diff options
Diffstat (limited to 'rt/t/security/CVE-2011-2083-clickable-xss.t')
-rw-r--r-- | rt/t/security/CVE-2011-2083-clickable-xss.t | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/rt/t/security/CVE-2011-2083-clickable-xss.t b/rt/t/security/CVE-2011-2083-clickable-xss.t new file mode 100644 index 000000000..008c80378 --- /dev/null +++ b/rt/t/security/CVE-2011-2083-clickable-xss.t @@ -0,0 +1,52 @@ +use strict; +use warnings; + +use RT::Test tests => undef; +use Test::Warn; + +my ($base, $m) = RT::Test->started_ok; + +my $ticket = RT::Test->create_ticket( + Queue => 'General', + Subject => 'test ticket A', +); +my $id = $ticket->id; +ok $id, "created ticket"; + +my @links = ( + 'javascript:alert("xss")', + 'data:text/html,<script>alert("xss")</script>', +); + +for my $link ( map { ($_, ucfirst $_) } @links ) { + my ($ok, $msg); + warnings_like { + ($ok, $msg) = $ticket->AddLink( + Type => 'RefersTo', + Target => $link, + ); + } [qr/Could not determine a URI scheme/, qr/Couldn't resolve/]; + ok !$ok, $msg; + + ok $m->login, "logged in"; + $m->get_ok($base); + $m->follow_link_ok({ text => 'test ticket A' }, 'ticket page'); + $m->follow_link_ok({ text => 'Links' }, 'links page'); + $m->submit_form_ok({ + with_fields => { + "$id-RefersTo" => $link, + }, + button => 'SubmitTicket', + }, 'submitted links page'); + $m->content_contains("Couldn't resolve "); + $m->next_warning_like(qr/Could not determine a URI scheme/, 'expected warning'); + $m->next_warning_like(qr/Couldn't resolve/, 'expected warning'); + + my $element = $m->find_link( url => $link ); + ok !$element, "no <a> link"; +} + +$m->no_leftover_warnings_ok; + +undef $m; +done_testing; |