MCPcopy Index your code
hub / github.com/plotly/plotly.js / runXssCase

Function runXssCase

test/jasmine/tests/toimage_test.js:296–306  ·  view source on GitHub ↗
(payload, done)

Source from the content-addressed store, hash-verified

294 };
295
296 const runXssCase = (payload, done) => {
297 const fig = {
298 data: [{ x: [1], y: [1], type: 'scatter' }],
299 layout: { annotations: [{ x: 1, y: 1, showarrow: false, text: payload }] }
300 };
301
302 Plotly.newPlot(gd, fig)
303 .then(() => Plotly.toImage(gd, { format: 'svg', imageDataOnly: true }))
304 .then((svg) => expectNoEventHandlerAttrs(decodeURIComponent(svg)))
305 .then(done, done.fail);
306 };
307
308 it('should not let <span style=...> entity-encoded quotes escape attribute context', (done) => {
309 runXssCase('<span style="x:&#34; onmouseover=&#34;__xss=1&#34; a=&#34;">hi</span>', done);

Callers 1

toimage_test.jsFile · 0.85

Calls 1

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…