kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1b2fbda64650835b234d14fc28c6c855837a668c
swagger-ui/test/xss/anchor-target-rel/markdown.js
kyle dd3afdc456 fix: anchor tag safety (via #4789) 
* v3.17.6

* release(3.17.6): rebuild dist

* add failing tests

* fix Link component

* fix OnlineValidatorBadge component

* switch from <a> to <Link> in operation components

* make Markdown inputs safe

* use Link component in Info block, for target safety

* add eslint rule for unsafe `target` usage
2018-08-04 00:54:03 -07:00

66 lines
2.3 KiB
JavaScript
Raw Blame History

/* eslint-env mocha */
import React from "react"
import expect from "expect"
import { render } from "enzyme"
import Markdown from "components/providers/markdown"
import { Markdown as OAS3Markdown } from "corePlugins/oas3/wrap-components/markdown.js"
describe("Markdown Link Anchor Safety", function () {
describe("Swagger 2.0", function () {
it("sanitizes Markdown links", function () {
const str = `Hello, [here](http://google.com/) is my link`
const wrapper = render(<Markdown source={str} />)
const anchor = wrapper.find("a")
expect(anchor.attr("href")).toEqual("http://google.com/")
expect(anchor.attr("target")).toEqual("_blank")
expect(anchor.attr("rel") || "").toInclude("noopener")
expect(anchor.attr("rel") || "").toInclude("noreferrer")
})
it("sanitizes raw HTML links", function () {
const str = `Hello, <a href="http://google.com/">here</a> is my link`
const wrapper = render(<Markdown source={str} />)
const anchor = wrapper.find("a")
expect(anchor.attr("href")).toEqual("http://google.com/")
expect(anchor.attr("rel") || "").toInclude("noopener")
expect(anchor.attr("rel") || "").toInclude("noreferrer")
})
})
describe("OAS 3", function () {
it("sanitizes Markdown links", function () {
const str = `Hello, [here](http://google.com/) is my link`
const wrapper = render(<OAS3Markdown source={str} />)
const anchor = wrapper.find("a")
expect(anchor.attr("href")).toEqual("http://google.com/")
expect(anchor.attr("target")).toEqual("_blank")
expect(anchor.attr("rel") || "").toInclude("noopener")
expect(anchor.attr("rel") || "").toInclude("noreferrer")
})
it("sanitizes raw HTML links", function () {
const str = `Hello, <a href="http://google.com/">here</a> is my link`
const wrapper = render(<OAS3Markdown source={str} />)
const anchor = wrapper.find("a")
expect(anchor.attr("href")).toEqual("http://google.com/")
expect(anchor.attr("rel") || "").toInclude("noopener")
expect(anchor.attr("rel") || "").toInclude("noreferrer")
})
})
})
function withMarkdownWrapper(str, { isOAS3 = false } = {}) {
if(isOAS3) {
return `<div class="renderedMarkdown"><p>${str}</p></div>`
}
return `<div class="markdown"><p>${str}</p>\n</div>`
}
Reference in New Issue View Git Blame Copy Permalink