Permalink
Browse files

Add a conformance test for the Ruby XSS-after-@ issues

  • Loading branch information...
Matt Sanford
Matt Sanford committed Aug 24, 2010
1 parent 2048424 commit c7d84978d50f9a1c27ce8946c01b1b9883c8a318
Showing with 4 additions and 0 deletions.
  1. +4 −0 autolink.yml
View
@@ -351,3 +351,7 @@ tests:
- description: "Currently handles URL follower directly by @user"
text: "See: http://example.com/@user"
expected: "See: <a href=\"http://example.com/\">http://example.com/</a>@<a class=\"tweet-url username\" href=\"http://twitter.com/user\">user</a>"
+
+ - description: "Does not allow an XSS after an @"
+ text: "See: http://x.xx/@\"style=\"color:pink\"onmouseover=alert(1)//"
+ expected: "See: <a href=\"http://x.xx/\">http://x.xx/</a>@\"style=\"color:pink\"onmouseover=alert(1)//"

0 comments on commit c7d8497

Please sign in to comment.