8000 Tests: Workaround failures in recent XSS tests in iOS 8 - 12 · jquery/jquery@ea2d0d5 · GitHub
[go: up one dir, main page]
Skip to content

Commit ea2d0d5

Browse files
mgolmgol
committed
Tests: Workaround failures in recent XSS tests in iOS 8 - 12
iOS 8-12 parses `<noembed>` tags differently, executing this code. This is no different to native behavior on that OS, though, so just accept it. Ref gh-4685 Closes gh-4694 (cherry picked from commit 11066a9)
1 parent ea3766c commit ea2d0d5

File tree

1 file changed

+15
-7
lines changed

1 file changed

+15
-7
lines changed

test/unit/manipulation.js

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2962,7 +2962,8 @@ QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) {
29622962

29632963
var container,
29642964
counter = 0,
2965-
assertCount = 13,
2965+
oldIos = /iphone os (?:8|9|10|11|12)_/i.test( navigator.userAgent ),
2966+
assertCount = oldIos ? 12 : 13,
29662967
done = assert.async( assertCount );
29672968

29682969
assert.expect( assertCount );
@@ -2999,10 +3000,17 @@ QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) {
29993000
test( "<title><title /><img src=url404 onerror=xss(4)>" );
30003001
test( "<iframe><iframe/><img src=url404 onerror=xss(5)>" );
30013002
test( "<noframes><noframes/><img src=url404 onerror=xss(6)>" );
3002-
test( "<noembed><noembed/><img src=url404 onerror=xss(7)>" );
3003-
test( "<noscript><noscript/><img src=url404 onerror=xss(8)>" );
3004-
test( "<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(9)>\">" );
3005-
test( "<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(10)>\">" );
3006-
test( "<noscript/><img src=url404 onerror=xss(11)>" );
3007-
test( "<option><style></option></select><img src=url404 onerror=xss(12)></style>" );
3003+
test( "<noscript><noscript/><img src=url404 onerror=xss(7)>" );
3004+
test( "<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(8)>\">" );
3005+
test( "<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(9)>\">" );
3006+
test( "<noscript/><img src=url404 onerror=xss(10)>" );
3007+
3008+
test( "<option><style></option></select><img src=url404 onerror=xss(11)></style>" );
3009+
3010+
// Support: iOS 8 - 12 only.
3011+
// Old iOS parses `<noembed>` tags differently, executing this code. This is no
3012+
// different to native behavior on that OS, though, so just accept it.
3013+
if ( !oldIos ) {
3014+
test( "<noembed><noembed/><img src=url404 onerror=xss(12)>" );
3015+
}
30083016
} );

0 commit comments

Comments
 (0)
0