Preventing xss manipulation using onerror with the antiscript setting.

2025-09-15 05:19:58 +02:00 · 2021-06-27 00:24:19 +02:00
parent eef4ef54a1
commit 6b9462f606
3 changed files with 105 additions and 2 deletions
--- a/cypress/integration/other/xss.spec.js
+++ b/cypress/integration/other/xss.spec.js
@@ -63,5 +63,10 @@ describe('XSS', () => {
    cy.wait(1000);
    cy.get('#the-malware').should('not.exist');
  })
+  it('should not allow maniplulating antiscript to run javascript using onerror', () => {
+    cy.visit('http://localhost:9000/xss6.html');
+    cy.wait(1000);
+    cy.get('#the-malware').should('not.exist');
+  })

 })