Add more tests for mXSS

spassarop · Jul 3, 2023 · 7e500da · 7e500da
1 parent 849e9f5
commit 7e500da
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/OWASP.AntiSamyTests/Html/AntiSamyTest.cs b/OWASP.AntiSamyTests/Html/AntiSamyTest.cs
@@ -903,6 +903,10 @@ public void TestSmuggledTagsInStyleContent()
                 .Should().NotContain("script");
             antisamy.Scan("<select<style/>k<input<</>input/onfocus=alert(1)>", policy).GetCleanHtml()
                 .Should().NotContain("input");
+            antisamy.Scan("<style/><listing/>]]><noembed></style><img src=x onerror=mxss(1)></noembed>", policy).GetCleanHtml()
+               .Should().NotContain("mxss");
+            antisamy.Scan("<style/><math>'<noframes ></style><img src=x onerror=mxss(1)></noframes>'", policy).GetCleanHtml()
+               .Should().NotContain("mxss");
         }
 
         [Test]