SECURITY: blacklist CSS var()

[lhc/web/wiklou.git] / tests / phpunit / includes / parser / SanitizerTest.php

diff --git a/tests/phpunit/includes/parser/SanitizerTest.php b/tests/phpunit/includes/parser/SanitizerTest.php
index ad8aa1e..1b67bbd 100644 (file)
--- a/tests/phpunit/includes/parser/SanitizerTest.php
+++ b/tests/phpunit/includes/parser/SanitizerTest.php
@@ -326,6 +326,7 @@ class SanitizerTest extends MediaWikiTestCase {
                        ],
                        [ '/* insecure input */', 'foo: attr( title, url );' ],
                        [ '/* insecure input */', 'foo: attr( title url );' ],
+                       [ '/* insecure input */', 'foo: var(--evil-attribute)' ],
                ];
        }
 
@@ -527,6 +528,7 @@ class SanitizerTest extends MediaWikiTestCase {
                        ],
                        [ '1<span class="<?php">2</span>3', '123' ],
                        [ '1<span class="<?">2</span>3', '123' ],
+                       [ '<th>1</th><td>2</td>', '1 2' ],
                ];
        }