kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Test for sanitizing <img> elements. Test sanitization of the <Info /> component

Browse Source
This commit is contained in:
Owen Conti
2017-10-01 13:59:28 -06:00
parent 559b315d0d
commit 5a69603beb
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
test/xss/info-sanitization.js Normal file
View File

@@ -0,0 +1,33 @@
/* eslint-env mocha */
import React from "react"
import expect from "expect"
import { render } from "enzyme"
import { fromJS } from "immutable"
import Info from "components/info"
import Markdown from "components/providers/markdown"
describe.only("<Info/> Sanitization", function(){
const dummyComponent = () => null
const components = {
Markdown
}
const props = {
getComponent: c => components[c] || dummyComponent,
info: fromJS({
title: "Test Title **strong** <script>alert(1)</script>",
description: "Description *with* <script>Markdown</script>"
}),
host: "example.test",
basePath: "/api"
}
it("renders sanitized .title content", function(){
let wrapper = render(<Info {...props}/>)
expect(wrapper.find(".title").html()).toEqual("Test Title **strong** &lt;script&gt;alert(1)&lt;/script&gt;")
})
it("renders sanitized .description content", function() {
let wrapper = render(<Info {...props}/>)
expect(wrapper.find(".description").html()).toEqual("<div class=\"markdown\"><p>Description <em>with</em> </p>\n</div>")
})
})

12
test/xss/markdown-script-sanitization.js
View File

@@ -12,6 +12,12 @@ describe.only("Markdown Script Sanitization", function() {
const el = render(<Markdown source={str} />) const el = render(<Markdown source={str} />)
expect(el.html()).toEqual(`<div class="markdown"><p>script </p>\n</div>`) expect(el.html()).toEqual(`<div class="markdown"><p>script </p>\n</div>`)
}) })
it("sanitizes <img> elements", function() {
const str = `<img src=x onerror="alert('img-in-description')">`
const el = render(<Markdown source={str} />)
expect(el.html()).toEqual(`<div class="markdown"><p><img src="x"></p>\n</div>`)
})
}) })
describe("OAS 3", function() { describe("OAS 3", function() {
@@ -20,5 +26,11 @@ describe.only("Markdown Script Sanitization", function() {
const el = render(<OAS3Markdown source={str} />) const el = render(<OAS3Markdown source={str} />)
expect(el.html()).toEqual(`<div class="renderedMarkdown"><div><p>script </p></div></div>`) expect(el.html()).toEqual(`<div class="renderedMarkdown"><div><p>script </p></div></div>`)
}) })
it("sanitizes <img> elements", function() {
const str = `<img src=x onerror="alert('img-in-description')">`
const el = render(<OAS3Markdown source={str} />)
expect(el.html()).toEqual(`<div class="renderedMarkdown"><div><img src="x"></div></div>`)
})
}) })
}) })