats disponibles : Unified diff
Update to Drupal 7.52