From 5eba8aa0df1befd34eb15a57dacfdc66cffd14ac Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Sun, 6 Feb 2022 20:12:00 +0100
Subject: Filter out javascript: scheme in U() to avoid more XSS attacks

---
 test/U_tests.json | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'test/U_tests.json')

diff --git a/test/U_tests.json b/test/U_tests.json
index 83a6771..6bfb957 100644
--- a/test/U_tests.json
+++ b/test/U_tests.json
@@ -221,6 +221,12 @@
 		"name": "U() remove multiple schemes from path"
 	},
 
+	{
+		"args": ["jAvascript://a/%E2%80%A9alert(JSON.stringify(document.cookie))"],
+		"exp": "//a/%E2%80%A9alert(JSON.stringify(document.cookie))",
+		"name": "U() remove multiple schemes from path"
+	},
+
 	{
 		"args": ["//Oeffnungszeiten:8.30-17.00/"],
 		"exp": "//Oeffnungszeiten:8.30-17.00/",
-- 
cgit v1.2.3