Fix a few edge cases for XSS

2013-10-31 00:48:01 -05:00 · 2013-10-31 00:48:01 -05:00 · 1c3273978b
commit 1c3273978b
parent 271a23cdad
2 changed files with 20 additions and 4 deletions
--- a/tests/xss.js
+++ b/tests/xss.js
@ -10,6 +10,11 @@ function basicTest() {

    assert(sanitize("<a href='javascript:alert(document.cookie)'>") === 
                    "<a href=\":()\">");
+
+    assert(sanitize("<a ") === "<a>");
+
+    assert(sanitize("<img src=\"<a href=\"javascript:void(0)\">>") ===
+                    "<img src=\"<a href=\" javascriptvoid0=\"\">>");
 }

 basicTest();