test_init_oauth_html_chars_are_escaped

Sort Score
Num 10 results
Language All

Results 1 - 1 of 1 for test_init_oauth_html_chars_are_escaped (0.14 seconds)

tests/test_swagger_ui_escape.py

from fastapi.openapi.docs import get_swagger_ui_html


def test_init_oauth_html_chars_are_escaped():
    xss_payload = "Evil</script><script>alert(1)</script>"
    html = get_swagger_ui_html(
        openapi_url="/openapi.json",
        title="Test",
        init_oauth={"appName": xss_payload},
    )
    body = html.body.decode()

    assert "</script><script>" not in body
    assert "\\u003c/script\\u003e\\u003cscript\\u003e" in body

Created: Sun Apr 05 07:19:11 GMT 2026

- Last Modified: Tue Feb 24 09:28:10 GMT 2026

- 1.1K bytes

- Click Count (0)

Search Options

tests/test_swagger_ui_escape.py