Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 010f5a8

Browse files
etpinardetpinard
committed
Revert "Update tests to not depend on entity decode"
This reverts commit 7649e5d.
1 parent ba6320e commit 010f5a8

File tree

1 file changed

+21
-22
lines changed

1 file changed

+21
-22
lines changed

test/jasmine/tests/svg_text_utils_test.js

Lines changed: 21 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -121,34 +121,33 @@ describe('svg+text utils', function() {
121121
});
122122

123123
it('wrap XSS attacks in href', function() {
124-
var node = mockTextSVGElement(
125-
'<a href="XSS" onmouseover="alert(1)" style="font-size:300px">Subtitle</a>'
126-
);
127-
128-
expect(node.text()).toEqual('Subtitle');
129-
assertAnchorAttrs(node);
130-
assertAnchorLink(node, 'XSS onmouseover=alert(1) style=font-size:300px');
131-
});
132-
133-
it('wrap XSS attacks with quoted entities in href', function() {
134-
var node = mockTextSVGElement(
124+
var textCases = [
125+
'<a href="XSS\" onmouseover=&quot;alert(1)\" style=&quot;font-size:300px">Subtitle</a>',
135126
'<a href="XSS&quot; onmouseover=&quot;alert(1)&quot; style=&quot;font-size:300px">Subtitle</a>'
136-
);
127+
];
137128

138-
console.log(node.select('a').attr('xlink:href'));
139-
expect(node.text()).toEqual('Subtitle');
140-
assertAnchorAttrs(node);
141-
assertAnchorLink(node, 'XSS&quot; onmouseover=&quot;alert(1)&quot; style=&quot;font-size:300px');
129+
textCases.forEach(function(textCase) {
130+
var node = mockTextSVGElement(textCase);
131+
132+
expect(node.text()).toEqual('Subtitle');
133+
assertAnchorAttrs(node);
134+
assertAnchorLink(node, 'XSS onmouseover=alert(1) style=font-size:300px');
135+
});
142136
});
143137

144138
it('should keep query parameters in href', function() {
145-
var node = mockTextSVGElement(
146-
'<a href="https://abc.com/myFeature.jsp?name=abc&pwd=def">abc.com?shared-key</a>'
147-
);
139+
var textCases = [
140+
'<a href="https://abc.com/myFeature.jsp?name=abc&pwd=def">abc.com?shared-key</a>',
141+
'<a href="https://abc.com/myFeature.jsp?name=abc&amp;pwd=def">abc.com?shared-key</a>'
142+
];
148143

149-
assertAnchorAttrs(node);
150-
expect(node.text()).toEqual('abc.com?shared-key');
151-
assertAnchorLink(node, 'https://abc.com/myFeature.jsp?name=abc&pwd=def');
144+
textCases.forEach(function(textCase) {
145+
var node = mockTextSVGElement(textCase);
146+
147+
assertAnchorAttrs(node);
148+
expect(node.text()).toEqual('abc.com?shared-key');
149+
assertAnchorLink(node, 'https://abc.com/myFeature.jsp?name=abc&pwd=def');
150+
});
152151
});
153152

154153
it('allow basic spans', function() {

0 commit comments

Comments
 (0)