[libhtml-defang-perl] 01/02: amend 0002-Fix-test-script-regexp-syntax-for-Perl-5.22.patch to also fix unescaped braces that are fatal for Perl 5.26
Damyan Ivanov
dmn at moszumanska.debian.org
Thu Jun 22 11:59:12 UTC 2017
This is an automated email from the git hooks/post-receive script.
dmn pushed a commit to branch master
in repository libhtml-defang-perl.
commit aa0d56a72b6bc74e468f91a8280a8f1d1697cce3
Author: Damyan Ivanov <dmn at debian.org>
Date: Thu Jun 22 11:57:35 2017 +0000
amend 0002-Fix-test-script-regexp-syntax-for-Perl-5.22.patch to also fix unescaped braces that are fatal for Perl 5.26
Closes: #826480
---
...x-test-script-regexp-syntax-for-Perl-5.22.patch | 28 +++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/debian/patches/0002-Fix-test-script-regexp-syntax-for-Perl-5.22.patch b/debian/patches/0002-Fix-test-script-regexp-syntax-for-Perl-5.22.patch
index 775386e..714dade 100644
--- a/debian/patches/0002-Fix-test-script-regexp-syntax-for-Perl-5.22.patch
+++ b/debian/patches/0002-Fix-test-script-regexp-syntax-for-Perl-5.22.patch
@@ -913,6 +913,28 @@ index d0a783e..e699ebb 100644
-like($Res, qr(^<style><!--a { /\*color:redû;\*/ }--></style>)m, "style unicode correct");
+like($Res, qr(^<style><!--a \{ /\*color:redû;\*/ }--></style>)m, "style unicode correct");
---
-2.6.4
-
+--- a/t/02_xss.t
++++ b/t/02_xss.t
+@@ -640,7 +640,7 @@ $H = <<EOF;
+ <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
+ EOF
+ $R = $D->defang($H);
+-like($R, qr{^<STYLE><!--${CommentStartText}.XSS{/\*background-image:url\("javascript:alert\('XSS'\)"\);\*/}${CommentEndText}--></STYLE><A CLASS=XSS></A>$}, "STYLE tag using background-image - XXX Style");
++like($R, qr{^<STYLE><!--${CommentStartText}.XSS\{/\*background-image:url\("javascript:alert\('XSS'\)"\);\*/\}${CommentEndText}--></STYLE><A CLASS=XSS></A>$}, "STYLE tag using background-image - XXX Style");
+
+ $H = <<EOF;
+ <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
+@@ -1244,11 +1244,11 @@ $H = <<EOF;
+ <img border="&{bbb};asfd&{s};&{ss}">
+ EOF
+ $R = $D->defang($H);
+-like($R, qr{^<img defang_border="&{bbb};asfd&{s};&{ss}">$}, "Strip Javascript entities from known tag with attributes");
++like($R, qr{^<img defang_border="&\{bbb\};asfd&\{s\};&\{ss\}">$}, "Strip Javascript entities from known tag with attributes");
+
+ $H = <<EOF;
+ <br size="&{bbb};asfd&{s};&{ss}">
+ EOF
+ $R = $D->defang($H);
+-like($R, qr{^<br defang_size="&{bbb};asfd&{s};&{ss}">$}, "Strip Javascript entities from whitelisted tag");
++like($R, qr{^<br defang_size="&\{bbb\};asfd&\{s\};&\{ss\}">$}, "Strip Javascript entities from whitelisted tag");
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libhtml-defang-perl.git
More information about the Pkg-perl-cvs-commits
mailing list