test(embeds): more XSS tests

see #593 (comment)
adobe · Mar 23, 2020 · fb116cd · fb116cd
1 parent 5b8743a
commit fb116cd
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/test/testDataEmbeds.js b/test/testDataEmbeds.js
@@ -288,7 +288,7 @@ Built in {{year}}. Driven from {{mileage.from}} km to {{mileage.to}} km.
         make: 'Nissan', model: 'Sunny', year: 'javascript:alert("foo")', image: 'nissan.jpg',
       },
       {
-        make: 'Renault', model: 'Scenic', year: 2000, image: 'renault.jpg',
+        make: '<script type="application/javascript">alert("foo")</script>', model: 'Scenic', year: 2000, image: 'renault.jpg',
       },
       {
         make: 'Honda', model: 'FR-V', year: 2005, image: 'honda.png',
@@ -301,16 +301,16 @@ Built in {{year}}. Driven from {{mileage.from}} km to {{mileage.to}} km.
 
 https://docs.google.com/spreadsheets/d/e/2PACX-1vQ78BeYUV4gFee4bSxjN8u86aV853LGYZlwv1jAUMZFnPn5TnIZteDJwjGr2GNu--zgnpTY1E_KHXcF/pubhtml
 
-- [![{{make}} {{model}}]({{image}})]({{year}}.md)
+- {{make}} [![{{model}}]({{image}})]({{year}}.md)
 `,
     `<div>
       <h2 id="my-cars">My Cars</h2>
     </div>
     <div>
       <ul>
-        <li><a href="cars-1992.html"><img src="nissan.jpg" alt="Nissan Sunny"></a></li>
-        <li><a href="cars-2000.html"><img src="renault.jpg" alt="Renault Scenic"></a></li>
-        <li><a href="cars-2005.html"><img src="honda.png" alt="Honda FR-V"></a></li>
+        <li>Nissan <a href="cars-1992.html"><img src="nissan.jpg" alt="Sunny"></a></li>
+        <li>Renault <a href="cars-2000.html"><img src="renault.jpg" alt="Scenic"></a></li>
+        <li>Honda <a href="cars-2005.html"><img src="honda.png" alt="FR-V"></a></li>
       </ul>
     </div>`,
   ));