|
|
@@ -2,7 +2,7 @@ import { expect } from '@playwright/test'
|
|
|
import { test } from './fixtures'
|
|
|
import { createRandomPage } from './utils'
|
|
|
|
|
|
-test('should not spawn any dialogs', async ({ page, block }) => {
|
|
|
+test('custom html should not spawn any dialogs', async ({ page, block }) => {
|
|
|
await createRandomPage(page)
|
|
|
|
|
|
page.on('dialog', async dialog => {
|
|
|
@@ -15,7 +15,25 @@ test('should not spawn any dialogs', async ({ page, block }) => {
|
|
|
|
|
|
await page.keyboard.type('<button id="test-xss-button" onclick="confirm(1)">Click me!</button>')
|
|
|
await block.enterNext()
|
|
|
+ await page.keyboard.type('<details open id="test-xss-toggle" ontoggle=confirm(1);></details>')
|
|
|
+ await block.enterNext()
|
|
|
+
|
|
|
+ await page.click('#test-xss-toggle')
|
|
|
await page.click('#test-xss-button')
|
|
|
|
|
|
expect(true).toBeTruthy()
|
|
|
})
|
|
|
+
|
|
|
+test('custom hiccup should not spawn any dialogs', async ({ page, block }) => {
|
|
|
+ await createRandomPage(page)
|
|
|
+
|
|
|
+ page.on('dialog', async dialog => {
|
|
|
+ expect(false).toBeTruthy()
|
|
|
+ await dialog.dismiss()
|
|
|
+ })
|
|
|
+
|
|
|
+ await page.keyboard.type('[:iframe {:src "javascript:confirm(1);"}]')
|
|
|
+ await block.enterNext()
|
|
|
+
|
|
|
+ expect(true).toBeTruthy()
|
|
|
+})
|
Konstantinos Kaloutas