nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/spec/javascripts/widgets/search-spec.js
Jonne Haß 7134513b28 Fix XSS vulnerabilities caused by not escaping a users name fields when loading it from JSON. #3948 
From a quick look at the for us available databases this was not actually used in the wild.
2013-02-01 22:20:31 +01:00

12 lines
549 B
JavaScript
Raw Blame History

describe("Diaspora.Widgets.Search", function() {
describe("parse", function() {
it("escapes a persons name", function() {
$("#jasmine_content").html('<form action="#" id="searchForm"></form>');
var search = Diaspora.BaseWidget.instantiate("Search", $("#jasmine_content > #searchForm"));
var person = {"name": "</script><script>alert('xss');</script"};
result = search.parse([$.extend({}, person)]);
expect(result[0].data.name).toNotEqual(person.name);
});
});
});
Reference in a new issue View git blame Copy permalink