kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1e184e8e218676278c83e60a45846c199ce3d15e
swagger-ui/test/e2e-cypress/tests/features/xss/oauth2.js
kyle 1e184e8e21 fix: sanitize URLs used for OAuth auth flow (via #5190) 
* fix: sanitize URLs used for OAuth auth flow

* embetter test case

* fix linter issue
2019-02-23 14:14:30 -08:00

24 lines
605 B
JavaScript
Raw Blame History

describe("XSS: OAuth2 authorizationUrl sanitization", () => {
it("should filter out a javascript URL", () => {
cy.visit("/?url=/documents/xss/oauth2.yaml")
.window()
.then(win => {
let args = null
const stub = cy.stub(win, "open", (...callArgs) => {
args = callArgs
}).as("windowOpen")
cy.get(".authorize")
.click()
.get(".modal-btn.authorize")
.click()
.wait(100)
.then(() => {
console.log(args)
expect(args[0]).to.match(/^about:blank/)
})
})
})
})
Reference in New Issue View Git Blame Copy Permalink