admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 10:31:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Prevent XSS in user update endpoints (#10338)

Browse Source
This commit is contained in:
Iván Ovejero
2024-08-12 10:06:15 +02:00
committed by GitHub
parent 4f392b5e3e
commit 78984986a6
3 changed files with 69 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
packages/cli/src/controllers/__tests__/me.controller.test.ts
View File

@@ -225,6 +225,26 @@ describe('MeController', () => {
new BadRequestError('Personalization answers are mandatory'),
);
});
it('should throw BadRequestError on XSS attempt', async () => {
const req = mock<MeRequest.SurveyAnswers>({
body: { 'test-answer': '<script>alert("XSS")</script>' },
});
await expect(controller.storeSurveyAnswers(req)).rejects.toThrowError(BadRequestError);
});
});
describe('updateCurrentUserSettings', () => {
it('should throw BadRequestError on XSS attempt', async () => {
const req = mock<AuthenticatedRequest>({
body: {
userActivated: '<script>alert("XSS")</script>',
},
});
await expect(controller.updateCurrentUserSettings(req)).rejects.toThrowError(BadRequestError);
});
});
describe('API Key methods', () => {