Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1819)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart

Issue 2160413002: Add a couple of additional XSS tests (Closed) Base URL: https://github.com/dart-lang/sdk.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart
diff --git a/tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart b/tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart
index 4d7d338393c0cd11ac0cd3648f5dc545e8f76381..6859e8734dd61f9cdb9a0613cf37788c0af77dbb 100644
--- a/tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart
+++ b/tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart
@@ -116,6 +116,14 @@ main() {
validator,
'<span>![CDATA[ some text ]]></span>');
+ testHtml('backquotes not removed',
+ validator,
+ '<img src="dice.png" alt="``onload=xss()" />');
+
+ testHtml('0x3000 not removed',
+ validator,
+ '<a href="&#x3000;javascript:alert(1)">CLICKME</a>');
+
test('sanitizes template contents', () {
if (!TemplateElement.supported) return;
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698