webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Widened svg content attribute xss filtering

Browse Source 
Takes care of additional cases that can occur.
Closes #3705
This commit is contained in:
Dan Brown
2022-09-06 17:01:56 +01:00
parent 24f82749ff
commit 6955b2fd5a
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/Entity/PageContentTest.php
View File

@ -333,6 +333,9 @@ class PageContentTest extends TestCase
'<svg><animate href=#xss attributeName=href values=javascript:alert(1) /></svg>',
'<svg><animate href="#xss" attributeName="href" values="a;javascript:alert(1)" /></svg>',
'<svg><animate href="#xss" attributeName="href" values="a;data:alert(1)" /></svg>',
'<svg><animate href=#xss attributeName=href from=javascript:alert(1) to=1 /><a id=xss><text x=20 y=20>XSS</text></a>',
'<svg><set href=#xss attributeName=href from=? to=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>',
'<svg><g><g><g><animate href=#xss attributeName=href values=javascript:alert(1) /></g></g></g></svg>',
];
$this->asEditor();