-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path4.3.js
More file actions
27 lines (21 loc) · 1.14 KB
/
4.3.js
File metadata and controls
27 lines (21 loc) · 1.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
// test-no-unsanitized.js - Tests for eslint-plugin-no-unsanitized (XSS prevention)
// Test 1: Unsafe innerHTML usage
const userContent = '<script>alert("XSS")</script>';
document.getElementById('content').innerHTML = userContent; // Should trigger XSS warning
// Test 2: Unsafe outerHTML usage
const maliciousHTML = '<img src=x onerror=alert(1)>';
document.body.outerHTML = maliciousHTML; // Should trigger XSS warning
// Test 3: Unsafe insertAdjacentHTML
const untrustedData = req.body.html; // User input
element.insertAdjacentHTML('beforeend', untrustedData); // Should trigger warning
// Test 4: Unsafe document.write
const userScript = '<script src="evil.js"></script>';
document.write(userScript); // Should trigger warning
// Test 5: Unsafe jQuery html() method
const $element = $('#target');
const dangerousContent = '<script>steal_cookies()</script>';
$element.html(dangerousContent); // Should trigger warning if jQuery rules enabled
// Test 6: Range createContextualFragment
const range = document.createRange();
const userHTML = '<script>malicious()</script>';
const fragment = range.createContextualFragment(userHTML); // Should trigger warning