mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Tags with invalid names should also be stripped in order to prevent
XSS attacks. Thanks Sascha Depold for the report.
This commit is contained in:
parent
8a39f411dc
commit
586a944ddd
2 changed files with 8 additions and 1 deletions
|
@ -156,7 +156,7 @@ module HTML #:nodoc:
|
|||
end
|
||||
|
||||
closing = ( scanner.scan(/\//) ? :close : nil )
|
||||
return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
|
||||
return Text.new(parent, line, pos, content) unless name = scanner.scan(/[^\s!>\/]+/)
|
||||
name.downcase!
|
||||
|
||||
unless closing
|
||||
|
|
|
@ -5,6 +5,13 @@ class SanitizerTest < ActionController::TestCase
|
|||
@sanitizer = nil # used by assert_sanitizer
|
||||
end
|
||||
|
||||
def test_strip_tags_with_quote
|
||||
sanitizer = HTML::FullSanitizer.new
|
||||
string = '<" <img src="trollface.gif" onload="alert(1)"> hi'
|
||||
|
||||
assert_equal ' hi', sanitizer.sanitize(string)
|
||||
end
|
||||
|
||||
def test_strip_tags
|
||||
sanitizer = HTML::FullSanitizer.new
|
||||
assert_equal("<<<bad html", sanitizer.sanitize("<<<bad html"))
|
||||
|
|
Loading…
Reference in a new issue