From fb116cdf7053d9c4fa8cfdb944a9d5100c230838 Mon Sep 17 00:00:00 2001
From: Lars Trieloff <trieloff@adobe.com>
Date: Mon, 23 Mar 2020 08:19:13 +0000
Subject: [PATCH] test(embeds): more XSS tests

see https://github.com/adobe/helix-pipeline/issues/593#issuecomment-601426544
---
 test/testDataEmbeds.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/test/testDataEmbeds.js b/test/testDataEmbeds.js
index 097d27108..e6899b97c 100644
--- a/test/testDataEmbeds.js
+++ b/test/testDataEmbeds.js
@@ -288,7 +288,7 @@ Built in {{year}}. Driven from {{mileage.from}} km to {{mileage.to}} km.
         make: 'Nissan', model: 'Sunny', year: 'javascript:alert("foo")', image: 'nissan.jpg',
       },
       {
-        make: 'Renault', model: 'Scenic', year: 2000, image: 'renault.jpg',
+        make: '<script type="application/javascript">alert("foo")</script>', model: 'Scenic', year: 2000, image: 'renault.jpg',
       },
       {
         make: 'Honda', model: 'FR-V', year: 2005, image: 'honda.png',
@@ -301,16 +301,16 @@ Built in {{year}}. Driven from {{mileage.from}} km to {{mileage.to}} km.
 
 https://docs.google.com/spreadsheets/d/e/2PACX-1vQ78BeYUV4gFee4bSxjN8u86aV853LGYZlwv1jAUMZFnPn5TnIZteDJwjGr2GNu--zgnpTY1E_KHXcF/pubhtml
 
-- [![{{make}} {{model}}]({{image}})]({{year}}.md)
+- {{make}} [![{{model}}]({{image}})]({{year}}.md)
 `,
     `<div>
       <h2 id="my-cars">My Cars</h2>
     </div>
     <div>
       <ul>
-        <li><a href="cars-1992.html"><img src="nissan.jpg" alt="Nissan Sunny"></a></li>
-        <li><a href="cars-2000.html"><img src="renault.jpg" alt="Renault Scenic"></a></li>
-        <li><a href="cars-2005.html"><img src="honda.png" alt="Honda FR-V"></a></li>
+        <li>Nissan <a href="cars-1992.html"><img src="nissan.jpg" alt="Sunny"></a></li>
+        <li>Renault <a href="cars-2000.html"><img src="renault.jpg" alt="Scenic"></a></li>
+        <li>Honda <a href="cars-2005.html"><img src="honda.png" alt="FR-V"></a></li>
       </ul>
     </div>`,
   ));