diff options
| author | thomascube <thomas@roundcube.net> | 2009-03-02 17:34:18 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2009-03-02 17:34:18 +0000 |
| commit | 11526305f506245af55e8ae7ea31faec49dfd98d (patch) | |
| tree | c07328bd6bb8a07e677e97ccbe82e751b638c083 /tests/src | |
| parent | 63d4b1217216f3d04894090026ed3f01aba9b385 (diff) | |
Revert r2322; this is done in rcmail_html4inline() and now secured + fix tests
Diffstat (limited to 'tests/src')
| -rw-r--r-- | tests/src/htmlxss.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/src/htmlxss.txt b/tests/src/htmlxss.txt index 60ceb944e..f6c43e353 100644 --- a/tests/src/htmlxss.txt +++ b/tests/src/htmlxss.txt @@ -3,7 +3,7 @@ <p><img onLoad.="alert(document.cookie)" src="skins/default/images/roundcube_logo.png" /></p> -<p><a href="javascript:alert(document.cookie)">mail me!</a> +<p><a href="mailto:xss@somehost.net') && alert(document.cookie) || ignore('">mail me!</a> <a href="http://roundcube.net" target="_self">roundcube.net</a> <a href="http://roundcube.net" \onmouseover="alert('XSS')">roundcube.net (2)</a> |