mirror of
https://github.com/tenrok/axios.git
synced 2026-06-11 18:02:32 +03:00
Yasu Flores
29da6b24db
* Fixes issue where XSS scripts attacks were possible via the URL * Fix error * Move throwing error up * Add specs and make regex cover more xss cases
25 lines
1.2 KiB
JavaScript
25 lines
1.2 KiB
JavaScript
var isValidXss = require('../../../lib/helpers/isValidXss');
|
|
|
|
describe('helpers::isValidXss', function () {
|
|
it('should detect script tags', function () {
|
|
expect(isValidXss("<script/xss>alert('blah')</script/xss>")).toBe(true);
|
|
expect(isValidXss("<SCRIPT>alert('getting your password')</SCRIPT>")).toBe(true);
|
|
expect(isValidXss("<script src='http://xssinjections.com/inject.js'>xss</script>")).toBe(true);
|
|
expect(isValidXss("<img src='/' onerror='javascript:alert('xss')'>xss</script>")).toBe(true);
|
|
expect(isValidXss("<script>console.log('XSS')</script>")).toBe(true);
|
|
expect(isValidXss("onerror=alert('XSS')")).toBe(true);
|
|
expect(isValidXss("<a onclick='alert('XSS')'>Click Me</a>")).toBe(true);
|
|
});
|
|
|
|
it('should not detect non script tags', function() {
|
|
expect(isValidXss("<safe> tags")).toBe(false);
|
|
expect(isValidXss("<safetag>")).toBe(false);
|
|
expect(isValidXss(">>> safe <<<")).toBe(false);
|
|
expect(isValidXss("<<< safe >>>")).toBe(false);
|
|
expect(isValidXss("my script rules")).toBe(false);
|
|
expect(isValidXss("<a notonlistener='nomatch'>")).toBe(false);
|
|
expect(isValidXss("<h2>MyTitle</h2>")).toBe(false);
|
|
expect(isValidXss("<img src='#'/>")).toBe(false);
|
|
})
|
|
});
|