MCPcopy Index your code
hub / github.com/plotly/plotly.js / expectNoEventHandlerAttrs

Function expectNoEventHandlerAttrs

test/jasmine/tests/toimage_test.js:283–294  ·  view source on GitHub ↗
(svg)

Source from the content-addressed store, hash-verified

281 const parser = new DOMParser();
282
283 const expectNoEventHandlerAttrs = (svg) => {
284 const doc = parser.parseFromString(svg, 'image/svg+xml');
285 const nodes = doc.getElementsByTagName('*');
286 for (const el of nodes) {
287 for (const attr of el.attributes) {
288 const name = attr.name.toLowerCase();
289 if (name.startsWith('on')) {
290 fail(`parsed SVG has event-handler attribute <${el.nodeName} ${name}="${attr.value}">`);
291 }
292 }
293 }
294 };
295
296 const runXssCase = (payload, done) => {
297 const fig = {

Callers 1

runXssCaseFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…