2005-02-23 Sebastien Pouliot <[email protected]>

 
	* HttpRequestTest.cs: Added another XSS case that was found on ASP.NET
	(fixed now) but didn't affect Mono.


svn path=/trunk/mcs/; revision=41118

mcs/class/System.Web/Test/System.Web/ChangeLog

@@ -1,3 +1,8 @@
+2005-02-23  Sebastien Pouliot  <[email protected]> 
+ 
+	* HttpRequestTest.cs: Added another XSS case that was found on ASP.NET
+	(fixed now) but didn't affect Mono.
+
 2005-02-23  Sebastien Pouliot  <[email protected]>
 
 	* HttpRequestTest.cs: New. Test that ValidateInput throw exceptions

mcs/class/System.Web/Test/System.Web/HttpRequestTest.cs

@@ -68,7 +68,23 @@ namespace MonoTests.System.Web {
 			HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1));
 			request.ValidateInput ();
 			// the next statement throws
-			Assert.AreEqual ("\xff1cscript\xff1ealert('vulnerability')\xff1c/script\xff1e", request.QueryString ["test"], "QueryString-after");
+			Assert.AreEqual ("\xff1cscript\xff1ealert('vulnerability')\xff1c/script\xff1e", request.QueryString ["test"], "QueryString");
+		}
+
+		// This has affected ASP.NET 1.1 but it seems fixed now
+		// http://secunia.com/advisories/9716/
+		// http://weblogs.asp.net/kaevans/archive/2003/11/12/37169.aspx
+		[Test]
+		[ExpectedException (typeof (HttpRequestValidationException))]
+		public void ValidateInput_XSS_Null ()
+		{
+			string problem = "http://secunia.com/?test=<%00SCRIPT>alert(document.cookie)</SCRIPT>";
+			string decoded = HttpUtility.UrlDecode (problem);
+			int n = decoded.IndexOf ('?');
+			HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1));
+			request.ValidateInput ();
+			// the next statement throws
+			Assert.AreEqual ("<SCRIPT>alert(document.cookie)</SCRIPT>", request.QueryString ["test"], "QueryString");
 		}
 #endif
 	}