26 lines
585 B
Plaintext
26 lines
585 B
Plaintext
|
import { registerTooltip } from "discourse/lib/tooltip";
|
||
|
|
||
|
// prettier-ignore
|
||
|
QUnit.module("lib:tooltip", {
|
||
|
beforeEach() {
|
||
|
fixture().html(
|
||
|
"<a class='test-link' data-tooltip='XSS<s onmouseover\=alert(document.domain)>XSS'>test</a>"
|
||
|
);
|
||
|
}
|
||
|
});
|
||
|
|
||
|
QUnit.test("it prevents XSS injection", assert => {
|
||
|
const $testLink = fixture(".test-link");
|
||
|
registerTooltip($testLink);
|
||
|
$testLink.click();
|
||
|
|
||
|
andThen(() => {
|
||
|
assert.equal(
|
||
|
fixture(".tooltip-content")
|
||
|
.html()
|
||
|
.trim(),
|
||
|
"XSS<s onmouseover=alert(document.domain)>XSS"
|
||
|
);
|
||
|
});
|
||
|
});
|