Skip to content

Commit f6a5c67

Browse files
etpinardetpinard
committed
test: add tests for XSS attack in text href
1 parent d58d3be commit f6a5c67

File tree

1 file changed

+15
-0
lines changed

1 file changed

+15
-0
lines changed

test/jasmine/tests/svg_text_utils_test.js

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,21 @@ describe('svg+text utils', function() {
105105
assertAnchorLink(node, 'mailto:support@plot.ly');
106106
});
107107

108+
it('wrap XSS attacks in href', function() {
109+
var textCases = [
110+
'<a href="XSS\" onmouseover=&quot;alert(1)\" style=&quot;font-size:300px">Subtitle</a>',
111+
'<a href="XSS&quot; onmouseover=&quot;alert(1)&quot; style=&quot;font-size:300px">Subtitle</a>'
112+
];
113+
114+
textCases.forEach(function(textCase) {
115+
var node = mockTextSVGElement(textCase);
116+
117+
expect(node.text()).toEqual('Subtitle');
118+
assertAnchorAttrs(node);
119+
assertAnchorLink(node, 'XSS onmouseover=alert(1) style=font-size:300px');
120+
});
121+
});
122+
108123
it('should keep query parameters in href', function() {
109124
var textCases = [
110125
'<a href="https://abc.com/myFeature.jsp?name=abc&pwd=def">abc.com?shared-key</a>',

0 commit comments

Comments
 (0)