marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-16 13:59:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'release/9.1.3' into 3061_refactoring_and_modularisation

Browse Source
This commit is contained in:
ashishj
2022-06-28 20:12:03 +02:00
parent 8484d55a6a 1509ee68be
commit 1dfddfde54
86 changed files with 2197 additions and 296 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cypress/e2e/other/configuration.spec.js
View File

@@ -41,7 +41,7 @@ describe('Configuration', () => {
.should('exist')
.and('include', 'url(#');
});
it('should handle arrowMarkerAbsolute excplicitly set to false', () => {
it('should handle arrowMarkerAbsolute explicitly set to false', () => {
renderGraph(
`graph TD
A[Christmas] -->|Get money| B(Go shopping)
@@ -63,7 +63,7 @@ describe('Configuration', () => {
.should('exist')
.and('include', 'url(#');
});
it('should handle arrowMarkerAbsolute excplicitly set to "false" as false', () => {
it('should handle arrowMarkerAbsolute explicitly set to "false" as false', () => {
renderGraph(
`graph TD
A[Christmas] -->|Get money| B(Go shopping)

10
cypress/e2e/other/ghsa.spec.js Normal file
View File

@@ -0,0 +1,10 @@
import { urlSnapshotTest } from '../../helpers/util';
describe('CSS injections', () => {
it('should not allow CSS injections outside of the diagram', () => {
urlSnapshotTest('http://localhost:9000/ghsa1.html', {
logLevel: 1,
flowchart: { htmlLabels: false },
});
});
});

2
cypress/e2e/other/rerender.spec.js
View File

@@ -1,5 +1,5 @@
describe('Rerendering', () => {
it('should be able to render after an error has occured', () => {
it('should be able to render after an error has occurred', () => {
const url = 'http://localhost:9000/render-after-error.html';
cy.viewport(1440, 1024);
cy.visit(url);

20
cypress/e2e/other/xss.spec.js
View File

@@ -60,52 +60,52 @@ describe('XSS', () => {
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating htmlLabels into a false positive', () => {
it('should not allow manipulating htmlLabels into a false positive', () => {
cy.visit('http://localhost:9000/xss4.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating antiscript to run javascript', () => {
it('should not allow manipulating antiscript to run javascript', () => {
cy.visit('http://localhost:9000/xss5.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating antiscript to run javascript using onerror', () => {
it('should not allow manipulating antiscript to run javascript using onerror', () => {
cy.visit('http://localhost:9000/xss6.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating antiscript to run javascript using onerror in state diagrams with dagre wrapper', () => {
it('should not allow manipulating antiscript to run javascript using onerror in state diagrams with dagre wrapper', () => {
cy.visit('http://localhost:9000/xss8.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
it('should not allow manipulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
cy.visit('http://localhost:9000/xss9.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
it('should not allow manipulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
cy.visit('http://localhost:9000/xss10.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
it('should not allow manipulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
cy.visit('http://localhost:9000/xss11.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
it('should not allow manipulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
cy.visit('http://localhost:9000/xss12.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
it('should not allow manipulating antiscript to run javascript using onerror in state diagrams with dagre d3', () => {
cy.visit('http://localhost:9000/xss13.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
it('should not allow maniplulating antiscript to run javascript iframes in class diagrams', () => {
it('should not allow manipulating antiscript to run javascript iframes in class diagrams', () => {
cy.visit('http://localhost:9000/xss14.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');

8
cypress/e2e/rendering/classDiagram-v2.spec.js
View File

@@ -381,7 +381,7 @@ describe('Class diagram V2', () => {
cy.get('svg');
});
it('16b: should handle the direction statemnent with TB', () => {
it('16b: should handle the direction statement with TB', () => {
imgSnapshotTest(
`
classDiagram
@@ -406,7 +406,7 @@ describe('Class diagram V2', () => {
cy.get('svg');
});
it('18: should handle the direction statemnent with LR', () => {
it('18: should handle the direction statement with LR', () => {
imgSnapshotTest(
`
classDiagram
@@ -430,7 +430,7 @@ describe('Class diagram V2', () => {
);
cy.get('svg');
});
it('17a: should handle the direction statemnent with BT', () => {
it('17a: should handle the direction statement with BT', () => {
imgSnapshotTest(
`
classDiagram
@@ -454,7 +454,7 @@ describe('Class diagram V2', () => {
);
cy.get('svg');
});
it('17b: should handle the direction statemment with RL', () => {
it('17b: should handle the direction statement with RL', () => {
imgSnapshotTest(
`
classDiagram

4
cypress/e2e/rendering/conf-and-directives.spec.js
View File

@@ -16,7 +16,7 @@ describe('Configuration and directives - nodes should be light blue', () => {
);
cy.get('svg');
});
it('Settigns from intitialize - nodes should be green', () => {
it('Settings from initialize - nodes should be green', () => {
imgSnapshotTest(
`
graph TD
@@ -30,7 +30,7 @@ graph TD
);
cy.get('svg');
});
it('Settings from initialize overriding themeVariable - nodes shold be red', () => {
it('Settings from initialize overriding themeVariable - nodes should be red', () => {
imgSnapshotTest(
`

28
cypress/e2e/rendering/sequencediagram.spec.js
View File

@@ -76,7 +76,7 @@ context('Sequence diagram', () => {
imgSnapshotTest(
`
sequenceDiagram
Alice->>Bob: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Alice->>Bob: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
loop Loopy
Bob->>Alice: Pasten
end `,
@@ -143,7 +143,7 @@ context('Sequence diagram', () => {
imgSnapshotTest(
`
sequenceDiagram
participant A as Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
participant A as Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
A->>Bob: Hola
Bob-->A: Pasten !
`,
@@ -154,7 +154,7 @@ context('Sequence diagram', () => {
imgSnapshotTest(
`
sequenceDiagram
participant A as wrap:Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
participant A as wrap:Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
A->>Bob: Hola
Bob-->A: Pasten !
`,
@@ -166,7 +166,7 @@ context('Sequence diagram', () => {
`
%%{init: {'config': {'wrap': true }}}%%
sequenceDiagram
participant A as Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
participant A as Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
A->>Bob: Hola
Bob-->A: Pasten !
`,
@@ -190,7 +190,7 @@ context('Sequence diagram', () => {
`
sequenceDiagram
Alice->>Bob: Hola
Note left of Alice: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Note left of Alice: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
Bob->>Alice: I'm short though
`,
{}
@@ -201,7 +201,7 @@ context('Sequence diagram', () => {
`
sequenceDiagram
Alice->>Bob: Hola
Note left of Alice:wrap: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Note left of Alice:wrap: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
Bob->>Alice: I'm short though
`,
{}
@@ -212,7 +212,7 @@ context('Sequence diagram', () => {
`
sequenceDiagram
Alice->>Bob: Hola
Note right of Alice: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Note right of Alice: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
Bob->>Alice: I'm short though
`,
{}
@@ -223,7 +223,7 @@ context('Sequence diagram', () => {
`
sequenceDiagram
Alice->>Bob: Hola
Note right of Alice:wrap: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Note right of Alice:wrap: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
Bob->>Alice: I'm short though
`,
{}
@@ -234,7 +234,7 @@ context('Sequence diagram', () => {
`
sequenceDiagram
Alice->>Bob: Hola
Note over Alice: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Note over Alice: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
Bob->>Alice: I'm short though
`,
{}
@@ -245,7 +245,7 @@ context('Sequence diagram', () => {
`
sequenceDiagram
Alice->>Bob: Hola
Note over Alice:wrap: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Note over Alice:wrap: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
Bob->>Alice: I'm short though
`,
{}
@@ -255,7 +255,7 @@ context('Sequence diagram', () => {
imgSnapshotTest(
`
sequenceDiagram
Alice->>Bob: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Alice->>Bob: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
Bob->>Alice: I'm short though
`,
{}
@@ -265,7 +265,7 @@ context('Sequence diagram', () => {
imgSnapshotTest(
`
sequenceDiagram
Alice->>Bob:wrap:Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Alice->>Bob:wrap:Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
Bob->>Alice: I'm short though
`,
{}
@@ -276,7 +276,7 @@ context('Sequence diagram', () => {
`
sequenceDiagram
Alice->>Bob: I'm short
Bob->>Alice: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Bob->>Alice: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
`,
{}
);
@@ -286,7 +286,7 @@ context('Sequence diagram', () => {
`
sequenceDiagram
Alice->>Bob: I'm short
Bob->>Alice:wrap: Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Bob->>Alice:wrap: Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
`,
{}
);

50
cypress/helpers/util.js
View File

@@ -70,6 +70,56 @@ export const imgSnapshotTest = (graphStr, _options, api = false, validation) =>
}
};
export const urlSnapshotTest = (url, _options, api = false, validation) => {
cy.log(_options);
const options = Object.assign(_options);
if (!options.fontFamily) {
options.fontFamily = 'courier';
}
if (!options.sequence) {
options.sequence = {};
}
if (!options.sequence || (options.sequence && !options.sequence.actorFontFamily)) {
options.sequence.actorFontFamily = 'courier';
}
if (options.sequence && !options.sequence.noteFontFamily) {
options.sequence.noteFontFamily = 'courier';
}
options.sequence.actorFontFamily = 'courier';
options.sequence.noteFontFamily = 'courier';
options.sequence.messageFontFamily = 'courier';
if (options.sequence && !options.sequence.actorFontFamily) {
options.sequence.actorFontFamily = 'courier';
}
if (!options.fontSize) {
options.fontSize = '16px';
}
const useAppli = Cypress.env('useAppli');
const branch = Cypress.env('codeBranch');
cy.log('Hello ' + useAppli ? 'Appli' : 'image-snapshot');
const name = (options.name || cy.state('runnable').fullTitle()).replace(/\s+/g, '-');
if (useAppli) {
cy.eyesOpen({
appName: 'Mermaid-' + branch,
testName: name,
batchName: branch,
});
}
cy.visit(url);
if (validation) cy.get('svg').should(validation);
cy.get('body');
// Default name to test title
if (useAppli) {
cy.eyesCheckWindow('Click!');
cy.eyesClose();
} else {
cy.matchImageSnapshot(name);
}
};
export const renderGraph = (graphStr, options, api) => {
const url = mermaidUrl(graphStr, options, api);

2
cypress/platform/current2.html
View File

@@ -35,7 +35,7 @@ flowchart BT
</div>
<div class="mermaid2" style="width: 50%; height: 200px;">
sequenceDiagram
Alice->>Bob:Extremely utterly long line of longness which had preivously overflown the actor box as it is much longer than what it should be
Alice->>Bob:Extremely utterly long line of longness which had previously overflown the actor box as it is much longer than what it should be
Bob->>Alice: I'm short though
</div>
<div class="mermaid2" style="width: 50%; height: 200px;">

2
cypress/platform/exploit.js
View File

@@ -3,4 +3,4 @@ div.id = 'the-malware';
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
parent.document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');

28
cypress/platform/ghsa1.html Normal file
View File

@@ -0,0 +1,28 @@
<html>
<script>
// %%{ init: { "logLevel":0, "themeVariables" : { "primaryColor": "#fff000","textColor": "green","apa":"} #target { background-color: crimson }" } } }%%
</script>
<body>
<div id="target">
<h1>This element does not belong to the SVG but we can style it</h1>
</div>
<svg id="diagram">
</svg>
<script src="./mermaid.js"></script>
<script>
mermaid.initialize({ startOnLoad: false, logLevel: 0 });
const graph = `
%%{ init: { "themeVariables" : { "textColor": "green;} #target { background-color: crimson }", "mainBkg": "#fff000" } } }%%
graph TD
A[Goose]
`;
const diagram = document.getElementById('diagram');
const svg = mermaid.render('diagram-svg', graph);
diagram.innerHTML = svg;
</script>
</body>
</html>

28
cypress/platform/ghsa2.html Normal file
View File

@@ -0,0 +1,28 @@
<html>
<script>
// %%{ init: { "logLevel":0, "themeVariables" : { "primaryColor": "#fff000","textColor": "green","apa":"} #target { background-color: crimson }" } } }%%
</script>
<body>
<div id="target">
<h1>This element does not belong to the SVG but we can style it</h1>
</div>
<svg id="diagram">
</svg>
<script src="./mermaid.js"></script>
<script>
mermaid.initialize({ startOnLoad: false, logLevel: 0 });
const graph = `
%%{ init: { "fontFamily" : "&125; * { background: red }" } }%%
graph TD
A[Goose]
`;
const diagram = document.getElementById('diagram');
const svg = mermaid.render('diagram-svg', graph);
diagram.innerHTML = svg;
</script>
</body>
</html>

2
cypress/platform/xss.html
View File

@@ -31,7 +31,7 @@
document.getElementsByTagName('body')[0].appendChild(div);
// const el = document.querySelector('.mermaid');
// el.parentNode.removeChild(el);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
</script>
</head>

3
cypress/platform/xss10.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'classDiagram\n';
@@ -105,4 +105,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss11.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'stateDiagram-v2\n';
@@ -103,4 +103,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss12.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'stateDiagram-v2\n';
@@ -103,4 +103,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss13.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'stateDiagram-v2\n';
@@ -103,4 +103,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss14.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'classDiagram\n';
@@ -105,4 +105,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss15.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = `sequenceDiagram
@@ -104,4 +104,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss16.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = `sequenceDiagram
@@ -103,4 +103,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss17.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = `sequenceDiagram
@@ -103,4 +103,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss18.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = `classDiagram
@@ -102,4 +102,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss19.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = `classDiagram
@@ -104,4 +104,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

2
cypress/platform/xss2.html
View File

@@ -28,7 +28,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
</script>
</head>

3
cypress/platform/xss20.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
// var diagram = ` graph TD
@@ -102,4 +102,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss21.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
// var diagram = ` graph TD
@@ -102,4 +102,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

2
cypress/platform/xss3.html
View File

@@ -28,7 +28,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
</script>
</head>

3
cypress/platform/xss5.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'graph LR\n';
diagram += 'B-->D("<img onerror=location=`java';
@@ -100,4 +100,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss6.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'graph LR\n';
diagram += 'A(<img/src/onerror=xssAttack`1`>)';
@@ -98,4 +98,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss7.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'graph LR\n';
diagram += " B(<a href='<";
@@ -100,4 +100,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss8.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'stateDiagram-v2\n';
@@ -99,4 +99,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>

3
cypress/platform/xss9.html
View File

@@ -84,7 +84,7 @@
div.className = 'malware';
div.innerHTML = 'XSS Succeeded';
document.getElementsByTagName('body')[0].appendChild(div);
throw new Error('XSS Succeded');
throw new Error('XSS Succeeded');
}
var diagram = 'stateDiagram-v2\n';
@@ -99,4 +99,3 @@ mermaid.render('diagram', diagram, (res) => {
</script>
</body>
</html>