[Backport 2.x] [workspace]feat: add a unit test case to indicate Reac…

…t is anti-xss (#7718) * [workspace]feat: add a unit test case to indicate React is anti-xss (#7699) * feat: add a unit test case to indicate React is anti-xss Signed-off-by: SuZhou-Joe <[email protected]> * Changeset file for PR #7699 created/updated --------- Signed-off-by: SuZhou-Joe <[email protected]> Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com> (cherry picked from commit 9195f97) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * feat: remove name field Signed-off-by: SuZhou-Joe <[email protected]> --------- Signed-off-by: SuZhou-Joe <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com> Co-authored-by: SuZhou-Joe <[email protected]>
opensearch-project · Aug 19, 2024 · f6d8e1c · f6d8e1c
1 parent f1f14c9
commit f6d8e1c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/changelogs/fragments/7699.yml b/changelogs/fragments/7699.yml
@@ -0,0 +1,2 @@
+feat:
+- Add a unit test case to indicate React is anti-xss ([#7699](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/7699))
diff --git a/src/plugins/workspace/public/components/workspace_detail/workspace_detail.test.tsx b/src/plugins/workspace/public/components/workspace_detail/workspace_detail.test.tsx
@@ -120,4 +120,17 @@ describe('WorkspaceDetail', () => {
       expect(screen.queryByText('Enter details')).not.toBeNull();
     });
   });
+
+  it('will not render xss content', async () => {
+    const alertSpy = jest.spyOn(window, 'alert').mockImplementation(() => {});
+    const workspaceService = createWorkspacesSetupContractMockWithValue({
+      ...workspaceObject,
+      name: '<script>alert("name")</script>',
+      description: '<script>alert("description")</script>',
+    });
+    const { getByText } = render(WorkspaceDetailPage({ workspacesService: workspaceService }));
+    expect(getByText('<script>alert("description")</script>')).toBeInTheDocument();
+    expect(alertSpy).toBeCalledTimes(0);
+    alertSpy.mockRestore();
+  });
 });