Skip to content

Commit

Permalink
Backport tests for CVE-2024-34341 to v1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
afcapel committed May 14, 2024
1 parent 29bffd6 commit 59df248
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions test/src/system/pasting_test.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,34 @@ testGroup "Pasting", template: "editor_empty", ->
delete window.unsanitized
done()

test "paste unsafe html with noscript", (done) ->
window.unsanitized = []
pasteData =
"text/plain": "x",
"text/html": """
<div><noscript><div class="123</noscript>456<img src=1 onerror=window.unsanitized.push(1)//"></div></noscript></div>
"""

pasteContent pasteData, () ->
after 20, () ->
assert.deepEqual(window.unsanitized, [])
delete window.unsanitized
done()

test "paste data-trix-attachment unsafe html", (done) ->
window.unsanitized = []
pasteData =
"text/plain": "x",
"text/html": """
copy<div data-trix-attachment="{&quot;contentType&quot;:&quot;text/html&quot;,&quot;content&quot;:&quot;&lt;img src=1 onerror=window.unsanitized.push(1)&gt;HELLO123&quot;}"></div>me
"""

pasteContent pasteData, ->
after 20, ->
assert.deepEqual window.unsanitized, []
delete window.unsanitized
done()

test "prefers plain text when html lacks formatting", (expectDocument) ->
pasteData =
"text/html": "<meta charset='utf-8'>a\nb"
Expand Down

0 comments on commit 59df248

Please sign in to comment.