mermaid/cypress/platform/xss3.html

<html>
  <head>
    <link href="https://fonts.googleapis.com/css?family=Montserrat&display=swap" rel="stylesheet" />
    <style>
      .malware {
        position: fixed;
        bottom: 0;
        left: 0;
        right: 0;
        height: 150px;
        background: red;
        color: black;
        display: flex;
        display: flex;
        justify-content: center;
        align-items: center;
        font-family: monospace;
        font-size: 72px;
      }
    </style>
    <script>
      function xssAttack() {
        const div = document.createElement('div');
        div.id = 'the-malware';
        div.className = 'malware';
        div.innerHTML = 'XSS Succeeded';
        document.getElementsByTagName('body')[0].appendChild(div);
        throw new Error('XSS Succeeded');
      }
    </script>
  </head>
  <body>
    <pre class="mermaid">
      <!-- prettier-ignore -->
      %%{init: { 'fontFamily': '\"></style><img src=x onerror=xssAttack()>'} }%%
      graph LR
          A --> B
    </pre>
    <script type="module">
      import mermaid from './mermaid.esm.mjs';
      mermaid.initialize({
        startOnLoad: true,
        useMaxWidth: true,
      });
      let cnt = 0;
      let a;
      const handler = setInterval(() => {
        cnt++;
        a = {};
        if (typeof a.polluted !== 'undefined') {
          clearInterval(handler);
          xssAttack();
        }
        if (cnt > 20) {
          clearInterval(handler);
        }
      }, 100);
    </script>
  </body>
</html>
#1940 Fix 2021-03-11 20:57:45 +01:00			`<html>`
			`<head>`
fix #3407 Replace `div` with `pre` and format 2022-09-04 21:18:36 +02:00			`<link href="https://fonts.googleapis.com/css?family=Montserrat&display=swap" rel="stylesheet" />`
#1940 Fix 2021-03-11 20:57:45 +01:00			`<style>`
			`.malware {`
			`position: fixed;`
fix #3407 Replace `div` with `pre` and format 2022-09-04 21:18:36 +02:00			`bottom: 0;`
			`left: 0;`
			`right: 0;`
#1940 Fix 2021-03-11 20:57:45 +01:00			`height: 150px;`
			`background: red;`
			`color: black;`
			`display: flex;`
			`display: flex;`
			`justify-content: center;`
			`align-items: center;`
			`font-family: monospace;`
			`font-size: 72px;`
			`}`
			`</style>`
			`<script>`
chore: apply linting to html ext too and fixes for files 2021-12-05 00:28:40 +01:00			`function xssAttack() {`
			`const div = document.createElement('div');`
			`div.id = 'the-malware';`
			`div.className = 'malware';`
			`div.innerHTML = 'XSS Succeeded';`
#1940 Fix 2021-03-11 20:57:45 +01:00			`document.getElementsByTagName('body')[0].appendChild(div);`
fix: typo in cypress 2022-06-27 05:29:50 +02:00			`throw new Error('XSS Succeeded');`
#1940 Fix 2021-03-11 20:57:45 +01:00			`}`
			`</script>`
			`</head>`
			`<body>`
fix #3407 Replace `div` with `pre` and format 2022-09-04 21:18:36 +02:00			`<pre class="mermaid">`
			`<!-- prettier-ignore -->`
#1940 Fix 2021-03-11 20:57:45 +01:00			`%%{init: { 'fontFamily': '\"></style><img src=x onerror=xssAttack()>'} }%%`
			`graph LR`
			`A --> B`
fix #3407 Replace `div` with `pre` and format 2022-09-04 21:18:36 +02:00			`</pre>`
Fix E2E Tests 2023-02-19 09:33:11 +01:00			`<script type="module">`
			`import mermaid from './mermaid.esm.mjs';`
#1940 Fix 2021-03-11 20:57:45 +01:00			`mermaid.initialize({`
			`startOnLoad: true,`
			`useMaxWidth: true,`
			`});`
fix: Fix eslint warnings 2022-10-09 16:08:32 +02:00			`let cnt = 0;`
			`let a;`
			`const handler = setInterval(() => {`
#1940 Fix 2021-03-11 20:57:45 +01:00			`cnt++;`
			`a = {};`
chore: apply linting to html ext too and fixes for files 2021-12-05 00:28:40 +01:00			`if (typeof a.polluted !== 'undefined') {`
#1940 Fix 2021-03-11 20:57:45 +01:00			`clearInterval(handler);`
			`xssAttack();`
			`}`
chore: apply linting to html ext too and fixes for files 2021-12-05 00:28:40 +01:00			`if (cnt > 20) {`
#1940 Fix 2021-03-11 20:57:45 +01:00			`clearInterval(handler);`
			`}`
			`}, 100);`
			`</script>`
			`</body>`
			`</html>`