UNPKG

showdown-xss-filter

Version:

XSS filter extension for showdown

github.com/VisionistInc/showdown-xss-filter

VisionistInc/showdown-xss-filter

35 lines (26 loc) 1.12 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
var expect = require('expect.js'), filter = require('../showdown-xss-filter'), showdown = require('showdown'); // tests to ensure resolved issues are not re-introduced describe('issues', function() { // https://github.com/VisionistInc/showdown-xss-filter/issues/4 describe('#4: filters html generated by showdown rendering html', function() { var converter; beforeEach(function(done) { converter = new showdown.Converter({extensions: [filter]}); done(); }); it("filters XSS attacks in markdown links", function(done) { var markdown = "[test](javascript:alert('xss'))"; var converted = converter.makeHtml(markdown); expect(converted).to.eql('<p><a href>test</a></p>'); done(); }); it("properly filters mixed markdown/html attack using blockquotes", function(done) { var markdown = '> hello <a name="n"\n> href="javascript:alert(\'xss\')">*you*</a>'; var converted = converter.makeHtml(markdown); expect(converted).to.eql('<blockquote>\n <p>hello <a href><em>you</em></a></p>\n</blockquote>'); done(); }); }); });