Commit | Line | Data |
---|---|---|
8b38c21f A |
1 | /** |
2 | * @fileoverview FILL THIS IN | |
3 | * | |
4 | * @author akiya.mizukoshi@gmail.com (Akiyah) | |
5 | */ | |
89fdcedb | 6 | describe("plugins-legend", function() { |
8b38c21f | 7 | |
89fdcedb | 8 | beforeEach(function() { |
8b38c21f | 9 | document.body.innerHTML = "<div id='graph'></div>"; |
89fdcedb | 10 | }); |
8b38c21f | 11 | |
89fdcedb DV |
12 | afterEach(function() { |
13 | }); | |
8b38c21f | 14 | |
89fdcedb | 15 | it('testLegendEscape', function() { |
8b38c21f A |
16 | var opts = { |
17 | width: 480, | |
18 | height: 320 | |
19 | }; | |
20 | var data = "X,<script>alert('XSS')</script>\n" + | |
21 | "0,-1\n" + | |
22 | "1,0\n" + | |
23 | "2,1\n" + | |
24 | "3,0\n" | |
25 | ; | |
26 | ||
27 | var graph = document.getElementById("graph"); | |
28 | var g = new Dygraph(graph, data, opts); | |
29 | ||
30 | var legendPlugin = new Dygraph.Plugins.Legend(); | |
31 | legendPlugin.activate(g); | |
32 | var e = { | |
33 | selectedX: 'selectedX', | |
34 | selectedPoints: [{ | |
35 | canvasy: 100, | |
36 | name: "<script>alert('XSS')</script>", | |
37 | yval: 10, | |
38 | }], | |
39 | dygraph: g | |
40 | } | |
41 | legendPlugin.select(e); | |
42 | ||
dc910fce DV |
43 | var legendSpan = legendPlugin.legend_div_.querySelector("span b span"); |
44 | assert.equal(legendSpan.innerHTML, "<script>alert('XSS')</script>"); | |
89fdcedb | 45 | }); |
8b38c21f | 46 | |
89fdcedb DV |
47 | |
48 | }); |