summaryrefslogtreecommitdiff
path: root/tests/src
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2009-03-02 17:34:18 +0000
committerthomascube <thomas@roundcube.net>2009-03-02 17:34:18 +0000
commit11526305f506245af55e8ae7ea31faec49dfd98d (patch)
treec07328bd6bb8a07e677e97ccbe82e751b638c083 /tests/src
parent63d4b1217216f3d04894090026ed3f01aba9b385 (diff)
Revert r2322; this is done in rcmail_html4inline() and now secured + fix tests
Diffstat (limited to 'tests/src')
-rw-r--r--tests/src/htmlxss.txt2
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/src/htmlxss.txt b/tests/src/htmlxss.txt
index 60ceb944e..f6c43e353 100644
--- a/tests/src/htmlxss.txt
+++ b/tests/src/htmlxss.txt
@@ -3,7 +3,7 @@
<p><img onLoad.="alert(document.cookie)" src="skins/default/images/roundcube_logo.png" /></p>
-<p><a href="javascript:alert(document.cookie)">mail me!</a>
+<p><a href="mailto:xss@somehost.net') && alert(document.cookie) || ignore('">mail me!</a>
<a href="http://roundcube.net" target="_self">roundcube.net</a>
<a href="http://roundcube.net" \onmouseover="alert('XSS')">roundcube.net (2)</a>