remove scheme from path when we have empty hostpart and empty schemepart; this fixes 'a:javascript:alert(origin)'

author: David Flatz 2020-01-23 14:30:18 +0100
committer: David Flatz 2020-01-23 14:30:18 +0100
commit: 54b91bbc8f3b16ed98fbb7be4d3e6a934cde34c2 (patch)
tree: 80177b29a413c36f7573ef4c843b889ce9e05c8c /test
parent: e9140b4736c79aeff8c98b9e251418047fe12f46 (diff)
download: itools-54b91bbc8f3b16ed98fbb7be4d3e6a934cde34c2.tar.gz
itools-54b91bbc8f3b16ed98fbb7be4d3e6a934cde34c2.tar.bz2
itools-54b91bbc8f3b16ed98fbb7be4d3e6a934cde34c2.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/test/U_tests.json b/test/U_tests.json
index e35ff9d..0025565 100644
--- a/test/U_tests.json
+++ b/test/U_tests.json
@@ -207,5 +207,17 @@
 		"args": ["/foo.html", {"<spam>": {"<spam>": "ham"}}],
 		"exp": "/foo.html?%3Cspam%3E%5B%3Cspam%3E%5D=ham",
 		"name": "U() urlencode keys of nested structures"
+	},
+
+	{
+		"args": ["a:javascript:alert('fail');"],
+		"exp": "alert(%27fail%27)%3B",
+		"name": "U() remove schema from path"
+	},
+
+	{
+		"args": ["a:b:c:d:javascript:alert('fail');"],
+		"exp": "alert(%27fail%27)%3B",
+		"name": "U() remove multiple schemes from path"
 	}
 ]
author	David Flatz	2020-01-23 14:30:18 +0100
committer	David Flatz	2020-01-23 14:30:18 +0100
commit	54b91bbc8f3b16ed98fbb7be4d3e6a934cde34c2 (patch)
tree	80177b29a413c36f7573ef4c843b889ce9e05c8c /test
parent	e9140b4736c79aeff8c98b9e251418047fe12f46 (diff)
download	itools-54b91bbc8f3b16ed98fbb7be4d3e6a934cde34c2.tar.gz itools-54b91bbc8f3b16ed98fbb7be4d3e6a934cde34c2.tar.bz2 itools-54b91bbc8f3b16ed98fbb7be4d3e6a934cde34c2.zip