kyy
f464ba2d31
Some checks failed
Node.js CI / build (push) Failing after 2s
Node.js CI / e2e-tests (+(a11y|security|bugs)/**/*cy.js) (push) Failing after 2s
Node.js CI / e2e-tests (features/**/!(o|d|m)*.cy.js) (push) Failing after 2s
Node.js CI / e2e-tests (features/**/+(o|d)*.cy.js) (push) Failing after 2s
Node.js CI / e2e-tests (features/**/m*.cy.js) (push) Failing after 2s
CodeQL / Analyze (javascript) (push) Failing after 2m49s
Security scan for docker image / build (push) Failing after 42s
24 lines
600 B
JavaScript
Executable File
24 lines
600 B
JavaScript
Executable File
describe("XSS: OAuth2 authorizationUrl sanitization", () => {
|
|
it("should filter out a javascript URL", () => {
|
|
cy.visit("/?url=/documents/security/xss-oauth2.yaml")
|
|
.window()
|
|
.then(win => {
|
|
let args = null
|
|
cy.stub(win, "open", (...callArgs) => {
|
|
args = callArgs
|
|
}).as("windowOpen")
|
|
|
|
cy.get(".authorize")
|
|
.click()
|
|
.get(".modal-btn.authorize")
|
|
.click()
|
|
.wait(100)
|
|
.then(() => {
|
|
console.log(args)
|
|
expect(args[0]).to.match(/^about:blank/)
|
|
})
|
|
|
|
})
|
|
})
|
|
})
|