Skip to content
This repository has been archived by the owner on Aug 1, 2024. It is now read-only.

Commit

Permalink
Adds a test case for the sanitizer with an https iframe src.
Browse files Browse the repository at this point in the history 
RELNOTES: n/a

PiperOrigin-RevId: 521460751
Change-Id: I3fb9a2e492374c96fbd6a35430f139f0f5e9da70
  • Loading branch information
Closure Team authored and Copybara-Service committed Apr 3, 2023
1 parent 5c8d860 commit ea2f538
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions closure/goog/html/sanitizer/html_test_vectors.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,13 @@ goog.html.htmlTestVectors.HTML_TEST_VECTORS = [
"<iframe />",
],
name: "iframe_src"},
{input: "<iframe src=\"https://evil.com\">",
acceptable: [
"",
"<iframe></iframe>",
"<iframe />",
],
name: "iframe_src_https"},
{input: "<iframe srcdoc=\"&lt;img src&equals;x:x onerror&equals;alert&lpar;xss&rpar;&gt;\" />",
acceptable: [
"",
Expand Down

0 comments on commit ea2f538

Please sign in to comment.