diff options
| author | Urban Müller | 2023-09-25 16:31:54 +0200 |
|---|---|---|
| committer | Urban Müller | 2023-09-25 16:31:54 +0200 |
| commit | 888af9543cb9b632b0671284771ca6a82aed47dd (patch) | |
| tree | 32d7417cdb6cec3e5ee109021870fee1ff37c8e2 /test | |
| parent | d81ef38f6b66912b62a54f9263b9d15ead872b3d (diff) | |
| download | itools-888af9543cb9b632b0671284771ca6a82aed47dd.tar.gz itools-888af9543cb9b632b0671284771ca6a82aed47dd.tar.bz2 itools-888af9543cb9b632b0671284771ca6a82aed47dd.zip | |
escape dangerous strings inside javascript, including env =
Diffstat (limited to 'test')
| -rwxr-xr-x | test/it_html.t | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/test/it_html.t b/test/it_html.t index ae11ad1..e6477da 100755 --- a/test/it_html.t +++ b/test/it_html.t @@ -288,3 +288,5 @@ is(it_html::entity_decode("’"), "'", "it_html::entity_decode numeric decim is(it_html::entity_decode("࿿"), " ", "it_html::entity_decode invalid numeric hex entity"); is(it_html::entity_decode("ϧ"), " ", "it_html::entity_decode invalid numeric decimal entity"); is(it_html::entity_decode("‹"), " ", "it_html::entity_decode entity von 0x80-0x9f"); + +is(js('<SCriPT> </script> </SCriPT> <!--'), "<script type=\"text/javascript\">\\x3Cscript> \\x3C/script> \\x3C/script> \\x3C!--</script>\n", "escape dangerous js content"); |