Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX Can use the WAF of HTML content (dol_htmlwithnojs) for output too

Browse Source
This commit is contained in:
Laurent Destailleur
2022-11-28 18:42:59 +01:00
parent db6ee9f75f
commit 5cfe40a4bc
4 changed files with 89 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/phpunit/SecurityTest.php
View File

@@ -547,8 +547,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$result=GETPOST("param15", 'restricthtml'); // param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
print __METHOD__." result=".$result."\n";
//$this->assertEquals('InvalidHTMLString', $result, 'Test 15b');
$this->assertEquals('<img onerror> src=&gt;0xbeefed', $result, 'Test 15b');
$this->assertEquals('InvalidHTMLString', $result, 'Test 15b');
//$this->assertEquals('<img onerror> src=&gt;0xbeefed', $result, 'Test 15b');
unset($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML);