aboutsummaryrefslogtreecommitdiff
path: root/t
diff options
context:
space:
mode:
Diffstat (limited to 't')
-rwxr-xr-xt/htmlize.t6
-rw-r--r--t/javascript.mdwn2
2 files changed, 7 insertions, 1 deletions
diff --git a/t/htmlize.t b/t/htmlize.t
index a9ccfedcb..670500a67 100755
--- a/t/htmlize.t
+++ b/t/htmlize.t
@@ -1,7 +1,7 @@
#!/usr/bin/perl
use warnings;
use strict;
-use Test::More tests => 4;
+use Test::More tests => 5;
use Encode;
BEGIN { use_ok("IkiWiki"); }
@@ -19,3 +19,7 @@ is(IkiWiki::htmlize("foo", "mdwn", readfile("t/test1.mdwn")),
"utf8; bug #373203");
ok(IkiWiki::htmlize("foo", "mdwn", readfile("t/test2.mdwn")),
"this file crashes markdown if it's fed in as decoded utf-8");
+my $ret=IkiWiki::htmlize("foo", "mdwn", readfile("t/javascript.mdwn"));
+ok($ret !~ /GOTCHA/,
+ "javascript.mdwn contains a number of attempts at getting
+ javascript that contains GOTCHA past the html sanitiser.");
diff --git a/t/javascript.mdwn b/t/javascript.mdwn
new file mode 100644
index 000000000..6a5805a70
--- /dev/null
+++ b/t/javascript.mdwn
@@ -0,0 +1,2 @@
+<a href="javascript&#x3A;alert('GOTCHA')">click me</a>
+<a href="javascript:alert('GOTCHA')">click me</a>