mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
test(platform-browser): fix mXSS attack test in Canary (#18809)
PR Close #18809
This commit is contained in:
parent
aaf826e043
commit
516759b1ff
1 changed files with 2 additions and 1 deletions
|
|
@ -136,8 +136,9 @@ export function main() {
|
|||
|
||||
if (browserDetection.isWebkit) {
|
||||
it('should prevent mXSS attacks', function() {
|
||||
// In Chrome Canary 62, the ideographic space character is kept as a stringified HTML entity
|
||||
expect(sanitizeHtml(defaultDoc, '<a href=" javascript:alert(1)">CLICKME</a>'))
|
||||
.toEqual('<a href="unsafe:javascript:alert(1)">CLICKME</a>');
|
||||
.toMatch(/<a href="unsafe:( )?javascript:alert\(1\)">CLICKME<\/a>/);
|
||||
});
|
||||
}
|
||||
});
|
||||
|
|
|
|||
Loading…
Reference in a new issue