mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-04 17:20:07 +00:00
KSES: Deprecate wp_kses_js_entities().
This function was originally introduced to fix an XSS attack in Netscape 4, which never affected any other browsers, or later versions of Netscape. I'm willing to go out on a limb, and say that we've officially dropped security support for Netscape 4. Props dmsnell, desrosj. Fixes #33848. git-svn-id: https://develop.svn.wordpress.org/trunk@38785 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -195,10 +195,10 @@ EOF;
|
||||
|
||||
switch ( $attack->name ) {
|
||||
case 'XSS Locator':
|
||||
$this->assertEquals('\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//-->">\'>alert(String.fromCharCode(88,83,83))=', $result);
|
||||
$this->assertEquals('\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//-->">\'>alert(String.fromCharCode(88,83,83))=&{}', $result);
|
||||
break;
|
||||
case 'XSS Quick Test':
|
||||
$this->assertEquals('\'\';!--"=', $result);
|
||||
$this->assertEquals('\'\';!--"=&{()}', $result);
|
||||
break;
|
||||
case 'SCRIPT w/Alert()':
|
||||
$this->assertEquals( "alert('XSS')", $result );
|
||||
|
||||
Reference in New Issue
Block a user