From 853c428964aa6d607c65132080f8986541191bd0 Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Fri, 10 Apr 2020 11:34:58 -0600 Subject: [PATCH] Fix logic inversion bug from Android 1.0. Bug: 73822755 Test: atest CtsNetTestCases:android.net.cts.UrlQuerySanitizerTest Change-Id: Ice98bb0813918341d8cffd3197cd9758d0cbf285 --- .../android/net/cts/UrlQuerySanitizerTest.java | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tests/cts/net/src/android/net/cts/UrlQuerySanitizerTest.java b/tests/cts/net/src/android/net/cts/UrlQuerySanitizerTest.java index 2d615bbe86..82b3b14d34 100644 --- a/tests/cts/net/src/android/net/cts/UrlQuerySanitizerTest.java +++ b/tests/cts/net/src/android/net/cts/UrlQuerySanitizerTest.java @@ -16,14 +16,15 @@ package android.net.cts; -import java.util.List; -import java.util.Set; import android.net.UrlQuerySanitizer; import android.net.UrlQuerySanitizer.IllegalCharacterValueSanitizer; import android.net.UrlQuerySanitizer.ParameterValuePair; import android.net.UrlQuerySanitizer.ValueSanitizer; import android.test.AndroidTestCase; +import java.util.List; +import java.util.Set; + public class UrlQuerySanitizerTest extends AndroidTestCase { private static final int ALL_OK = IllegalCharacterValueSanitizer.ALL_OK; @@ -209,6 +210,17 @@ public class UrlQuerySanitizerTest extends AndroidTestCase { } + public void testScriptUrlOk_73822755() { + ValueSanitizer sanitizer = new UrlQuerySanitizer.IllegalCharacterValueSanitizer( + UrlQuerySanitizer.IllegalCharacterValueSanitizer.SCRIPT_URL_OK); + assertEquals("javascript:alert()", sanitizer.sanitize("javascript:alert()")); + } + + public void testScriptUrlBlocked_73822755() { + ValueSanitizer sanitizer = UrlQuerySanitizer.getUrlAndSpaceLegal(); + assertEquals("", sanitizer.sanitize("javascript:alert()")); + } + private static class MockValueSanitizer implements ValueSanitizer{ public String sanitize(String value) {