mirror of
https://github.com/docsifyjs/docsify.git
synced 2026-01-25 15:23:21 +00:00
136e666e78
* develop: (104 commits) chore: bump ssri from 6.0.1 to 6.0.2 (#1563) chore: Update Edit Document using develop branch (#1541) fix: Add escapeHtml for search (#1551) docs: link with plugin Pagination (#1554) fix: Upgrade dompurify from 2.2.6 to 2.2.7 (#1553) fix: upgrade dompurify from 2.2.6 to 2.2.7 (#1552) chore: bump y18n from 4.0.0 to 4.0.1 (#1548) chore: Fix search for missing pathNamespaces (#1547) fix: Upgrade docsify from 4.12.0 to 4.12.1 (#1544) docs:Update deploy, change Zeit to Vercel (#1540) fix: Cannot read property 'classList' of null (#1527) chore: fix microsoft/playwright-github-action error (#1534) Update PULL_REQUEST_TEMPLATE.md chore: Update CHANGELOG and Update test snapshots chore: add changelog 4.12.1 [build] 4.12.1 feat: Support search when there is no title (#1519) test(unit): add test cases on isExternal. (#1515) docs: Update Vercel logo link (#1520) fix: Upgrade docsify from 4.11.6 to 4.12.0 (#1518) ...
33 lines
962 B
JavaScript
33 lines
962 B
JavaScript
import docsifyInit from '../helpers/docsify-init';
|
|
|
|
describe(`Security`, function () {
|
|
const sharedOptions = {
|
|
markdown: {
|
|
homepage: '# Hello World',
|
|
},
|
|
routes: {
|
|
'test.md': '# Test Page',
|
|
},
|
|
};
|
|
|
|
describe(`Cross Site Scripting (XSS)`, function () {
|
|
const slashStrings = ['//', '///'];
|
|
|
|
for (const slashString of slashStrings) {
|
|
const hash = `#${slashString}domain.com/file.md`;
|
|
|
|
test(`should not load remote content from hash (${hash})`, async () => {
|
|
await docsifyInit(sharedOptions);
|
|
await expect(page).toHaveText('#main', 'Hello World');
|
|
await page.evaluate(() => (location.hash = '#/test'));
|
|
await expect(page).toHaveText('#main', 'Test Page');
|
|
await page.evaluate(newHash => {
|
|
location.hash = newHash;
|
|
}, hash);
|
|
await expect(page).toHaveText('#main', 'Hello World');
|
|
expect(page.url()).toMatch(/#\/$/);
|
|
});
|
|
}
|
|
});
|
|
});
|