3e81a4f897
This update required changing the configuration and test directory structure. Some tests needed to be amended as well to compensate for new Cypress APIs.
24 lines
614 B
JavaScript
24 lines
614 B
JavaScript
describe("XSS: OAuth2 authorizationUrl sanitization", () => {
|
|
it("should filter out a javascript URL", () => {
|
|
cy.visit("/?url=/documents/security/xss-oauth2.yaml")
|
|
.window()
|
|
.then(win => {
|
|
let args = null
|
|
const stub = cy.stub(win, "open", (...callArgs) => {
|
|
args = callArgs
|
|
}).as("windowOpen")
|
|
|
|
cy.get(".authorize")
|
|
.click()
|
|
.get(".modal-btn.authorize")
|
|
.click()
|
|
.wait(100)
|
|
.then(() => {
|
|
console.log(args)
|
|
expect(args[0]).to.match(/^about:blank/)
|
|
})
|
|
|
|
})
|
|
})
|
|
})
|