mirror of
https://github.com/mermaid-js/mermaid.git
synced 2025-01-14 06:43:25 +08:00
24 lines
777 B
JavaScript
24 lines
777 B
JavaScript
import { urlSnapshotTest, openURLAndVerifyRendering } from '../../helpers/util.js';
|
|
|
|
describe('CSS injections', () => {
|
|
it('should not allow CSS injections outside of the diagram', () => {
|
|
urlSnapshotTest('http://localhost:9000/ghsa1.html', {
|
|
logLevel: 1,
|
|
flowchart: { htmlLabels: false },
|
|
});
|
|
});
|
|
it('should not allow adding styletags affecting the page', () => {
|
|
urlSnapshotTest('http://localhost:9000/ghsa3.html', {
|
|
logLevel: 1,
|
|
flowchart: { htmlLabels: false },
|
|
});
|
|
});
|
|
it('should not allow manipulating styletags using arrowheads', () => {
|
|
openURLAndVerifyRendering('http://localhost:9000/xss23-css.html', {
|
|
logLevel: 1,
|
|
arrowMarkerAbsolute: false,
|
|
flowchart: { htmlLabels: true },
|
|
});
|
|
});
|
|
});
|