New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: broken test case to sanitize on-event in ie #1051
Conversation
@@ -54,7 +54,7 @@ describe('htmlSanitizer', function() { | |||
expect(htmlSanitizer(`<TABLE BACKGROUND="javascript:alert('XSS')">`, true)).toBe( | |||
'<table></table>' | |||
); | |||
expect(htmlSanitizer(`<TABLE><TD BACKGROUND="javascript:alert('XSS')">`, true)).toBe( | |||
expect(htmlSanitizer(`<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD>`, true)).toBe( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IE10์์ <td>
๋ง ๋๊ฒจ์ค ๊ฒฝ์ฐ, ์๋์ผ๋ก ํด๋ก์ฆ ํ๊ทธ๋ฅผ ์์ฑํด์ฃผ์ง ์์์ ํด๋ก์ฆ ํ๊ทธ๋ฅผ ์ถ๊ฐํจ
if (ON_EVENT_RX.test(name)) { | ||
node[name] = null; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IE์ ๊ฒฝ์ฐonload
, onerror
๋ฑ ์์ฑ์ ํ ๋น๋ ์ด๋ฒคํธ๊ฐ ์ ๊ฑฐ๋์ง ์์์ XSS ์คํฌ๋ฆฝํธ๋ฅผ ์คํ์ํค๋ ๊ฒฝ์ฐ๊ฐ ์์ผ๋ฉฐ ์ด๋ฒคํธ๋ฅผ ์์ ํ๊ฒ ์ ๊ฑฐํ๊ธฐ ์ํด์ ํด๋น ๋ก์ง์ ์ถ๊ฐํจ
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
๋ฆฌ๋ทฐ์๋ฃ์ ๋๋ค~!
Please check if the PR fulfills these requirements
fix #xxx[,#xxx]
, where "xxx" is the issue number)Description
getNamedItem
,removeNamedItem
togetAttribute
,removeAttribute
because IE is not supported correctly.Thank you for your contribution to TOAST UI product. ๐ ๐ โจ