mirror of
				https://github.com/mermaid-js/mermaid.git
				synced 2025-10-25 08:54:07 +02:00 
			
		
		
		
	
		
			
				
	
	
		
			24 lines
		
	
	
		
			777 B
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
			
		
		
	
	
			24 lines
		
	
	
		
			777 B
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
| import { urlSnapshotTest, openURLAndVerifyRendering } from '../../helpers/util.ts';
 | |
| 
 | |
| describe('CSS injections', () => {
 | |
|   it('should not allow CSS injections outside of the diagram', () => {
 | |
|     urlSnapshotTest('http://localhost:9000/ghsa1.html', {
 | |
|       logLevel: 1,
 | |
|       flowchart: { htmlLabels: false },
 | |
|     });
 | |
|   });
 | |
|   it('should not allow adding styletags affecting the page', () => {
 | |
|     urlSnapshotTest('http://localhost:9000/ghsa3.html', {
 | |
|       logLevel: 1,
 | |
|       flowchart: { htmlLabels: false },
 | |
|     });
 | |
|   });
 | |
|   it('should not allow manipulating styletags using arrowheads', () => {
 | |
|     openURLAndVerifyRendering('http://localhost:9000/xss23-css.html', {
 | |
|       logLevel: 1,
 | |
|       arrowMarkerAbsolute: false,
 | |
|       flowchart: { htmlLabels: true },
 | |
|     });
 | |
|   });
 | |
| });
 | 
