marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-24 01:39:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

e2e test for stricter security in mermaid

Browse Source
This commit is contained in:
Knut Sveidqvist
2019-07-14 02:05:59 -07:00
parent 31576f8f55
commit 5abedab095
11 changed files with 220 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
e2e/spec/__image_snapshots__/__diff_output__/xss-spec-js-sequencediagram-should-render-a-simple-sequence-diagrams-1-diff.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-line-breaks-1-snap.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 22 KiB

BIN
e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-trapezoid-and-inverse-trapezoid-vertex-options-1-snap.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 24 KiB

After

Width:  |  Height:  |  Size: 24 KiB

BIN
e2e/spec/__image_snapshots__/xss-spec-js-sequencediagram-should-render-a-simple-sequence-diagrams-1-snap.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
e2e/spec/__image_snapshots__/xss-spec-js-xss-should-handle-xss-in-tags-1-snap.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

15
e2e/spec/xss.spec.js Normal file
View File

@@ -0,0 +1,15 @@
/* eslint-env jest */
import { imgSnapshotTest } from '../helpers/util.js'
const { toMatchImageSnapshot } = require('jest-image-snapshot')
expect.extend({ toMatchImageSnapshot })
/* eslint-disable */
describe('XSS', () => {
it('should handle xss in tags', async () => {
// const str = 'graph LR;\nB-->D(<img onerror=location=`javascript\u003aalert\u0028document.domain\u0029` src=x>);'
const str = 'eyJjb2RlIjoiXG5ncmFwaCBMUlxuICAgICAgQi0tPkQoPGltZyBvbmVycm9yPWxvY2F0aW9uPWBqYXZhc2NyaXB0XFx1MDAzYXhzc0F0dGFja1xcdTAwMjhkb2N1bWVudC5kb21haW5cXHUwMDI5YCBzcmM9eD4pOyIsIm1lcm1haWQiOnsidGhlbWUiOiJkZWZhdWx0In19';
await imgSnapshotTest(page, str,
{}, true)
})
})