Sha256: 5c25363d481648cafc96d84a4fc0a98ebd111418bca72f988fadc7274f84f505
Contents?: true
Size: 437 Bytes
Versions: 1
Compression:
Stored size: 437 Bytes
Contents
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684
require 'redcloth'
describe 'CVE-2012-6684' do
it 'should not let javascript links pass through' do
# PoC from http://co3k.org/blog/redcloth-unfixed-xss-en
output = RedCloth.new('["clickme":javascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
expect(output).to_not match(/href=.javascript:alert/)
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| RedCloth-4.3.0 | spec/security/CVE-2012-6684_spec.rb |