mirror
/
wagtail
kopia lustrzana https://github.com/wagtail/wagtail
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Messages Controller - ensure we add a unit test for XSS checks 

- Relates to  &
pull/10284/head
LB Johnston 2023-03-10 07:54:40 +10:00 zatwierdzone przez LB (Ben Johnston)
rodzic dc48dcce8a
commit 90585c9bba
1 zmienionych plików z 20 dodań i 0 usunięć
client/src/controllers

20
client/src/controllers/MessagesController.test.js
Wyświetl plik

@ -210,5 +210,25 @@ describe('MessagesController', () => {
expect(item.lastElementChild.textContent).toEqual(text);
});
it('should not allow HTML to be added unescaped to any content', () => {
document.dispatchEvent(
new CustomEvent('w-messages:add', {
detail: {
clear: true,
text: '<script>window.alert("Secure?");</script>',
type: 'error',
},
}),
);
const items = document.querySelectorAll('li');
expect(items).toHaveLength(1);
// should escape any text that is passed through
expect(items[0].outerHTML).toEqual(
'<li class="error"><strong>&lt;script&gt;window.alert("Secure?");&lt;/script&gt;</strong></li>',
);
});
});
});