File: 0001-Test-and-fix-for-JVN53973084.patch

package info (click to toggle)
libhtml-scrubber-perl 0.11-1%2Bdeb8u1
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 296 kB
  • ctags: 38
  • sloc: perl: 673; makefile: 2
file content (65 lines) | stat: -rw-r--r-- 1,989 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
From 3f871371cf40baf37981bc829036d4a444e20124 Mon Sep 17 00:00:00 2001
From: Nigel Metheringham <nigelm@cpan.org>
Date: Sat, 10 Oct 2015 15:01:14 +0100
Subject: [PATCH] Test and fix for JVN53973084

Malformed tags can pass through as comments.
Thus comments are now only passed through if
they are well formed - currently defined as
matching a regular expression.

Origin: backport, https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
Bug-Debian: https://bugs.debian.org/803943
---
 lib/HTML/Scrubber.pm |  6 +++++-
 t/jvn53973084.t      | 21 +++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 t/jvn53973084.t

diff --git a/lib/HTML/Scrubber.pm b/lib/HTML/Scrubber.pm
index e8ee4ba..e7c1d42 100644
--- a/lib/HTML/Scrubber.pm
+++ b/lib/HTML/Scrubber.pm
@@ -284,7 +284,11 @@ sub _scrub_str {
         }
     }
     elsif ( $e eq 'comment' ) {
-        $outstr .= $text if $s->{_comment};
+        if ( $s->{_comment} ) {
+
+            # only copy comments through if they are well formed...
+            $outstr .= $text if ( $text =~ m|^<!--.*-->$|ms );
+        }
     }
     elsif ( $e eq 'process' ) {
         $outstr .= $text if $s->{_process};
diff --git a/t/jvn53973084.t b/t/jvn53973084.t
new file mode 100644
index 0000000..7767609
--- /dev/null
+++ b/t/jvn53973084.t
@@ -0,0 +1,21 @@
+# Tests related to JVN53973084
+
+use strict;
+use warnings;
+use Test::More;
+
+use_ok('HTML::Scrubber');
+
+my @allow = qw[
+    hr
+];
+
+my $html_1 = q[<hr><a href="javascript:alert(1)"<hr>abc];
+my $html_2 = q[<img src="javascript:alert(1)"];
+foreach my $comment_value ( 0, 1 ) {
+    my $scrubber = HTML::Scrubber->new( allow => \@allow, comment => $comment_value );
+    is( $scrubber->scrub($html_1), '<hr>abc', "correct result (1) - with comment => $comment_value" );
+    is( $scrubber->scrub($html_2), '',            "correct result (2) - with comment => $comment_value" );
+}
+
+done_testing;
-- 
2.6.2