Index: openacs-4/packages/acs-tcl/tcl/test/text-html-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/test/text-html-procs.tcl,v
diff -u -r1.11.2.10 -r1.11.2.11
--- openacs-4/packages/acs-tcl/tcl/test/text-html-procs.tcl	24 Oct 2023 09:25:20 -0000	1.11.2.10
+++ openacs-4/packages/acs-tcl/tcl/test/text-html-procs.tcl	16 Feb 2024 11:36:46 -0000	1.11.2.11
@@ -722,6 +722,20 @@
     aa_true "$msg with validate?" $valid_p
     aa_false $msg? [regexp {<([a-z]\w*)\s+[^>]*(href|src|content|action)="(http|https|//):.*"[^>]*>} $result]
 
+    #
+    # Replicate XSS detected by penetration tool in 2024
+    #
+    set content {<A HreF= javascript&colon;uHXK(9814)>}
+    set outcome false
+    aa_false "Injecting via quoting the colon character fails" \
+        [ad_dom_sanitize_html \
+             -allowed_tags * \
+             -allowed_attributes * \
+             -allowed_protocols * \
+             -html $content \
+             -no_js \
+             -validate]
+
 }
 
 aa_register_case \