1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
describe "Bugfixes", ->
it "https://github.com/harvesthq/chosen/issues/2996 - XSS Vulnerability with `include_group_label_in_selected: true`", ->
tmpl = "
<select>
<option value=''></option>
<optgroup label='</script><script>console.log(1)</script>'>
<option>an xss option</option>
</optgroup>
</select>
"
div = $("<div>").html(tmpl)
select = div.find("select")
select.chosen
include_group_label_in_selected: true
# open the drop
container = div.find(".chosen-container")
container.trigger("mousedown")
xss_option = container.find(".active-result").last()
expect(xss_option.html()).toBe "an xss option"
# trigger the selection of the xss option
xss_option.trigger("mouseup")
# make sure the script tags are escaped correctly
label_html = container.find("a.chosen-single").html()
expect(label_html).toContain('</script><script>console.log(1)</script>')
|
