diff options
| author | Christian Schneider | 2022-02-06 20:12:00 +0100 |
|---|---|---|
| committer | Christian Schneider | 2022-02-06 20:13:18 +0100 |
| commit | 5eba8aa0df1befd34eb15a57dacfdc66cffd14ac (patch) | |
| tree | 2e14bc4a995bf12738649adc9dd8550a01094ffa /test/U_tests.json | |
| parent | e867407ae8b86b3170f0f103607d54a0fb7c616e (diff) | |
| download | itools-5eba8aa0df1befd34eb15a57dacfdc66cffd14ac.tar.gz itools-5eba8aa0df1befd34eb15a57dacfdc66cffd14ac.tar.bz2 itools-5eba8aa0df1befd34eb15a57dacfdc66cffd14ac.zip | |
Filter out javascript: scheme in U() to avoid more XSS attacks
Diffstat (limited to 'test/U_tests.json')
| -rw-r--r-- | test/U_tests.json | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/test/U_tests.json b/test/U_tests.json index 83a6771..6bfb957 100644 --- a/test/U_tests.json +++ b/test/U_tests.json @@ -222,6 +222,12 @@ }, { + "args": ["jAvascript://a/%E2%80%A9alert(JSON.stringify(document.cookie))"], + "exp": "//a/%E2%80%A9alert(JSON.stringify(document.cookie))", + "name": "U() remove multiple schemes from path" + }, + + { "args": ["//Oeffnungszeiten:8.30-17.00/"], "exp": "//Oeffnungszeiten:8.30-17.00/", "name": "U() with invalid URL" |