marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-23 17:29:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Adding integration test

Browse Source
This commit is contained in:
Knut Sveidqvist
2021-12-07 22:54:28 +01:00
parent f69f770043
commit 89ce930de2
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cypress/integration/other/xss.spec.js
View File

@@ -105,4 +105,9 @@ describe('XSS', () => {
cy.wait(1000); cy.wait(1000);
cy.get('#the-malware').should('not.exist'); cy.get('#the-malware').should('not.exist');
}); });
it('should not allow maniplulating antiscript to run javascript iframes in class diagrams', () => {
cy.visit('http://localhost:9000/xss14.html');
cy.wait(1000);
cy.get('#the-malware').should('not.exist');
});
}); });

2
cypress/platform/xss14.html
View File

@@ -86,7 +86,7 @@
var diagram = "classDiagram\n" var diagram = "classDiagram\n"
diagram += "classA <-- classB : <ifr"; diagram += "classA <-- classB : <ifr";
diagram += "ame/srcdoc='<scr"; diagram += "ame/srcdoc='<scr";
diagram += "ipt>alert(`XSS`)</"; diagram += "ipt>parent.xssAttack(`XSS`)</";
diagram += "script>'>"; diagram += "script>'>";
// var diagram = "stateDiagram-v2\n"; // var diagram = "stateDiagram-v2\n";