marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-08-29 05:06:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

test: Architecture XSS

Browse Source
This commit is contained in:
Sidharth Vinod
2025-08-05 22:30:45 +05:30
parent 8090580c67
commit 526b35c602
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cypress/helpers/util.ts
View File

@@ -14,7 +14,7 @@ interface CodeObject {
mermaid: CypressMermaidConfig; mermaid: CypressMermaidConfig;
} }
const utf8ToB64 = (str: string): string => { export const utf8ToB64 = (str: string): string => {
return Buffer.from(decodeURIComponent(encodeURIComponent(str))).toString('base64'); return Buffer.from(decodeURIComponent(encodeURIComponent(str))).toString('base64');
}; };

13
cypress/integration/other/xss.spec.js
View File

@@ -1,4 +1,4 @@
import { mermaidUrl } from '../../helpers/util.ts'; import { imgSnapshotTest, mermaidUrl, utf8ToB64 } from '../../helpers/util.ts';
describe('XSS', () => { describe('XSS', () => {
it('should handle xss in tags', () => { it('should handle xss in tags', () => {
const str = const str =
@@ -141,4 +141,15 @@ describe('XSS', () => {
cy.wait(1000); cy.wait(1000);
cy.get('#the-malware').should('not.exist'); cy.get('#the-malware').should('not.exist');
}); });
it('should sanitize icon labels in architecture diagrams', () => {
const str = JSON.stringify({
code: `architecture-beta
group api(cloud)[API]
service db "<img src=x onerror=\\"xssAttack()\\">" [Database] in api`,
});
imgSnapshotTest(utf8ToB64(str), {}, true);
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
}); });