Test for html containing php script

main
Bob Mottram 2022-10-26 14:40:03 +01:00
parent a538cf86e7
commit a067353aff
1 changed files with 4 additions and 0 deletions

View File

@ -4107,6 +4107,10 @@ def _test_danger_markup():
'.innerHTML = "def";</script></p>' '.innerHTML = "def";</script></p>'
assert dangerous_markup(content, allow_local_network_access) assert dangerous_markup(content, allow_local_network_access)
content = '<p>This html contains more than you expected... ' + \
'<?php $server_output = curl_exec($ch); ?></p>'
assert dangerous_markup(content, allow_local_network_access)
content = '<p>This is a valid-looking message. But wait... ' + \ content = '<p>This is a valid-looking message. But wait... ' + \
'<script src="https://evilsite/payload.js" /></p>' '<script src="https://evilsite/payload.js" /></p>'
assert dangerous_markup(content, allow_local_network_access) assert dangerous_markup(content, allow_local_network_access)