marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-08-15 14:29:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

#903 Allowing >,< and = characters in svg. Updating xss tests to handle both htmlLabels and non htmlLabels

Browse Source
This commit is contained in:
Knut Sveidqvist
2019-12-07 12:19:45 +01:00
parent 9fe0aa0604
commit c2e5e94b37
6 changed files with 34 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
cypress/integration/other/xss.spec.js
View File

@@ -9,8 +9,27 @@ describe('XSS', () => {
const url = mermaidUrl(str,{}, true);
cy.visit(url);
cy.wait(1000).then(()=>{
cy.get('.mermaid').should('exist');
});
cy.get('svg')
cy.percySnapshot()
// cy.percySnapshot()
})
it('should handle xss in tags in non-html mode', () => {
const str = 'eyJjb2RlIjoiXG5ncmFwaCBMUlxuICAgICAgQi0tPkQoPGltZyBvbmVycm9yPWxvY2F0aW9uPWBqYXZhc2NyaXB0XFx1MDAzYXhzc0F0dGFja1xcdTAwMjhkb2N1bWVudC5kb21haW5cXHUwMDI5YCBzcmM9eD4pOyIsIm1lcm1haWQiOnsidGhlbWUiOiJkZWZhdWx0IiwiZmxvd2NoYXJ0Ijp7Imh0bWxMYWJlbHMiOmZhbHNlfX19';
const url = mermaidUrl(str,{
"theme": "default",
"flowchart": {
"htmlMode": false
}
}, true);
cy.visit(url);
// cy.get('svg')
// cy.percySnapshot()
cy.get('.malware').should('not.exist');
})
})