_acs-tcl__ad_html_security_check_forbidden_protolcols (private)

 _acs-tcl__ad_html_security_check_forbidden_protolcols

Defined in packages/acs-tcl/tcl/test/html-conversion-procs.tcl

Partial Call Graph (max 5 caller/called nodes):
%3 aa_log aa_log (public) aa_log_result aa_log_result (public) aa_true aa_true (public) ad_html_security_check ad_html_security_check (public) _acs-tcl__ad_html_security_check_forbidden_protolcols _acs-tcl__ad_html_security_check_forbidden_protolcols _acs-tcl__ad_html_security_check_forbidden_protolcols->aa_log _acs-tcl__ad_html_security_check_forbidden_protolcols->aa_log_result _acs-tcl__ad_html_security_check_forbidden_protolcols->aa_true _acs-tcl__ad_html_security_check_forbidden_protolcols->ad_html_security_check

Testcases:
No testcase defined.
Source code:
        
        set _aa_export {}
        set body_count 1
        foreach testcase_body {{
    set html {<a href='foo://www.example/com'>An Link</a>}
    aa_true "protocol 'foo' is not allowed" {[ad_html_security_check $html] ne ""}
    set html {<a href='javascript:alert("hi")'>An Link</a>}
    aa_true "protocol 'javascript' is not allowed" {[ad_html_security_check $html] ne ""}
    set html {<a href='javascript:alert(&quot;hi&quot;)'>An Link</a>}
    aa_true "protocol 'javascript' is not allowed" {[ad_html_security_check $html] ne ""}
    set html {<a href='data:alert("hi")'>An Link</a>}
    aa_true "protocol 'data' is not allowed" {[ad_html_security_check $html] ne ""}
    set html {<a href="blob:https://example.com/')">An Link</a>}
    aa_true "protocol 'blob' is not allowed" {[ad_html_security_check $html] ne ""}
    set html "<a href='blob:https://example.com/&quot;)'>An Link</a>"
    aa_true "protocol 'blob' is not allowed" {[ad_html_security_check $html] ne ""}
}} {
          aa_log "Running testcase body $body_count"
          set ::__aa_test_indent [info level]
          set catch_val [catch $testcase_body msg]
          if {$catch_val != 0 && $catch_val != 2} {
              aa_log_result "fail" "ad_html_security_check_forbidden_protolcols (body $body_count): Error during execution: $msg, stack trace: \n$::errorInfo"
          }
          incr body_count
        }
XQL Not present:
Generic, PostgreSQL, Oracle
[ hide source ] | [ make this the default ]
Show another procedure: