2 * @fileoverview FILL THIS IN
4 * @author akiya.mizukoshi@gmail.com (Akiyah)
6 describe("plugins-legend", function() {
8 beforeEach(function() {
9 document
.body
.innerHTML
= "<div id='graph'></div>";
12 afterEach(function() {
15 it('testLegendEscape', function() {
20 var data
= "X,<script>alert('XSS')</script>\n" +
27 var graph
= document
.getElementById("graph");
28 var g
= new Dygraph(graph
, data
, opts
);
30 var legendPlugin
= new Dygraph
.Plugins
.Legend();
31 legendPlugin
.activate(g
);
33 selectedX
: 'selectedX',
36 name
: "<script>alert('XSS')</script>",
41 legendPlugin
.select(e
);
43 var legendSpan
= legendPlugin
.legend_div_
.querySelector("span b span");
44 assert
.equal(legendSpan
.innerHTML
, "<script>alert('XSS')</script>");