| 809 | } |
| 810 | |
| 811 | func Test_Router_NotFound_HTML_Inject(t *testing.T) { |
| 812 | t.Parallel() |
| 813 | app := New() |
| 814 | app.Use(func(c Ctx) error { |
| 815 | return c.Next() |
| 816 | }) |
| 817 | appHandler := app.Handler() |
| 818 | c := &fasthttp.RequestCtx{} |
| 819 | |
| 820 | c.Request.Header.SetMethod("DELETE") |
| 821 | c.URI().SetPath("/does/not/exist<script>alert('foo');</script>") |
| 822 | |
| 823 | appHandler(c) |
| 824 | |
| 825 | require.Equal(t, 404, c.Response.StatusCode()) |
| 826 | require.Equal(t, "Not Found", string(c.Response.Body())) |
| 827 | } |
| 828 | |
| 829 | func registerTreeManipulationRoutes(app *App, middleware ...func(Ctx) error) { |
| 830 | converted := make([]any, len(middleware)) |