1 files changed, 35 insertions, 1 deletions

diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb
index e14a6dbf922..27ce312b11c 100644
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
@@ -149,20 +149,54 @@ describe Banzai::Filter::SanitizationFilter, lib: true do
         output: '<a href="java"></a>'
       },
 
+      'protocol-based JS injection: invalid URL char' => {
+        input: '<img src=java\script:alert("XSS")>',
+        output: '<img>'
+      },
+
       'protocol-based JS injection: spaces and entities' => {
         input:  '<a href=" &#14;  javascript:alert(\'XSS\');">foo</a>',
         output: '<a href="">foo</a>'
       },
+
+      'protocol whitespace' => {
+        input: '<a href=" http://example.com/"></a>',
+        output: '<a href="http://example.com/"></a>'
+      }
     }
 
     protocols.each do |name, data|
-      it "handles #{name}" do
+      it "disallows #{name}" do
         doc = filter(data[:input])
 
         expect(doc.to_html).to eq data[:output]
       end
     end
 
+    it 'disallows data links' do
+      input = '<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">XSS</a>'
+      output = filter(input)
+
+      expect(output.to_html).to eq '<a>XSS</a>'
+    end
+
+    it 'disallows vbscript links' do
+      input = '<a href="vbscript:alert(document.domain)">XSS</a>'
+      output = filter(input)
+
+      expect(output.to_html).to eq '<a>XSS</a>'
+    end
+
+    it 'disallows invalid URIs' do
+      expect(Addressable::URI).to receive(:parse).with('foo://example.com').
+        and_raise(Addressable::URI::InvalidURIError)
+
+      input = '<a href="foo://example.com">Foo</a>'
+      output = filter(input)
+
+      expect(output.to_html).to eq '<a>Foo</a>'
+    end
+
     it 'allows non-standard anchor schemes' do
       exp = %q{<a href="irc://irc.freenode.net/git">IRC</a>}
       act = filter(exp)