removing patterns that don't get sanitized, but also don't get interpreted when inserted into the HTML

This commit is contained in:
El RIDO 2017-11-22 20:49:23 +01:00
parent 56f4ee5c20
commit d0cccce7a8
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92

View File

@ -1469,12 +1469,6 @@ describe('PasteViewer', function () {
'<TABLE BACKGROUND="javascript:alert(\'XSS\')">', '<TABLE BACKGROUND="javascript:alert(\'XSS\')">',
'<TABLE><TD BACKGROUND="javascript:alert(\'XSS\')">', '<TABLE><TD BACKGROUND="javascript:alert(\'XSS\')">',
'<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="httx://xss.rocks/xss.js"></SCRIPT>', '<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="httx://xss.rocks/xss.js"></SCRIPT>',
'(alert)(1)',
'a=alert,a(1)',
'top[“al”+”ert”](1)',
'top[/al/.source+/ert/.source](1)',
'al\u0065rt(1)',
'top[8680439..toString(30)](1)'
]), ]),
'string', 'string',
function (format, prefix, xss, suffix) { function (format, prefix, xss, suffix) {