diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-03-02 17:34:18 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-03-02 17:34:18 +0000 |
| commit | cadb23b30dc43383b1e9c8914fa47e55e55f5dfe (patch) | |
| tree | 7ca356b6e0a7a0da00141cb423a43b4f0bb50057 /roundcubemail/tests/src | |
| parent | 8cca782e9d0cc388bc3fe3edd66c879a7f9216ab (diff) | |
Revert r2322; this is done in rcmail_html4inline() and now secured + fix tests
git-svn-id: https://svn.roundcube.net/trunk@2324 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/tests/src')
| -rw-r--r-- | roundcubemail/tests/src/htmlxss.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roundcubemail/tests/src/htmlxss.txt b/roundcubemail/tests/src/htmlxss.txt index 60ceb944e..f6c43e353 100644 --- a/roundcubemail/tests/src/htmlxss.txt +++ b/roundcubemail/tests/src/htmlxss.txt @@ -3,7 +3,7 @@ <p><img onLoad.="alert(document.cookie)" src="skins/default/images/roundcube_logo.png" /></p> -<p><a href="javascript:alert(document.cookie)">mail me!</a> +<p><a href="mailto:xss@somehost.net') && alert(document.cookie) || ignore('">mail me!</a> <a href="http://roundcube.net" target="_self">roundcube.net</a> <a href="http://roundcube.net" \onmouseover="alert('XSS')">roundcube.net (2)</a> |