mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-11 18:02:32 +03:00
Code Activity
Files
a17c70cb5ae4acd7aa307b7f7dc869953dea22c4
axios/test/specs/helpers/isValidXss.spec.js
T
Yasu Flores 841466416b Fix XSS logic that matched some valid urls (#2529) 
* Fix XSS logic that matched some valid urls, e.g. "/one/?foo=bar", when it shouldn't match those
2019-11-07 18:39:24 -08:00

26 lines
1.3 KiB
JavaScript
Raw Blame History

var isValidXss = require('../../../lib/helpers/isValidXss');
describe('helpers::isValidXss', function () {
it('should detect script tags', function () {
expect(isValidXss("<script/xss>alert('blah')</script/xss>")).toBe(true);
expect(isValidXss("<SCRIPT>alert('getting your password')</SCRIPT>")).toBe(true);
expect(isValidXss("<script src='http://xssinjections.com/inject.js'>xss</script>")).toBe(true);
expect(isValidXss("<img src='/' onerror='javascript:alert('xss')'>xss</script>")).toBe(true);
expect(isValidXss("<script>console.log('XSS')</script>")).toBe(true);
expect(isValidXss("onerror=alert('XSS')")).toBe(true);
expect(isValidXss("<a onclick='alert('XSS')'>Click Me</a>")).toBe(true);
});
it('should not detect non script tags', function() {
expect(isValidXss("/one/?foo=bar")).toBe(false);
expect(isValidXss("<safe> tags")).toBe(false);
expect(isValidXss("<safetag>")).toBe(false);
expect(isValidXss(">>> safe <<<")).toBe(false);
expect(isValidXss("<<< safe >>>")).toBe(false);
expect(isValidXss("my script rules")).toBe(false);
expect(isValidXss("<a notonlistener='nomatch'>")).toBe(false);
expect(isValidXss("<h2>MyTitle</h2>")).toBe(false);
expect(isValidXss("<img src='#'/>")).toBe(false);
})
});
View Git Blame Copy Permalink