frontend: disabled button while processing password reset

2025-02-28 08:51:35 +01:00
parent 8137f121ed
commit 9c9430ca9c
92 changed files with 37 additions and 17 deletions
--- a/go-backend/internal/controllers/XSS_test.go
+++ b/go-backend/internal/controllers/XSS_test.go
@@ -0,0 +1,31 @@
+package controllers
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+)
+
+func testXSSAttempt(t *testing.T) {
+	gin.SetMode(gin.TestMode)
+	router := gin.New()
+	router.POST("/register", Uc.RegisterUser)
+
+	xssPayload := "<script>alert('XSS')</script>"
+	user := getBaseUser()
+	user.FirstName = xssPayload
+	user.Email = "user@xss.hack"
+	jsonData, _ := json.Marshal(RegistrationData{User: user})
+	req, _ := http.NewRequest("POST", "/register", bytes.NewBuffer(jsonData))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	router.ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusBadRequest, w.Code)
+	assert.NotContains(t, w.Body.String(), xssPayload)
+}