xss mitigation & test
This commit is contained in:
$(pass /github/name)
31
internal/controllers/XSS_test.go
Normal file
31
internal/controllers/XSS_test.go
Normal file
@@ -0,0 +1,31 @@
|
||||
package controllers
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func testXSSAttempt(t *testing.T) {
|
||||
gin.SetMode(gin.TestMode)
|
||||
router := gin.New()
|
||||
router.POST("/register", Uc.RegisterUser)
|
||||
|
||||
xssPayload := "<script>alert('XSS')</script>"
|
||||
user := getBaseUser()
|
||||
user.FirstName = xssPayload
|
||||
user.Email = "user@xss.hack"
|
||||
jsonData, _ := json.Marshal(RegistrationData{User: user})
|
||||
req, _ := http.NewRequest("POST", "/register", bytes.NewBuffer(jsonData))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
w := httptest.NewRecorder()
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
assert.Equal(t, http.StatusNotAcceptable, w.Code)
|
||||
assert.NotContains(t, w.Body.String(), xssPayload)
|
||||
}
|
||||
Reference in New Issue
Block a user