diff options
| author | Christian Schneider | 2022-02-06 20:12:00 +0100 |
|---|---|---|
| committer | Christian Schneider | 2022-02-06 20:13:18 +0100 |
| commit | 5eba8aa0df1befd34eb15a57dacfdc66cffd14ac (patch) | |
| tree | 2e14bc4a995bf12738649adc9dd8550a01094ffa /test/it_html.t | |
| parent | e867407ae8b86b3170f0f103607d54a0fb7c616e (diff) | |
| download | itools-5eba8aa0df1befd34eb15a57dacfdc66cffd14ac.tar.gz itools-5eba8aa0df1befd34eb15a57dacfdc66cffd14ac.tar.bz2 itools-5eba8aa0df1befd34eb15a57dacfdc66cffd14ac.zip | |
Filter out javascript: scheme in U() to avoid more XSS attacks
Diffstat (limited to 'test/it_html.t')
| -rwxr-xr-x | test/it_html.t | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/test/it_html.t b/test/it_html.t index aa734c0..a387781 100755 --- a/test/it_html.t +++ b/test/it_html.t @@ -253,8 +253,10 @@ is( 'empty tags removal' ); +$GLOBALS['ULTRANOERRORS'] = true; # FIXME CS 2022-03-01 Remove this after U() does include it::error for javascript urls any more foreach (json_decode(it::file_get_contents(dirname($argv[0]) . '/U_tests.json'), true) as $test) is(U(...$test['args']), $test['exp'], $test['name']); +$GLOBALS['ULTRANOERRORS'] = false; is(it_html::entity_decode("ä"), "รค"); is(it_html::entity_decode("J"), "J"); |