Skip to content

Commit 58a8e87

Browse files
mgolmgol
committed
Tests: Add tests for recently fixed manipulation XSS issues
Closes gh-4685 Ref gh-4642 Ref gh-4647 (cherry picked from commit dc06d68)
1 parent c1c0598 commit 58a8e87

File tree

1 file changed

+49
-0
lines changed

1 file changed

+49
-0
lines changed

test/unit/manipulation.js

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2957,3 +2957,52 @@ testIframe(
29572957
// script-src restrictions completely.
29582958
QUnit[ /\bedge\/|iphone os [789]|android 4\./i.test( navigator.userAgent ) ? "skip" : "test" ]
29592959
);
2960+
2961+
QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) {
2962+
2963+
var container,
2964+
counter = 0,
2965+
assertCount = 13,
2966+
done = assert.async( assertCount );
2967+
2968+
assert.expect( assertCount );
2969+
2970+
Globals.register( "xss" );
2971+
window.xss = sinon.spy();
2972+
2973+
container = jQuery( "<div></div>" );
2974+
container.appendTo( "#qunit-fixture" );
2975+
2976+
function test( htmlString ) {
2977+
var currCounter = counter,
2978+
div = jQuery( "<div></div>" );
2979+
2980+
counter++;
2981+
2982+
div.appendTo( container );
2983+
div.html( htmlString );
2984+
2985+
setTimeout( function() {
2986+
assert.ok( window.xss.withArgs( currCounter ).notCalled,
2987+
"Insecure code wasn't executed, input: " + htmlString );
2988+
done();
2989+
}, 1000 );
2990+
}
2991+
2992+
// Note: below test cases need to invoke the xss function with consecutive
2993+
// decimal parameters for the assertion messages to be correct.
2994+
// Thanks to Masato Kinugawa from Cure53 for providing the following test cases.
2995+
test( "<img alt=\"<x\" title=\"/><img src=url404 onerror=xss(0)>\">" );
2996+
test( "<img alt=\"\n<x\" title=\"/>\n<img src=url404 onerror=xss(1)>\">" );
2997+
test( "<style><style/><img src=url404 onerror=xss(2)>" );
2998+
test( "<xmp><xmp/><img src=url404 onerror=xss(3)>" );
2999+
test( "<title><title /><img src=url404 onerror=xss(4)>" );
3000+
test( "<iframe><iframe/><img src=url404 onerror=xss(5)>" );
3001+
test( "<noframes><noframes/><img src=url404 onerror=xss(6)>" );
3002+
test( "<noembed><noembed/><img src=url404 onerror=xss(7)>" );
3003+
test( "<noscript><noscript/><img src=url404 onerror=xss(8)>" );
3004+
test( "<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(9)>\">" );
3005+
test( "<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(10)>\">" );
3006+
test( "<noscript/><img src=url404 onerror=xss(11)>" );
3007+
test( "<option><style></option></select><img src=url404 onerror=xss(12)></style>" );
3008+
} );

0 commit comments

Comments
 (0)