From 89ce930de2cb4c532fec87801b12e62c189625b6 Mon Sep 17 00:00:00 2001
From: Knut Sveidqvist <knut.sveidqvist@ipiccolo.com>
Date: Tue, 7 Dec 2021 22:54:28 +0100
Subject: [PATCH] Adding integration test

---
 cypress/integration/other/xss.spec.js | 5 +++++
 cypress/platform/xss14.html           | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/cypress/integration/other/xss.spec.js b/cypress/integration/other/xss.spec.js
index 911acc71e4..529eee16da 100644
--- a/cypress/integration/other/xss.spec.js
+++ b/cypress/integration/other/xss.spec.js
@@ -105,4 +105,9 @@ describe('XSS', () => {
     cy.wait(1000);
     cy.get('#the-malware').should('not.exist');
   });
+  it('should not allow maniplulating antiscript to run javascript iframes in class diagrams', () => {
+    cy.visit('http://localhost:9000/xss14.html');
+    cy.wait(1000);
+    cy.get('#the-malware').should('not.exist');
+  });
 });
diff --git a/cypress/platform/xss14.html b/cypress/platform/xss14.html
index bc9631a724..f8d1ccb22d 100644
--- a/cypress/platform/xss14.html
+++ b/cypress/platform/xss14.html
@@ -86,7 +86,7 @@
       var diagram = "classDiagram\n"
 diagram += "classA <-- classB : <ifr";
 diagram += "ame/srcdoc='<scr";
-diagram += "ipt>alert(`XSS`)</";
+diagram += "ipt>parent.xssAttack(`XSS`)</";
 diagram += "script>'>";
 
     //   var diagram = "stateDiagram-v2\n";