Permalink
Browse files

Tags with invalid names should also be stripped in order to prevent

XSS attacks.  Thanks Sascha Depold for the report.
  • Loading branch information...
1 parent f9b642c commit 66c3e31dcf314ab0fcabe717576d0b606c685d0e @tenderlove tenderlove committed Aug 16, 2011
@@ -156,7 +156,7 @@ def parse(parent, line, pos, content, strict=true)
end
closing = ( scanner.scan(/\//) ? :close : nil )
- return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
+ return Text.new(parent, line, pos, content) unless name = scanner.scan(/[^\s!>\/]+/)
name.downcase!
unless closing
@@ -5,6 +5,13 @@ def setup
@sanitizer = nil # used by assert_sanitizer
end
+ def test_strip_tags_with_quote
+ sanitizer = HTML::FullSanitizer.new
+ string = '<" <img src="trollface.gif" onload="alert(1)"> hi'
+
+ assert_equal ' hi', sanitizer.sanitize(string)
+ end
+
def test_strip_tags
sanitizer = HTML::FullSanitizer.new
assert_equal("<<<bad html", sanitizer.sanitize("<<<bad html"))

0 comments on commit 66c3e31

Please sign in to comment.