From f608517d9e1dee126431aafedabdabaa03ec2937 Mon Sep 17 00:00:00 2001
From: Philipp Hagemeister <phihag@phihag.de>
Date: Tue, 5 Feb 2013 18:50:21 +0100
Subject: Forbid javascript:// URLs in safe mode

---
 tests/safe_mode/link-targets.html | 2 ++
 tests/safe_mode/link-targets.txt  | 3 +++
 2 files changed, 5 insertions(+)
 create mode 100644 tests/safe_mode/link-targets.html
 create mode 100644 tests/safe_mode/link-targets.txt

(limited to 'tests')

diff --git a/tests/safe_mode/link-targets.html b/tests/safe_mode/link-targets.html
new file mode 100644
index 0000000..768ae5b
--- /dev/null
+++ b/tests/safe_mode/link-targets.html
@@ -0,0 +1,2 @@
+<p><a href="">XSS</a>
+See http://security.stackexchange.com/q/30330/1261 for details.</p>
\ No newline at end of file
diff --git a/tests/safe_mode/link-targets.txt b/tests/safe_mode/link-targets.txt
new file mode 100644
index 0000000..10eebda
--- /dev/null
+++ b/tests/safe_mode/link-targets.txt
@@ -0,0 +1,3 @@
+[XSS](javascript://%0Aalert%28'XSS'%29;)
+See http://security.stackexchange.com/q/30330/1261 for details.
+
-- 
cgit v1.2.3