test(platform-browser): fix mXSS attack test in Canary (#18809)

PR Close #18809
2017-08-23 12:48:21 +02:00 · 2017-08-23 12:48:21 +02:00 · 516759b1ff
parent aaf826e043
commit 516759b1ff
1 changed files with 2 additions and 1 deletions
--- a/packages/platform-browser/test/security/html_sanitizer_spec.ts
+++ b/packages/platform-browser/test/security/html_sanitizer_spec.ts
@ -136,8 +136,9 @@ export function main() {

    if (browserDetection.isWebkit) {
      it('should prevent mXSS attacks', function() {
+        // In Chrome Canary 62, the ideographic space character is kept as a stringified HTML entity
        expect(sanitizeHtml(defaultDoc, '<a href="&#x3000;javascript:alert(1)">CLICKME</a>'))
-            .toEqual('<a href="unsafe:javascript:alert(1)">CLICKME</a>');
+            .toMatch(/<a href="unsafe:(&#12288;)?javascript:alert\(1\)">CLICKME<\/a>/);
      });
    }
  });