diff options
| author | Ian Bicking <ianb@colorstudy.com> | 2010-09-14 10:57:29 -0500 |
|---|---|---|
| committer | Ian Bicking <ianb@colorstudy.com> | 2010-09-14 10:57:29 -0500 |
| commit | 2f43ca51972a0cfa19b8dfedb38aa1eca3d21d79 (patch) | |
| tree | 4c553cbecc5a9a2d65d7738023be9fdd7b7a85e1 /tests | |
| parent | f135179046751bd421eba341cc56da0c984dbea8 (diff) | |
| download | paste-2f43ca51972a0cfa19b8dfedb38aa1eca3d21d79.tar.gz | |
Just a bit more paranoia in quoting comments, though I wasn't able to reproduce any actual issue
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_urlmap.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/test_urlmap.py b/tests/test_urlmap.py index 60b66eb..9f77ca2 100644 --- a/tests/test_urlmap.py +++ b/tests/test_urlmap.py @@ -45,3 +45,5 @@ def test_404(): app = TestApp(mapper, extra_environ={'HTTP_ACCEPT': 'text/html'}) res = app.get("/-->%0D<script>alert('xss')</script>", status=404) assert '--><script' not in res.body + res = app.get("/--%01><script>", status=404) + assert '--\x01><script>' not in res.body |