Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit11066a9

Browse files
authored
Tests: Workaround failures in recent XSS tests in iOS 8 - 12
iOS 8-12 parses `<noembed>` tags differently, executing this code. This is nodifferent to native behavior on that OS, though, so just accept it.Refgh-4685Closesgh-4694
1 parent1a7332c commit11066a9

File tree

1 file changed

+15
-7
lines changed

1 file changed

+15
-7
lines changed

‎test/unit/manipulation.js

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2917,7 +2917,8 @@ QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) {
29172917

29182918
varcontainer,
29192919
counter=0,
2920-
assertCount=13,
2920+
oldIos=/iphoneos(?:8|9|10|11|12)_/i.test(navigator.userAgent),
2921+
assertCount=oldIos ?12 :13,
29212922
done=assert.async(assertCount);
29222923

29232924
assert.expect(assertCount);
@@ -2954,10 +2955,17 @@ QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) {
29542955
test("<title><title /><img src=url404 onerror=xss(4)>");
29552956
test("<iframe><iframe/><img src=url404 onerror=xss(5)>");
29562957
test("<noframes><noframes/><img src=url404 onerror=xss(6)>");
2957-
test("<noembed><noembed/><img src=url404 onerror=xss(7)>");
2958-
test("<noscript><noscript/><img src=url404 onerror=xss(8)>");
2959-
test("<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(9)>\">");
2960-
test("<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(10)>\">");
2961-
test("<noscript/><img src=url404 onerror=xss(11)>");
2962-
test("<option><style></option></select><img src=url404 onerror=xss(12)></style>");
2958+
test("<noscript><noscript/><img src=url404 onerror=xss(7)>");
2959+
test("<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(8)>\">");
2960+
test("<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(9)>\">");
2961+
test("<noscript/><img src=url404 onerror=xss(10)>");
2962+
2963+
test("<option><style></option></select><img src=url404 onerror=xss(11)></style>");
2964+
2965+
// Support: iOS 8 - 12 only.
2966+
// Old iOS parses `<noembed>` tags differently, executing this code. This is no
2967+
// different to native behavior on that OS, though, so just accept it.
2968+
if(!oldIos){
2969+
test("<noembed><noembed/><img src=url404 onerror=xss(12)>");
2970+
}
29632971
});

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp