test: Verify label is sanitized

Co-authored-by: Chris Grieger <chris@scolp.de>
2025-10-31 10:54:15 +01:00 · 2025-08-08 12:55:18 +05:30
parent e539909e87
commit 096fbe933e
1 changed files with 11 additions and 0 deletions
--- a/cypress/integration/other/xss.spec.js
+++ b/cypress/integration/other/xss.spec.js
@@ -152,4 +152,15 @@ describe('XSS', () => {
    cy.wait(1000);
    cy.get('#the-malware').should('not.exist');
  });
+
+  it('should sanitize labels', () => {
+    const str = JSON.stringify({
+      code: `erDiagram
+    "<img src=x onerror=xssAttack()>" ||--|| ENTITY2 : "<img src=x onerror=xssAttack()>"
+    `,
+    });
+    imgSnapshotTest(utf8ToB64(str), {}, true);
+    cy.wait(1000);
+    cy.get('#the-malware').should('not.exist');
+  });
 });