diff options
| author | Michał Gołębiowski-Owczarek <m.goleb@gmail.com> | 2020-04-29 16:39:04 +0200 |
|---|---|---|
| committer | Michał Gołębiowski-Owczarek <m.goleb@gmail.com> | 2020-04-29 16:50:27 +0200 |
| commit | 58a8e87979d68f001de9e52c00601b805bab303d (patch) | |
| tree | f1a937e9a2899695f650c7ee0799691da2151691 | |
| parent | c1c0598d8fde1bb66a257d7e993dd940aa4f4ce7 (diff) | |
| download | jquery-58a8e87979d68f001de9e52c00601b805bab303d.tar.gz jquery-58a8e87979d68f001de9e52c00601b805bab303d.zip | |
Tests: Add tests for recently fixed manipulation XSS issues
Closes gh-4685
Ref gh-4642
Ref gh-4647
(cherry picked from commit dc06d68bdc4c2562b5cc530f21e668a17d78ee2d)
| -rw-r--r-- | test/unit/manipulation.js | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js index 3e50389d0..c997d7535 100644 --- a/test/unit/manipulation.js +++ b/test/unit/manipulation.js @@ -2957,3 +2957,52 @@ testIframe( // script-src restrictions completely. QUnit[ /\bedge\/|iphone os [789]|android 4\./i.test( navigator.userAgent ) ? "skip" : "test" ] ); + +QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) { + + var container, + counter = 0, + assertCount = 13, + done = assert.async( assertCount ); + + assert.expect( assertCount ); + + Globals.register( "xss" ); + window.xss = sinon.spy(); + + container = jQuery( "<div></div>" ); + container.appendTo( "#qunit-fixture" ); + + function test( htmlString ) { + var currCounter = counter, + div = jQuery( "<div></div>" ); + + counter++; + + div.appendTo( container ); + div.html( htmlString ); + + setTimeout( function() { + assert.ok( window.xss.withArgs( currCounter ).notCalled, + "Insecure code wasn't executed, input: " + htmlString ); + done(); + }, 1000 ); + } + + // Note: below test cases need to invoke the xss function with consecutive + // decimal parameters for the assertion messages to be correct. + // Thanks to Masato Kinugawa from Cure53 for providing the following test cases. + test( "<img alt=\"<x\" title=\"/><img src=url404 onerror=xss(0)>\">" ); + test( "<img alt=\"\n<x\" title=\"/>\n<img src=url404 onerror=xss(1)>\">" ); + test( "<style><style/><img src=url404 onerror=xss(2)>" ); + test( "<xmp><xmp/><img src=url404 onerror=xss(3)>" ); + test( "<title><title /><img src=url404 onerror=xss(4)>" ); + test( "<iframe><iframe/><img src=url404 onerror=xss(5)>" ); + test( "<noframes><noframes/><img src=url404 onerror=xss(6)>" ); + test( "<noembed><noembed/><img src=url404 onerror=xss(7)>" ); + test( "<noscript><noscript/><img src=url404 onerror=xss(8)>" ); + test( "<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(9)>\">" ); + test( "<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(10)>\">" ); + test( "<noscript/><img src=url404 onerror=xss(11)>" ); + test( "<option><style></option></select><img src=url404 onerror=xss(12)></style>" ); +} ); |