add test of plugins/legend.js

diff --git a/auto_tests/misc/local.html b/auto_tests/misc/local.html
index 42c2c06..fbb225b 100644 (file)
--- a/auto_tests/misc/local.html
+++ b/auto_tests/misc/local.html
@@ -59,6 +59,7 @@
   -->
   <script type="text/javascript" src="../tests/to_dom_coords.js"></script>
   <script type="text/javascript" src="../tests/resize.js"></script>
+  <script type="text/javascript" src="../tests/plugins_legend.js"></script>
   <script type="text/javascript" src="../tests/update_options.js"></script>
   <script type="text/javascript" src="../tests/update_while_panning.js"></script>
   <script type="text/javascript" src="../tests/utils_test.js"></script>

diff --git a/auto_tests/tests/plugins_legend.js b/auto_tests/tests/plugins_legend.js
new file mode 100644 (file)
index 0000000..3288329
--- /dev/null
+++ b/auto_tests/tests/plugins_legend.js
@@ -0,0 +1,46 @@
+/**
+ * @fileoverview FILL THIS IN
+ *
+ * @author akiya.mizukoshi@gmail.com (Akiyah)
+ */
+var pluginsLegendTestCase = TestCase("plugins-legend");
+
+pluginsLegendTestCase.prototype.setUp = function() {
+  document.body.innerHTML = "<div id='graph'></div>";
+};
+
+pluginsLegendTestCase.prototype.tearDown = function() {
+};
+
+pluginsLegendTestCase.prototype.testLegendEscape = function() {
+  var opts = {
+    width: 480,
+    height: 320
+  };
+  var data = "X,<script>alert('XSS')</script>\n" +
+      "0,-1\n" +
+      "1,0\n" +
+      "2,1\n" +
+      "3,0\n"
+  ;
+
+  var graph = document.getElementById("graph");
+  var g = new Dygraph(graph, data, opts);
+
+  var legendPlugin = new Dygraph.Plugins.Legend();
+  legendPlugin.activate(g);
+  var e = {
+    selectedX: 'selectedX',
+    selectedPoints: [{
+      canvasy: 100,
+      name: "<script>alert('XSS')</script>",
+      yval: 10,
+    }],
+    dygraph: g
+  }
+  legendPlugin.select(e);
+
+  var legendSpan = $(legendPlugin.legend_div_).find("span b span");
+  assertEquals("&lt;script&gt;alert('XSS')&lt;/script&gt;", legendSpan.html());
+};
+