2022-10-06 10:12:20 +00:00
|
|
|
import { expect } from '@playwright/test'
|
|
|
|
|
import { test } from './fixtures'
|
|
|
|
|
import { createRandomPage } from './utils'
|
|
|
|
|
|
2022-10-06 14:28:23 +00:00
|
|
|
test('custom html should not spawn any dialogs', async ({ page, block }) => {
|
2022-10-06 10:12:20 +00:00
|
|
|
await createRandomPage(page)
|
|
|
|
|
|
|
|
|
|
page.on('dialog', async dialog => {
|
|
|
|
|
expect(false).toBeTruthy()
|
|
|
|
|
await dialog.dismiss()
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
await page.keyboard.type('<iframe src="javascript:confirm(1);" />')
|
|
|
|
|
await block.enterNext()
|
|
|
|
|
|
|
|
|
|
await page.keyboard.type('<button id="test-xss-button" onclick="confirm(1)">Click me!</button>')
|
|
|
|
|
await block.enterNext()
|
2022-10-06 14:28:23 +00:00
|
|
|
await page.keyboard.type('<details open id="test-xss-toggle" ontoggle=confirm(1);></details>')
|
|
|
|
|
await block.enterNext()
|
|
|
|
|
|
|
|
|
|
await page.click('#test-xss-toggle')
|
2022-10-06 10:12:20 +00:00
|
|
|
await page.click('#test-xss-button')
|
|
|
|
|
|
|
|
|
|
expect(true).toBeTruthy()
|
|
|
|
|
})
|
2022-10-06 14:28:23 +00:00
|
|
|
|
|
|
|
|
test('custom hiccup should not spawn any dialogs', async ({ page, block }) => {
|
|
|
|
|
await createRandomPage(page)
|
|
|
|
|
|
|
|
|
|
page.on('dialog', async dialog => {
|
|
|
|
|
expect(false).toBeTruthy()
|
|
|
|
|
await dialog.dismiss()
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
await page.keyboard.type('[:iframe {:src "javascript:confirm(1);"}]')
|
|
|
|
|
await block.enterNext()
|
|
|
|
|
|
|
|
|
|
expect(true).toBeTruthy()
|
|
|
|
|
})
|
