| 1 | import { urlSnapshotTest, openURLAndVerifyRendering } from '../../helpers/util.ts'; |
| 2 | |
| 3 | describe('CSS injections', () => { |
| 4 | it('should not allow CSS injections outside of the diagram', () => { |
| 5 | urlSnapshotTest('/ghsa1.html', { |
| 6 | logLevel: 1, |
| 7 | flowchart: { htmlLabels: false }, |
| 8 | }); |
| 9 | }); |
| 10 | it('should not allow adding styletags affecting the page', () => { |
| 11 | urlSnapshotTest('/ghsa3.html', { |
| 12 | logLevel: 1, |
| 13 | flowchart: { htmlLabels: false }, |
| 14 | }); |
| 15 | }); |
| 16 | it('should not allow manipulating styletags using arrowheads', () => { |
| 17 | openURLAndVerifyRendering('/xss23-css.html', { |
| 18 | logLevel: 1, |
| 19 | arrowMarkerAbsolute: false, |
| 20 | flowchart: { htmlLabels: true }, |
| 21 | }); |
| 22 | }); |
| 23 | }); |
| 24 | |