diff options
Diffstat (limited to 'spec/javascripts/notebook/cells/output/html_sanitize_tests.js')
-rw-r--r-- | spec/javascripts/notebook/cells/output/html_sanitize_tests.js | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/spec/javascripts/notebook/cells/output/html_sanitize_tests.js b/spec/javascripts/notebook/cells/output/html_sanitize_tests.js index d587573fc9e..74c48f04367 100644 --- a/spec/javascripts/notebook/cells/output/html_sanitize_tests.js +++ b/spec/javascripts/notebook/cells/output/html_sanitize_tests.js @@ -28,7 +28,8 @@ export default { output: '<a>foo</a>', }, 'protocol-based JS injection: long UTF-8 encoding without semicolons': { - input: '<a href=javascript:alert('XSS')>foo</a>', + input: + '<a href=javascript:alert('XSS')>foo</a>', output: '<a>foo</a>', }, 'protocol-based JS injection: hex encoding': { @@ -40,7 +41,8 @@ export default { output: '<a>foo</a>', }, 'protocol-based JS injection: hex encoding without semicolons': { - input: '<a href=javascript:alert('XSS')>foo</a>', + input: + '<a href=javascript:alert('XSS')>foo</a>', output: '<a>foo</a>', }, 'protocol-based JS injection: null char': { @@ -48,7 +50,7 @@ export default { output: '<a>foo</a>', }, 'protocol-based JS injection: invalid URL char': { - input: '<img src=java\script:alert("XSS")>', // eslint-disable-line no-useless-escape + input: '<img src=javascript:alert("XSS")>', output: '<img>', }, 'protocol-based JS injection: Unicode': { |