Add invalid links test

gflores-jahia · gflores-jahia · commit 4000a45f4825 · 2024-01-17T14:32:05.000-05:00
diff --git a/tests/cypress/e2e/defaultFiltering.cy.ts b/tests/cypress/e2e/defaultFiltering.cy.ts
@@ -54,4 +54,27 @@ describe('Default HTML filtering', () => {
             expect(value).to.contain('title');
         });
     });
+
+    it('rejects invalid protocol links', () => {
+        const text = '<p>This is an <a href="javascript://%0aalert(document.location)">xss test</a></p>';
+        modifyContent(path, text);
+        getContent(path).then(result => {
+            const value = result.data.jcr.nodeByPath.property.value;
+            expect(value).to.contain('<p>');
+            expect(value).to.not.contain('<a');
+            expect(value).to.not.contain('href');
+        });
+    });
+
+    it('rejects invalid href links', () => {
+        const text = '<p>This is an <a href="#javascript:alert(\'hello\')" target="_blank">xss test</a></p>';
+        modifyContent(path, text);
+        getContent(path).then(result => {
+            const value = result.data.jcr.nodeByPath.property.value;
+            expect(value).to.contain('<p>');
+            expect(value).to.contain('<a');
+            expect(value).to.not.contain('href');
+            expect(value).to.contain('target');
+        });
+    });
 });
