describe("XSS: OAuth2 authorizationUrl sanitization", () => {
  it("should filter out a javascript URL", () => {
    cy.visit("/?url=/documents/security/xss-oauth2.yaml")
      .window()
      .then(win => {
        let args = null
        const stub = cy.stub(win, "open", (...callArgs) => {
          args = callArgs
        }).as("windowOpen")

        cy.get(".authorize")
          .click()
          .get(".modal-btn.authorize")
          .click()
          .wait(100)
          .then(() => {
            console.log(args)
            expect(args[0]).to.match(/^about:blank/) 
          })

      })
  })
})