aboutsummaryrefslogtreecommitdiffstats
path: root/test/unit/manipulation.js
diff options
context:
space:
mode:
authorMichał Gołębiowski-Owczarek <m.goleb@gmail.com>2020-04-29 16:39:04 +0200
committerGitHub <noreply@github.com>2020-04-29 16:39:04 +0200
commitdc06d68bdc4c2562b5cc530f21e668a17d78ee2d (patch)
tree10689fa05a6cb4f527592c677c1c4da8c52b73cd /test/unit/manipulation.js
parent812b4a1a837c049b85efb73603105b4245cb0e5c (diff)
downloadjquery-dc06d68bdc4c2562b5cc530f21e668a17d78ee2d.tar.gz
jquery-dc06d68bdc4c2562b5cc530f21e668a17d78ee2d.zip
Tests: Add tests for recently fixed manipulation XSS issues
Closes gh-4685 Ref gh-4642 Ref gh-4647
Diffstat (limited to 'test/unit/manipulation.js')
-rw-r--r--test/unit/manipulation.js49
1 files changed, 49 insertions, 0 deletions
diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js
index 5ac76b68d..45946c355 100644
--- a/test/unit/manipulation.js
+++ b/test/unit/manipulation.js
@@ -2912,3 +2912,52 @@ testIframe(
// See https://web.archive.org/web/20171203124125/https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13246371/
QUnit[ /\bedge\//i.test( navigator.userAgent ) ? "skip" : "test" ]
);
+
+QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) {
+
+ var container,
+ counter = 0,
+ assertCount = 13,
+ done = assert.async( assertCount );
+
+ assert.expect( assertCount );
+
+ Globals.register( "xss" );
+ window.xss = sinon.spy();
+
+ container = jQuery( "<div></div>" );
+ container.appendTo( "#qunit-fixture" );
+
+ function test( htmlString ) {
+ var currCounter = counter,
+ div = jQuery( "<div></div>" );
+
+ counter++;
+
+ div.appendTo( container );
+ div.html( htmlString );
+
+ setTimeout( function() {
+ assert.ok( window.xss.withArgs( currCounter ).notCalled,
+ "Insecure code wasn't executed, input: " + htmlString );
+ done();
+ }, 1000 );
+ }
+
+ // Note: below test cases need to invoke the xss function with consecutive
+ // decimal parameters for the assertion messages to be correct.
+ // Thanks to Masato Kinugawa from Cure53 for providing the following test cases.
+ test( "<img alt=\"<x\" title=\"/><img src=url404 onerror=xss(0)>\">" );
+ test( "<img alt=\"\n<x\" title=\"/>\n<img src=url404 onerror=xss(1)>\">" );
+ test( "<style><style/><img src=url404 onerror=xss(2)>" );
+ test( "<xmp><xmp/><img src=url404 onerror=xss(3)>" );
+ test( "<title><title /><img src=url404 onerror=xss(4)>" );
+ test( "<iframe><iframe/><img src=url404 onerror=xss(5)>" );
+ test( "<noframes><noframes/><img src=url404 onerror=xss(6)>" );
+ test( "<noembed><noembed/><img src=url404 onerror=xss(7)>" );
+ test( "<noscript><noscript/><img src=url404 onerror=xss(8)>" );
+ test( "<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(9)>\">" );
+ test( "<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(10)>\">" );
+ test( "<noscript/><img src=url404 onerror=xss(11)>" );
+ test( "<option><style></option></select><img src=url404 onerror=xss(12)></style>" );
+} );