From 096fbe933e555dacb8c0f0173e419bde95052691 Mon Sep 17 00:00:00 2001
From: Sidharth Vinod <sidharthv96@gmail.com>
Date: Fri, 8 Aug 2025 12:55:18 +0530
Subject: [PATCH] test: Verify label is sanitized

Co-authored-by: Chris Grieger <chris@scolp.de>
---
 cypress/integration/other/xss.spec.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/cypress/integration/other/xss.spec.js b/cypress/integration/other/xss.spec.js
index 7e286876b..603e75f5d 100644
--- a/cypress/integration/other/xss.spec.js
+++ b/cypress/integration/other/xss.spec.js
@@ -152,4 +152,15 @@ describe('XSS', () => {
     cy.wait(1000);
     cy.get('#the-malware').should('not.exist');
   });
+
+  it('should sanitize labels', () => {
+    const str = JSON.stringify({
+      code: `erDiagram
+    "<img src=x onerror=xssAttack()>" ||--|| ENTITY2 : "<img src=x onerror=xssAttack()>"
+    `,
+    });
+    imgSnapshotTest(utf8ToB64(str), {}, true);
+    cy.wait(1000);
+    cy.get('#the-malware').should('not.exist');
+  });
 });