iSharkFly-Docs
/
angular-docs-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test(platform-browser): fix mXSS attack test in Canary (#18809) 

PR Close #18809
This commit is contained in:
Marc Laval 2017-08-23 12:48:21 +02:00 committed by Igor Minar
parent aaf826e043
commit 516759b1ff
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
packages/platform-browser/test/security/html_sanitizer_spec.ts
View File

@ -136,8 +136,9 @@ export function main() {
if (browserDetection.isWebkit) { if (browserDetection.isWebkit) {
it('should prevent mXSS attacks', function() { it('should prevent mXSS attacks', function() {
// In Chrome Canary 62, the ideographic space character is kept as a stringified HTML entity
expect(sanitizeHtml(defaultDoc, '<a href="&#x3000;javascript:alert(1)">CLICKME</a>')) expect(sanitizeHtml(defaultDoc, '<a href="&#x3000;javascript:alert(1)">CLICKME</a>'))
.toEqual('<a href="unsafe:javascript:alert(1)">CLICKME</a>'); .toMatch(/<a href="unsafe:(&#12288;)?javascript:alert\(1\)">CLICKME<\/a>/);
}); });
} }
}); });