discourse/test/javascripts/lib/tooltip-test.js.es6

26 lines
585 B
Plaintext
Raw Normal View History

2018-06-28 08:24:21 -04:00
import { registerTooltip } from "discourse/lib/tooltip";
// prettier-ignore
QUnit.module("lib:tooltip", {
beforeEach() {
fixture().html(
"<a class='test-link' data-tooltip='XSS<s onmouseover\=alert(document.domain)>XSS'>test</a>"
);
}
});
QUnit.test("it prevents XSS injection", assert => {
const $testLink = fixture(".test-link");
registerTooltip($testLink);
$testLink.click();
andThen(() => {
assert.equal(
fixture(".tooltip-content")
.html()
.trim(),
"XSS&lt;s onmouseover=alert(document.domain)&gt;XSS"
);
});
});