Show More
@@ -1,36 +1,40 b'' | |||||
1 | safe_tests = [ |
|
1 | safe_tests = [ | |
2 | "<p>Hi there</p>", |
|
2 | "<p>Hi there</p>", | |
3 | '<h1 class="foo">Hi There!</h1>', |
|
3 | '<h1 class="foo">Hi There!</h1>', | |
4 | '<a data-cite="foo">citation</a>', |
|
4 | '<a data-cite="foo">citation</a>', | |
5 | '<div><span>Hi There</span></div>' |
|
5 | '<div><span>Hi There</span></div>', | |
6 | ]; |
|
6 | ]; | |
7 |
|
7 | |||
8 | unsafe_tests = [ |
|
8 | unsafe_tests = [ | |
9 | "<script>alert(999);</script>", |
|
9 | "<script>alert(999);</script>", | |
10 | '<a onmouseover="alert(999)">999</a>', |
|
10 | '<a onmouseover="alert(999)">999</a>', | |
11 | '<a onmouseover=alert(999)>999</a>', |
|
11 | '<a onmouseover=alert(999)>999</a>', | |
12 | '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', |
|
12 | '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', | |
13 | '<IMG SRC=# onmouseover="alert(999)">', |
|
13 | '<IMG SRC=# onmouseover="alert(999)">', | |
14 | '<<SCRIPT>alert(999);//<</SCRIPT>', |
|
14 | '<<SCRIPT>alert(999);//<</SCRIPT>', | |
15 | '<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >', |
|
15 | '<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >', | |
16 | '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">', |
|
16 | '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">', | |
17 | '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(999);">', |
|
17 | '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(999);">', | |
18 | '<IFRAME SRC="javascript:alert(999);"></IFRAME>', |
|
18 | '<IFRAME SRC="javascript:alert(999);"></IFRAME>', | |
19 | '<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>', |
|
19 | '<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>', | |
20 | '<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>', |
|
20 | '<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>', | |
21 | ]; |
|
21 | ]; | |
22 |
|
22 | |||
23 | casper.notebook_test(function () { |
|
23 | casper.notebook_test(function () { | |
24 | this.each(safe_tests, function (self, item) { |
|
24 | this.each(safe_tests, function (self, item) { | |
25 | var is_safe = self.evaluate(function (item) { |
|
25 | var is_safe = self.evaluate(function (item) { | |
26 | return IPython.security.is_safe(item); |
|
26 | return IPython.security.is_safe(item); | |
27 | }, item); |
|
27 | }, item); | |
28 | this.test.assert(is_safe, item); |
|
28 | this.test.assert(is_safe, "Safe: " + item); | |
29 | }); |
|
29 | }); | |
30 | this.each(unsafe_tests, function (self, item) { |
|
30 | this.each(unsafe_tests, function (self, item) { | |
31 | var is_safe = self.evaluate(function (item) { |
|
31 | var is_safe = self.evaluate(function (item) { | |
32 | return IPython.security.is_safe(item); |
|
32 | return IPython.security.is_safe(item); | |
33 | }, item); |
|
33 | }, item); | |
34 | this.test.assert(!is_safe, item); |
|
34 | this.test.assert(!is_safe, "Unsafe: " + item); | |
|
35 | var sanitized = self.evaluate(function (item) { | |||
|
36 | return IPython.security.sanitize_html(item); | |||
|
37 | }, item); | |||
|
38 | this.test.assertEquals(sanitized.indexOf("alert"), -1, "Sanitized " + item); | |||
35 | }); |
|
39 | }); | |
36 | }); No newline at end of file |
|
40 | }); |
General Comments 0
You need to be logged in to leave comments.
Login now