From 04a06eb6b5b5813b4ec630fc1451b1734fbb22fc Mon Sep 17 00:00:00 2001
From: David Dworken <david@daviddworken.com>
Date: Tue, 17 Oct 2017 23:39:33 -0400
Subject: Added scanning for CSS injection and iframe injection

---
 test/examples/test_xss_scanner.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'test/examples/test_xss_scanner.py')

diff --git a/test/examples/test_xss_scanner.py b/test/examples/test_xss_scanner.py
index 14ee6902..e15d7e10 100644
--- a/test/examples/test_xss_scanner.py
+++ b/test/examples/test_xss_scanner.py
@@ -314,7 +314,13 @@ class TestXSSScanner():
         assert logger.args == []
         xss.find_unclaimed_URLs("<html><script src=\"http://unclaimedDomainName.com\"></script></html>",
                                 "https://example.com")
-        assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com" in script tag.'
+        assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
+        xss.find_unclaimed_URLs("<html><iframe src=\"http://unclaimedDomainName.com\"></iframe></html>",
+                                "https://example.com")
+        assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
+        xss.find_unclaimed_URLs("<html><link rel=\"stylesheet\" href=\"http://unclaimedDomainName.com\"></html>",
+                                "https://example.com")
+        assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
 
     def test_log_XSS_data(self, monkeypatch, logger):
         logger.args = []
-- 
cgit v1.2.3