Merge branch 'HEAD' into 2541

2025-09-25 10:20:06 +02:00 · 2021-12-07 22:56:01 +01:00
parent f69f770043 89ce930de2
commit 831110029c
2 changed files with 6 additions and 1 deletions
--- a/cypress/integration/other/xss.spec.js
+++ b/cypress/integration/other/xss.spec.js
@@ -105,4 +105,9 @@ describe('XSS', () => {
    cy.wait(1000);
    cy.get('#the-malware').should('not.exist');
  });
+  it('should not allow maniplulating antiscript to run javascript iframes in class diagrams', () => {
+    cy.visit('http://localhost:9000/xss14.html');
+    cy.wait(1000);
+    cy.get('#the-malware').should('not.exist');
+  });
 });
--- a/cypress/platform/xss14.html
+++ b/cypress/platform/xss14.html
@@ -86,7 +86,7 @@
      var diagram = "classDiagram\n"
 diagram += "classA <-- classB : <ifr";
 diagram += "ame/srcdoc='<scr";
-diagram += "ipt>alert(`XSS`)</";
+diagram += "ipt>parent.xssAttack(`XSS`)</";
 diagram += "script>'>";

    //   var diagram = "stateDiagram-v2\n";