Skip to content

Commit 1fba743

Browse files
mellowaremelloware
committed
1 parent f729a08 commit 1fba743

File tree

1 file changed

+52
-0
lines changed

1 file changed

+52
-0
lines changed

owasp-java-html-sanitizer/src/test/java/org/owasp/html/HtmlSanitizerTest.java

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -454,6 +454,58 @@ public static final void testStylingCornerCase() {
454454
assertEquals(want, sanitize(input));
455455
}
456456

457+
@Test
458+
public static final void testCVE202566021_1() {
459+
// Arrange
460+
String actualPayload = "<noscript><style>/* user content */.x { font-size: 12px; }<div id=\"evil\">XSS?</div></style></noscript>";
461+
String expectedPayload = "<noscript><style>/* user content */.x { font-size: 12px; }</style></noscript>";
462+
463+
HtmlPolicyBuilder htmlPolicyBuilder = new HtmlPolicyBuilder();
464+
PolicyFactory vulnerablePolicy = htmlPolicyBuilder
465+
.allowElements("style", "noscript")
466+
.allowTextIn("style")
467+
.toFactory();
468+
469+
// Act
470+
String sanitized = vulnerablePolicy.sanitize(actualPayload);
471+
472+
// Assert
473+
assertEquals(expectedPayload, sanitized);
474+
}
475+
476+
477+
@Test
478+
public static final void testCVE202566021_2() {
479+
// Arrange
480+
String actualPayload = "<noscript><style>/* user content */.x { font-size: 12px; }<div id=\"evil\">XSS?</div></style></noscript>";
481+
String expectedPayload = "";
482+
483+
HtmlPolicyBuilder htmlPolicyBuilder = new HtmlPolicyBuilder();
484+
PolicyFactory policy = htmlPolicyBuilder.toFactory();
485+
486+
// Act
487+
String sanitized = policy.sanitize(actualPayload);
488+
489+
// Assert
490+
assertEquals(expectedPayload, sanitized);
491+
}
492+
493+
@Test
494+
public static final void testCVE202566021_3() {
495+
// Arrange
496+
String actualPayload = "<noscript><style></noscript><script>alert(1)</script>";
497+
String expectedPayload = "";
498+
499+
HtmlPolicyBuilder htmlPolicyBuilder = new HtmlPolicyBuilder();
500+
PolicyFactory policy = htmlPolicyBuilder.toFactory();
501+
502+
// Act
503+
String sanitized = policy.sanitize(actualPayload);
504+
505+
// Assert
506+
assertEquals(expectedPayload, sanitized);
507+
}
508+
457509
private static String sanitize(@Nullable String html) {
458510
StringBuilder sb = new StringBuilder();
459511
HtmlStreamRenderer renderer = HtmlStreamRenderer.create(

0 commit comments

Comments
 (0)