mermaid/cypress/integration/other/ghsa.spec.js

import { urlSnapshotTest, openURLAndVerifyRendering } from '../../helpers/util.ts';

describe('CSS injections', () => {
  it('should not allow CSS injections outside of the diagram', () => {
    urlSnapshotTest('http://localhost:9000/ghsa1.html', {
      logLevel: 1,
      flowchart: { htmlLabels: false },
    });
  });
  it('should not allow adding styletags affecting the page', () => {
    urlSnapshotTest('http://localhost:9000/ghsa3.html', {
      logLevel: 1,
      flowchart: { htmlLabels: false },
    });
  });
  it('should not allow manipulating styletags using arrowheads', () => {
    openURLAndVerifyRendering('http://localhost:9000/xss23-css.html', {
      logLevel: 1,
      arrowMarkerAbsolute: false,
      flowchart: { htmlLabels: true },
    });
  });
});
Fix import file extension 2023-07-07 17:21:18 +05:30			`import { urlSnapshotTest, openURLAndVerifyRendering } from '../../helpers/util.ts';`
Only allowing a subset of characters in themeVariables 2022-06-21 21:17:53 +02:00
			`describe('CSS injections', () => {`
			`it('should not allow CSS injections outside of the diagram', () => {`
			`urlSnapshotTest('http://localhost:9000/ghsa1.html', {`
			`logLevel: 1,`
			`flowchart: { htmlLabels: false },`
			`});`
			`});`
Small fix 2022-12-08 13:21:56 +01:00			`it('should not allow adding styletags affecting the page', () => {`
			`urlSnapshotTest('http://localhost:9000/ghsa3.html', {`
			`logLevel: 1,`
			`flowchart: { htmlLabels: false },`
			`});`
			`});`
#4446 Updating the cleanup criteria 2023-06-01 16:30:57 +02:00			`it('should not allow manipulating styletags using arrowheads', () => {`
			`openURLAndVerifyRendering('http://localhost:9000/xss23-css.html', {`
			`logLevel: 1,`
			`arrowMarkerAbsolute: false,`
			`flowchart: { htmlLabels: true },`
			`});`
			`});`
Only allowing a subset of characters in themeVariables 2022-06-21 21:17:53 +02:00			`});`