perplexity/Timmy-time-dashboard
Archived
1
0
Fork 0
forked from Rockachopa/Timmy-time-dashboard
Code Issues Pull Requests 1 Activity
This repository has been archived on 2026-03-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
bb13052da2a72d96f1d0e2f39e52257ba9d2e4e4
Timmy-time-dashboard/tests/test_xss_prevention.py
AlexanderWhitestone bc1be23e23 security: prevent XSS in mobile-test by using textContent
2026-02-25 02:08:02 -05:00

26 lines
1009 B
Python
Raw Blame History

"""Regression tests for XSS prevention in the dashboard."""
import pytest
from fastapi.testclient import TestClient
def test_mobile_test_page_xss_prevention(client: TestClient):
"""
Verify that the mobile-test page uses safer DOM manipulation.
This test checks the template content for the presence of textContent
and proper usage of innerHTML for known safe constants.
"""
response = client.get("/mobile-test")
assert response.status_code == 200
content = response.text
# Check that we are using textContent for dynamic content
assert "textContent =" in content
# Check that we've updated the summaryBody.innerHTML usage to be safer
# or replaced with appendChild/textContent where appropriate.
# The fix uses innerHTML with template literals for structural parts
# but textContent for data parts.
assert "summaryBody.innerHTML = '';" in content
assert "p.textContent =" in content
assert "statusMsg.textContent =" in content
Reference in New Issue View Git Blame Copy Permalink