Skip to content
Browse files

Test to check for a9f95e5 XSS injection.

  • Loading branch information...
1 parent bba6709 commit 9b9611f2a8525e517dd013d38f23476f073b400a @peterbraden peterbraden committed
Showing with 27 additions and 0 deletions.
  1. +27 −0 test/test.js
View
27 test/test.js
@@ -378,6 +378,33 @@ asyncTest("Subsequent prevent default should work", function(){
})
+
+asyncTest('ensure code in hash is not executed (see commit a9f95e5885a9e)', function(){
+ setTimeout(function(){
+ var called = 0
+
+ //place a function in the global namespace, this one should get called by the injected code
+ window.omg = function(){
+ called++;
+ };
+
+ $.address.change(function(){
+ equal(called, 0);
+
+ $.address.value('/');
+ delete window.omg;
+
+ start();
+ });
+
+ //change the hash
+ window.location.hash = "'-window.top.omg(1)-'";
+ }, 100)
+
+
+})
+
+
setTimeout(function() {
$.address.value('/');
}, 30000);

0 comments on commit 9b9611f

Please sign in to comment.
Something went wrong with that request. Please try again.