Task #4: Incorrect Result (2) #4
Description
$html="<div><P align='left' onclick='alert(1)'>sample <b><i>text</i></b><script>alert(2);</script></p></div>";
$allowed=array('b', 'p' => array('align'));
print sanitize($html,$allowed)."\n";
Expected: <p align="left">sample <b>text</b></p>
Actual:
PHP Fatal error: Call to a member function asXML() on a non-object in /home/vladimir/work/github/MarcGoldmanTests/tests.php on line 121
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
// BTW, this approach will NOT help is case of attack such as:
//<img src="javascript:alert('Vulnerable');" />
I did not want to complicate the task :-)