Created
December 17, 2015 17:16
-
-
Save ArthurClune/1562730aea39be8156fa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # escaping.txt | |
| --- | |
| { "value":"\u00B9"} | |
| --- | |
| <div>¹</div> | |
| # url.txt | |
| --- | |
| NEW TEMPLATE: .. in URLs are removed | |
| --- | |
| <div> | |
| url("http://victim/cgi/../../../etc/passwd") | |
| </div> | |
| --- | |
| {} | |
| --- | |
| <div>http://victim/cgi/etc/password</div> | |
| # output | |
| test-case/basics/escaping.txt: Bad template output | |
| Escaping of strings | |
| EXPECTED: <div>¹</div> | |
| OUTPUT: <div>¹</div> | |
| DRIVER: NestedJavaDriver | |
| test-case/basics/escaping.txt: Bad template output | |
| Escaping of strings | |
| EXPECTED: <div>¹</div> | |
| OUTPUT: <div>¹</div> | |
| DRIVER: JRubyJSONDriver | |
| test-case/basics/url.txt: Bad template output | |
| .. in URLs are removed | |
| EXPECTED: <div>http://victim/cgi/etc/password</div> | |
| OUTPUT: <div>http://victim/cgi/../../../etc/passwd</div> | |
| DRIVER: NestedJavaDriver | |
| test-case/basics/url.txt: Bad template output | |
| .. in URLs are removed | |
| EXPECTED: <div>http://victim/cgi/etc/password</div> | |
| OUTPUT: <div>http://victim/cgi/../../../etc/passwd</div> | |
| DRIVER: JRubyJSONDriver | |
| FAILED | |
| 351 tests, 347 passed, 4 failed, in 77 files |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Unfortunately I can't solve all the problems of the web. I've read "The Tangled Web" and I think I've addressed all the content generation issues I can, but there's still the other 99% of the book. :-(