_acs-tcl__ad_html_security_check_forbidden_protolcols (private)
_acs-tcl__ad_html_security_check_forbidden_protolcols
Defined in packages/acs-tcl/tcl/test/html-conversion-procs.tcl
- Partial Call Graph (max 5 caller/called nodes):
- Testcases:
- No testcase defined.
Source code: set _aa_export {} set body_count 1 foreach testcase_body {{ set html {<a href='foo://www.example/com'>An Link</a>} aa_true "protocol 'foo' is not allowed" {[ad_html_security_check $html] ne ""} set html {<a href='javascript:alert("hi")'>An Link</a>} aa_true "protocol 'javascript' is not allowed" {[ad_html_security_check $html] ne ""} set html {<a href='javascript:alert("hi")'>An Link</a>} aa_true "protocol 'javascript' is not allowed" {[ad_html_security_check $html] ne ""} set html {<a href='data:alert("hi")'>An Link</a>} aa_true "protocol 'data' is not allowed" {[ad_html_security_check $html] ne ""} set html {<a href="blob:https://example.com/')">An Link</a>} aa_true "protocol 'blob' is not allowed" {[ad_html_security_check $html] ne ""} set html "<a href='blob:https://example.com/")'>An Link</a>" aa_true "protocol 'blob' is not allowed" {[ad_html_security_check $html] ne ""} }} { aa_log "Running testcase body $body_count" set ::__aa_test_indent [info level] set catch_val [catch $testcase_body msg] if {$catch_val != 0 && $catch_val != 2} { aa_log_result "fail" "ad_html_security_check_forbidden_protolcols (body $body_count): Error during execution: $msg, stack trace: \n$::errorInfo" } incr body_count }XQL Not present: Generic, PostgreSQL, Oracle