Loading core/modules/editor/tests/src/Unit/EditorXssFilter/StandardTest.php +0 −8 Original line number Diff line number Diff line Loading @@ -145,14 +145,6 @@ public function providerTestFilterXss() { // @see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Null_breaks_up_JavaScript_directive $data[] = ["<IMG SRC=java\0script:alert(\"XSS\")>", '<IMG>']; // Spaces and meta chars before the JavaScript in images for XSS. // @see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Spaces_and_meta_chars_before_the_JavaScript_in_images_for_XSS // @todo This dataset currently fails under 5.4 because of // https://www.drupal.org/node/1210798. Restore after it's fixed. if (version_compare(PHP_VERSION, '5.4.0', '<')) { $data[] = ['<IMG SRC="  javascript:alert(\'XSS\');">', '<IMG src="alert('XSS');">']; } // Non-alpha-non-digit XSS. // @see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Non-alpha-non-digit_XSS $data[] = ['<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>', '']; Loading core/tests/Drupal/Tests/Component/Utility/XssTest.php +0 −10 Original line number Diff line number Diff line Loading @@ -433,16 +433,6 @@ public function providerTestFilterXssNotNormalized() { ['p'], ], ]; // @todo This dataset currently fails under 5.4 because of // https://www.drupal.org/node/1210798. Restore after its fixed. if (version_compare(PHP_VERSION, '5.4.0', '<')) { $cases[] = [ '<img src="  javascript:alert(0)">', 'javascript', 'HTML scheme clearing evasion -- spaces and metacharacters before scheme.', ['img'], ]; } return $cases; } Loading Loading
core/modules/editor/tests/src/Unit/EditorXssFilter/StandardTest.php +0 −8 Original line number Diff line number Diff line Loading @@ -145,14 +145,6 @@ public function providerTestFilterXss() { // @see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Null_breaks_up_JavaScript_directive $data[] = ["<IMG SRC=java\0script:alert(\"XSS\")>", '<IMG>']; // Spaces and meta chars before the JavaScript in images for XSS. // @see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Spaces_and_meta_chars_before_the_JavaScript_in_images_for_XSS // @todo This dataset currently fails under 5.4 because of // https://www.drupal.org/node/1210798. Restore after it's fixed. if (version_compare(PHP_VERSION, '5.4.0', '<')) { $data[] = ['<IMG SRC="  javascript:alert(\'XSS\');">', '<IMG src="alert('XSS');">']; } // Non-alpha-non-digit XSS. // @see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Non-alpha-non-digit_XSS $data[] = ['<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>', '']; Loading
core/tests/Drupal/Tests/Component/Utility/XssTest.php +0 −10 Original line number Diff line number Diff line Loading @@ -433,16 +433,6 @@ public function providerTestFilterXssNotNormalized() { ['p'], ], ]; // @todo This dataset currently fails under 5.4 because of // https://www.drupal.org/node/1210798. Restore after its fixed. if (version_compare(PHP_VERSION, '5.4.0', '<')) { $cases[] = [ '<img src="  javascript:alert(0)">', 'javascript', 'HTML scheme clearing evasion -- spaces and metacharacters before scheme.', ['img'], ]; } return $cases; } Loading
