haskell/xss-sanitize
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Unbalanced close tags become self-closing tags

Browse Source
This commit is contained in:
Michael Snoyman 2010-11-01 15:19:07 +02:00
parent 6de5d2e8d2
commit 023a56c391
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Text/HTML/SanitizeXSS.hs
View File

@ -28,7 +28,7 @@ sanitizeXSS = renderTagsOptions renderOptions {
safeTags m (t@(TagClose name):tags) safeTags m (t@(TagClose name):tags)
| safeTagName name = | safeTagName name =
case Map.lookup name m of case Map.lookup name m of
Nothing -> safeTags m tags Nothing -> TagOpen name [] : TagClose name : safeTags m tags
Just i -> Just i ->
let m' = if i == 1 let m' = if i == 1
then Map.delete name m then Map.delete name m

2
test.hs
View File

@ -3,6 +3,6 @@ import Text.HTML.SanitizeXSS
main = do main = do
let test = " <a href='http://safe.com'>safe</a><a href='unsafe://hack.com'>anchor</a> <img src='evil://evil.com' /> <unsafe></foo> <bar /> <br></br> <b>Unbalanced</div><img src='http://safe.com'>" let test = " <a href='http://safe.com'>safe</a><a href='unsafe://hack.com'>anchor</a> <img src='evil://evil.com' /> <unsafe></foo> <bar /> <br></br> <b>Unbalanced</div><img src='http://safe.com'>"
let actual = (sanitizeXSS test) let actual = (sanitizeXSS test)
let expected = " <a href=\"http://safe.com\">safe</a><a>anchor</a> <img /> <br /> <b>Unbalanced<img src=\"http://safe.com\"></b>" let expected = " <a href=\"http://safe.com\">safe</a><a>anchor</a> <img /> <br /> <b>Unbalanced<div></div><img src=\"http://safe.com\"></b>"
putStrLn $ "testing: " ++ test putStrLn $ "testing: " ++ test
putStrLn $ if actual == expected then "pass" else "failure\n" ++ "\nexpected:" ++ (show expected) ++ "\nactual: " ++ (show actual) putStrLn $ if actual == expected then "pass" else "failure\n" ++ "\nexpected:" ++ (show expected) ++ "\nactual: " ++ (show actual)