MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pr comments

This commit is contained in:
Martin McKeaveney 2024-10-07 17:42:35 +01:00
parent 809d292669
commit 1e6a7b66e8
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
packages/server/src/sdk/app/rows/tests/utils.spec.ts
View File

@ -8,7 +8,7 @@ import {
import { generateTableID } from "../../../../db/utils" import { generateTableID } from "../../../../db/utils"
import { validate } from "../utils" import { validate } from "../utils"
import { generator } from "@budibase/backend-core/tests" import { generator } from "@budibase/backend-core/tests"
import environment from "../../../../environment" import { withEnv } from "../../../../environment"
describe("validate", () => { describe("validate", () => {
const hour = () => generator.hour().toString().padStart(2, "0") const hour = () => generator.hour().toString().padStart(2, "0")
@ -364,15 +364,15 @@ describe("validate", () => {
"/* This is a comment */ SELECT * FROM users", "/* This is a comment */ SELECT * FROM users",
'<iframe src="http://malicious-site.com"></iframe>', '<iframe src="http://malicious-site.com"></iframe>',
])("test potentially unsafe input: %s", async input => { ])("test potentially unsafe input: %s", async input => {
environment.XSS_SAFE_MODE = true withEnv({ XSS_SAFE_MODE: "1" }, async () => {
const table = getTable() const table = getTable()
const row = { text: input } const row = { text: input }
const output = await validate({ source: table, row }) const output = await validate({ source: table, row })
expect(output.valid).toBe(false) expect(output.valid).toBe(false)
expect(output.errors).toBe([ expect(output.errors).toStrictEqual({
"Input not sanitised - potentially vulnerable to XSS", text: ["Input not sanitised - potentially vulnerable to XSS"],
]) })
environment.XSS_SAFE_MODE = false })
}) })
}) })
}) })