pen-test-package 1.0.1

package/.babelrc

@@ -0,0 +1,4 @@
+{
+  "presets": ["@babel/preset-env", "@babel/preset-react"]
+}
+

package/lib/Button.js

@@ -0,0 +1,21 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports["default"] = void 0;
+var _react = _interopRequireDefault(require("react"));
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { "default": obj }; }
+// src/Button.js
+
+function createMarkup() {
+  return {
+    __html: '<img src=x onerror=alert(1) />'
+  };
+}
+function Button() {
+  return /*#__PURE__*/_react["default"].createElement("div", {
+    dangerouslySetInnerHTML: createMarkup()
+  });
+}
+var _default = exports["default"] = Button;

package/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "pen-test-package",
+  "version": "1.0.1",
+  "description": "",
+  "main": "lib/Button.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "peerDependencies": {
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0"
+  },
+  "devDependencies": {
+    "@babel/cli": "^7.23.0",
+    "@babel/preset-env": "^7.22.20",
+    "@babel/preset-react": "^7.22.15"
+  }
+}

package/src/Button.js

@@ -0,0 +1,13 @@
+// src/Button.js
+import React from 'react';
+
+function createMarkup() {
+  return {__html: '<img src=x onerror=alert(1) />'};
+}
+
+function Button() {
+  return <div dangerouslySetInnerHTML={createMarkup()} />;
+}
+
+export default Button;
+