summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2008-02-10 03:38:30 -0500
committerJoey Hess <joey@kodama.kitenet.net>2008-02-10 03:38:30 -0500
commite9a215982b6e522f21653d2d164abcb7246b0f77 (patch)
treed8dfbcaa18a40202cf2a997f5853d5719ea4ac98
parent973ea501907113ea750ea77d54890a75c71fcf68 (diff)
new test case
-rwxr-xr-xt/htmlize.t6
-rw-r--r--t/javascript.mdwn2
2 files changed, 7 insertions, 1 deletions
diff --git a/t/htmlize.t b/t/htmlize.t
index a9ccfedcb..670500a67 100755
--- a/t/htmlize.t
+++ b/t/htmlize.t
@@ -1,7 +1,7 @@
#!/usr/bin/perl
use warnings;
use strict;
-use Test::More tests => 4;
+use Test::More tests => 5;
use Encode;
BEGIN { use_ok("IkiWiki"); }
@@ -19,3 +19,7 @@ is(IkiWiki::htmlize("foo", "mdwn", readfile("t/test1.mdwn")),
"utf8; bug #373203");
ok(IkiWiki::htmlize("foo", "mdwn", readfile("t/test2.mdwn")),
"this file crashes markdown if it's fed in as decoded utf-8");
+my $ret=IkiWiki::htmlize("foo", "mdwn", readfile("t/javascript.mdwn"));
+ok($ret !~ /GOTCHA/,
+ "javascript.mdwn contains a number of attempts at getting
+ javascript that contains GOTCHA past the html sanitiser.");
diff --git a/t/javascript.mdwn b/t/javascript.mdwn
new file mode 100644
index 000000000..6a5805a70
--- /dev/null
+++ b/t/javascript.mdwn
@@ -0,0 +1,2 @@
+<a href="javascript&#x3A;alert('GOTCHA')">click me</a>
+<a href="javascript:alert('GOTCHA')">click me</a>