Skip to content

Commit dc06d68

Browse files
mgolmgol
authored
Tests: Add tests for recently fixed manipulation XSS issues
Closes gh-4685 Ref gh-4642 Ref gh-4647
1 parent 812b4a1 commit dc06d68

File tree

1 file changed

+49
-0
lines changed

1 file changed

+49
-0
lines changed

test/unit/manipulation.js

+49
Original file line numberDiff line numberDiff line change
@@ -2912,3 +2912,52 @@ testIframe(
29122912
// See https://web.archive.org/web/20171203124125/https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13246371/
29132913
QUnit[ /\bedge\//i.test( navigator.userAgent ) ? "skip" : "test" ]
29142914
);
2915+
2916+
QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) {
2917+
2918+
var container,
2919+
counter = 0,
2920+
assertCount = 13,
2921+
done = assert.async( assertCount );
2922+
2923+
assert.expect( assertCount );
2924+
2925+
Globals.register( "xss" );
2926+
window.xss = sinon.spy();
2927+
2928+
container = jQuery( "<div></div>" );
2929+
container.appendTo( "#qunit-fixture" );
2930+
2931+
function test( htmlString ) {
2932+
var currCounter = counter,
2933+
div = jQuery( "<div></div>" );
2934+
2935+
counter++;
2936+
2937+
div.appendTo( container );
2938+
div.html( htmlString );
2939+
2940+
setTimeout( function() {
2941+
assert.ok( window.xss.withArgs( currCounter ).notCalled,
2942+
"Insecure code wasn't executed, input: " + htmlString );
2943+
done();
2944+
}, 1000 );
2945+
}
2946+
2947+
// Note: below test cases need to invoke the xss function with consecutive
2948+
// decimal parameters for the assertion messages to be correct.
2949+
// Thanks to Masato Kinugawa from Cure53 for providing the following test cases.
2950+
test( "<img alt=\"<x\" title=\"/><img src=url404 onerror=xss(0)>\">" );
2951+
test( "<img alt=\"\n<x\" title=\"/>\n<img src=url404 onerror=xss(1)>\">" );
2952+
test( "<style><style/><img src=url404 onerror=xss(2)>" );
2953+
test( "<xmp><xmp/><img src=url404 onerror=xss(3)>" );
2954+
test( "<title><title /><img src=url404 onerror=xss(4)>" );
2955+
test( "<iframe><iframe/><img src=url404 onerror=xss(5)>" );
2956+
test( "<noframes><noframes/><img src=url404 onerror=xss(6)>" );
2957+
test( "<noembed><noembed/><img src=url404 onerror=xss(7)>" );
2958+
test( "<noscript><noscript/><img src=url404 onerror=xss(8)>" );
2959+
test( "<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(9)>\">" );
2960+
test( "<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(10)>\">" );
2961+
test( "<noscript/><img src=url404 onerror=xss(11)>" );
2962+
test( "<option><style></option></select><img src=url404 onerror=xss(12)></style>" );
2963+
} );

0 commit comments

Comments
 (0)