5f6ec8ce1d
* `test/e2e-cypress/tests/features/xss/` -> `test/e2e-cypress/tests/security` * add tests * filter <style> tags out of Markdown fields * initialize OAuth inputs without applying `value` attribute
24 lines
614 B
JavaScript
24 lines
614 B
JavaScript
describe("XSS: OAuth2 authorizationUrl sanitization", () => {
|
|
it("should filter out a javascript URL", () => {
|
|
cy.visit("/?url=/documents/security/xss-oauth2.yaml")
|
|
.window()
|
|
.then(win => {
|
|
let args = null
|
|
const stub = cy.stub(win, "open", (...callArgs) => {
|
|
args = callArgs
|
|
}).as("windowOpen")
|
|
|
|
cy.get(".authorize")
|
|
.click()
|
|
.get(".modal-btn.authorize")
|
|
.click()
|
|
.wait(100)
|
|
.then(() => {
|
|
console.log(args)
|
|
expect(args[0]).to.match(/^about:blank/)
|
|
})
|
|
|
|
})
|
|
})
|
|
})
|