mirror of
https://github.com/docsifyjs/docsify.git
synced 2025-12-08 19:55:52 +00:00
33 lines
965 B
JavaScript
33 lines
965 B
JavaScript
const docsifyInit = require('../helpers/docsify-init');
|
|
|
|
describe(`Security`, function() {
|
|
const sharedOptions = {
|
|
markdown: {
|
|
homepage: '# Hello World',
|
|
},
|
|
routes: {
|
|
'test.md': '# Test Page',
|
|
},
|
|
};
|
|
|
|
describe(`Cross Site Scripting (XSS)`, function() {
|
|
const slashStrings = ['//', '///'];
|
|
|
|
for (const slashString of slashStrings) {
|
|
const hash = `#${slashString}domain.com/file.md`;
|
|
|
|
test(`should not load remote content from hash (${hash})`, async () => {
|
|
await docsifyInit(sharedOptions);
|
|
await expect(page).toHaveText('#main', 'Hello World');
|
|
await page.evaluate(() => (location.hash = '#/test'));
|
|
await expect(page).toHaveText('#main', 'Test Page');
|
|
await page.evaluate(newHash => {
|
|
location.hash = newHash;
|
|
}, hash);
|
|
await expect(page).toHaveText('#main', 'Hello World');
|
|
expect(page.url()).toMatch(/#\/$/);
|
|
});
|
|
}
|
|
});
|
|
});
|