Debug v21

2026-02-08 00:52:01 +01:00 · 2024-12-31 16:56:59 +01:00
parent 3cad54e4d1
commit 4d02eca12a
2 changed files with 6 additions and 1 deletions
--- a/test/phpunit/SecurityGETPOSTTest.php
+++ b/test/phpunit/SecurityGETPOSTTest.php
@@ -126,6 +126,7 @@ class SecurityGETPOSTTest extends CommonClassTest
 		$_POST["param18"] = '<span style="background-image: url(...?...action=aaa)">abc</span>';
 		$_POST["param19"] = '<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt:&lpar;alert(document.cookie)&rpar;">XSS</a>';
 		//$_POST["param19"]='<a href="javascript:alert(document.cookie)">XSS</a>';
+		$_GET["param20"] = '<link rel="dns-prefetch" href="//cdnjs.cloudflare.com" />';



@@ -415,6 +416,10 @@ class SecurityGETPOSTTest extends CommonClassTest
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('<span style="background-image: url(...?...aaa)">abc</span>', $result, 'Test anytag with a forbidden value for attribute');

+		$result = GETPOST("param20", 'restricthtmlallowlinkscript');
+		print __METHOD__." result param20 = ".$result."\n";
+		$this->assertEquals('<link rel="dns-prefetch" href="//cdnjs.cloudflare.com">', $result);
+

 		unset($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES);