test/test_clean_css.rb in sanitize-4.6.6 vs test/test_clean_css.rb in sanitize-5.0.0
- old
+ new
@@ -11,10 +11,10 @@
it 'should sanitize CSS properties in style attributes' do
@s.fragment(%[
<div style="color: #fff; width: expression(alert(1)); /* <-- evil! */"></div>
].strip).must_equal %[
- <div style="color: #fff; /* <-- evil! */"></div>
+ <div style="color: #fff; /* <-- evil! */"></div>
].strip
end
it 'should remove the style attribute if the sanitized CSS is empty' do
@s.fragment('<div style="width: expression(alert(1))"></div>').