mirror of
https://github.com/docsifyjs/docsify.git
synced 2025-12-08 19:55:52 +00:00
f5412dc7b0
* Update linting configuration (eslint, prettier) * Fix lint issues following eslint prettier update * Change ESLint config to allow boolean coercion * Switch to default import name per docs * Fix suppression of error details * Update JSDoc comments * Update waiForFunctin to provide error details --------- Co-authored-by: Koy Zhuang <koy@ko8e24.top>
35 lines
1.0 KiB
JavaScript
35 lines
1.0 KiB
JavaScript
import docsifyInit from '../helpers/docsify-init.js';
|
|
import { test, expect } from './fixtures/docsify-init-fixture.js';
|
|
|
|
test.describe('Security - Cross Site Scripting (XSS)', () => {
|
|
const sharedOptions = {
|
|
markdown: {
|
|
homepage: '# Hello World',
|
|
},
|
|
routes: {
|
|
'test.md': '# Test Page',
|
|
},
|
|
};
|
|
const slashStrings = ['//', '///'];
|
|
|
|
for (const slashString of slashStrings) {
|
|
const hash = `#${slashString}domain.com/file.md`;
|
|
|
|
test(`should not load remote content from hash (${hash})`, async ({
|
|
page,
|
|
}) => {
|
|
const mainElm = page.locator('#main');
|
|
|
|
await docsifyInit(sharedOptions);
|
|
await expect(mainElm).toContainText('Hello World');
|
|
await page.evaluate(() => (location.hash = '#/test'));
|
|
await expect(mainElm).toContainText('Test Page');
|
|
await page.evaluate(newHash => {
|
|
location.hash = newHash;
|
|
}, hash);
|
|
await expect(mainElm).toContainText('Hello World');
|
|
expect(page.url()).toMatch(/#\/$/);
|
|
});
|
|
}
|
|
});
|