mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-14 18:42:33 +03:00
Code Activity

Remove unnecessary XSS check introduced by #2451 (#2679)

Browse Source 
* Remove unnecessary XSS check introduced by #2451

* Remove test file of `isValidXss`
This commit is contained in:
Xianming Zhong
2020-01-21 00:20:33 +08:00
committed by Emily Morehouse
parent 351cf290f0
commit c7488c7dd5
4 changed files with 0 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/specs/helpers/isURLSameOrigin.spec.js
-6
View File
@@ -8,10 +8,4 @@ describe('helpers::isURLSameOrigin', function () {
it('should detect different origin', function () {
expect(isURLSameOrigin('https://github.com/axios/axios')).toEqual(false);
});
it('should detect XSS scripts on a same origin request', function () {
expect(function() {
isURLSameOrigin('https://github.com/axios/axios?<script>alert("hello")</script>');
}).toThrowError(Error, 'URL contains XSS injection attempt')
});
});
test/specs/helpers/isValidXss.spec.js
-25
View File
@@ -1,25 +0,0 @@
var isValidXss = require('../../../lib/helpers/isValidXss');
describe('helpers::isValidXss', function () {
it('should detect script tags', function () {
expect(isValidXss("<script/xss>alert('blah')</script/xss>")).toBe(true);
expect(isValidXss("<SCRIPT>alert('getting your password')</SCRIPT>")).toBe(true);
expect(isValidXss("<script src='http://xssinjections.com/inject.js'>xss</script>")).toBe(true);
expect(isValidXss("<img src='/' onerror='javascript:alert('xss')'>xss</script>")).toBe(true);
expect(isValidXss("<script>console.log('XSS')</script>")).toBe(true);
expect(isValidXss("onerror=alert('XSS')")).toBe(true);
expect(isValidXss("<a onclick='alert('XSS')'>Click Me</a>")).toBe(true);
});
it('should not detect non script tags', function() {
expect(isValidXss("/one/?foo=bar")).toBe(false);
expect(isValidXss("<safe> tags")).toBe(false);
expect(isValidXss("<safetag>")).toBe(false);
expect(isValidXss(">>> safe <<<")).toBe(false);
expect(isValidXss("<<< safe >>>")).toBe(false);
expect(isValidXss("my script rules")).toBe(false);
expect(isValidXss("<a notonlistener='nomatch'>")).toBe(false);
expect(isValidXss("<h2>MyTitle</h2>")).toBe(false);
expect(isValidXss("<img src='#'/>")).toBe(false);
})
});