File tree 1 file changed +9
-5
lines changed
packages/utils/src/xss/__test__
1 file changed +9
-5
lines changed Original file line number Diff line number Diff line change @@ -4,10 +4,14 @@ import * as xss from '../index'
44test ( '测试 filterUrl,filterHtml, 整个组件库只用到这2个函数' , async ( ) => {
55 const { filterHtml, filterUrl } = xss . default
66
7- const url = `https://s.com/user#<script>alert('XSS')</script>`
8- const html = `<a href="javascript:alert('XSS')">Click Me</a>`
7+ // 过滤DOM中的危险语句
8+ expect ( filterHtml ( `<a href="javascript:alert('XSS')">Click Me</a>` ) ) . toMatchInlineSnapshot ( `"<a>Click Me</a>"` )
99
10- // filterUrl是无效的???
11- expect ( filterUrl ( url ) ) . toMatchInlineSnapshot ( `"https://s.com/user#<script>alert('XSS')</script>"` )
12- expect ( filterHtml ( html ) ) . toMatchInlineSnapshot ( `"<a>Click Me</a>"` )
10+ // 过滤控制字符
11+ expect ( filterUrl ( `hello\uFEFFworld` ) ) . toMatchInlineSnapshot ( `"helloworld"` )
12+ // 过滤可执行代码
13+ expect ( filterUrl ( `javascript:alert('XSS')` ) ) . toMatchInlineSnapshot ( `""` )
14+ expect ( filterUrl ( `data:text/html,<h1>xss</h1>` ) ) . toMatchInlineSnapshot ( `""` )
15+ // 正常字符
16+ expect ( filterUrl ( `https://s.com/user` ) ) . toMatchInlineSnapshot ( `"https://s.com/user"` )
1317} )
You can’t perform that action at this time.
0 commit comments