Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: use CSS hex-encoded strings to test sanitization
This adds onto #205. The original reported exploit in 2006 used CSS hex encoding (e.g., "\0075" for "u"), which was ... - mistakenly put into a double-quoted Ruby string in the Instiki test suite in 2007, - then copied into html5lib-ruby's test suite, - then copied into html5lib-python's suite, - then finally copied into the html5lib shared suite, - which was imported into Loofah
- Loading branch information