mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-10-01 01:26:10 -04:00
removing patterns that don't get sanitized, but also don't get interpreted when inserted into the HTML
This commit is contained in:
parent
56f4ee5c20
commit
d0cccce7a8
@ -1469,12 +1469,6 @@ describe('PasteViewer', function () {
|
||||
'<TABLE BACKGROUND="javascript:alert(\'XSS\')">',
|
||||
'<TABLE><TD BACKGROUND="javascript:alert(\'XSS\')">',
|
||||
'<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="httx://xss.rocks/xss.js"></SCRIPT>',
|
||||
'(alert)(1)',
|
||||
'a=alert,a(1)',
|
||||
'top[“al”+”ert”](1)',
|
||||
'top[/al/.source+/ert/.source](1)',
|
||||
'al\u0065rt(1)',
|
||||
'top[8680439..toString(30)](1)'
|
||||
]),
|
||||
'string',
|
||||
function (format, prefix, xss, suffix) {
|
||||
|
Loading…
Reference in New Issue
Block a user