mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-14 18:42:33 +03:00
Code Activity
Files
29da6b24db08ff83e7efe2aab512de3d4d8d216d
axios/test/specs/helpers/isURLSameOrigin.spec.js
T
Yasu Flores 29da6b24db Fix to prevent XSS, throw an error when the URL contains a JS script (#2464) 
* Fixes issue where XSS scripts attacks were possible via the URL

* Fix error

* Move throwing error up

* Add specs and make regex cover more xss cases
2019-10-16 07:53:10 -03:00

17 lines
633 B
JavaScript
Raw Blame History

var isURLSameOrigin = require('../../../lib/helpers/isURLSameOrigin');
describe('helpers::isURLSameOrigin', function () {
it('should detect same origin', function () {
expect(isURLSameOrigin(window.location.href)).toEqual(true);
});
it('should detect different origin', function () {
expect(isURLSameOrigin('https://github.com/axios/axios')).toEqual(false);
});
it('should detect XSS scripts on a same origin request', function () {
expect(() => { isURLSameOrigin('https://github.com/axios/axios?<script>alert("hello")</script>'); })
.toThrowError(Error, 'URL contains XSS injection attempt')
})
});
View Git Blame Copy Permalink