diff options
author | Johann-S <johann.servoire@gmail.com> | 2018-09-12 11:08:39 +0300 |
---|---|---|
committer | Johann-S <johann.servoire@gmail.com> | 2018-09-13 23:13:36 +0300 |
commit | a689120fd2af44bfb317f899b42037c46bfcd2fe (patch) | |
tree | d7eb34da370314588d296221a3683e6156046d80 /js/tests/unit | |
parent | 9efed8252249065b7903731d3a2b578df89d2ce0 (diff) |
throw error when folks try to use a bad selector
Diffstat (limited to 'js/tests/unit')
-rw-r--r-- | js/tests/unit/dropdown.js | 24 | ||||
-rw-r--r-- | js/tests/unit/modal.js | 46 | ||||
-rw-r--r-- | js/tests/unit/tab.js | 8 | ||||
-rw-r--r-- | js/tests/unit/util.js | 13 |
4 files changed, 42 insertions, 49 deletions
diff --git a/js/tests/unit/dropdown.js b/js/tests/unit/dropdown.js index 81d35ff3a7..40489c5f2c 100644 --- a/js/tests/unit/dropdown.js +++ b/js/tests/unit/dropdown.js @@ -216,30 +216,6 @@ $(function () { $dropdown.trigger('click') }) - QUnit.test('should test if element has a # before assuming it\'s a selector', function (assert) { - assert.expect(1) - var done = assert.async() - var dropdownHTML = '<div class="tabs">' + - '<div class="dropdown">' + - '<a href="/foo/" class="dropdown-toggle" data-toggle="dropdown">Dropdown</a>' + - '<div class="dropdown-menu">' + - '<a class="dropdown-item" href="#">Secondary link</a>' + - '<a class="dropdown-item" href="#">Something else here</a>' + - '<div class="divider"/>' + - '<a class="dropdown-item" href="#">Another link</a>' + - '</div>' + - '</div>' + - '</div>' - var $dropdown = $(dropdownHTML).find('[data-toggle="dropdown"]').bootstrapDropdown() - $dropdown - .parent('.dropdown') - .on('shown.bs.dropdown', function () { - assert.ok($dropdown.parent('.dropdown').hasClass('show'), '"show" class added on click') - done() - }) - $dropdown.trigger('click') - }) - QUnit.test('should remove "show" class if body is clicked', function (assert) { assert.expect(2) var done = assert.async() diff --git a/js/tests/unit/modal.js b/js/tests/unit/modal.js index 53a2e04167..914366ae22 100644 --- a/js/tests/unit/modal.js +++ b/js/tests/unit/modal.js @@ -607,36 +607,40 @@ $(function () { assert.expect(1) var done = assert.async() - var $toggleBtn = $('<button data-toggle="modal" data-target="<div id="modal-test"><div class="contents"<div<div id="close" data-dismiss="modal"/></div></div>"/>') - .appendTo('#qunit-fixture') + try { + var $toggleBtn = $('<button data-toggle="modal" data-target="<div id="modal-test"><div class="contents"<div<div id="close" data-dismiss="modal"/></div></div>"/>') + .appendTo('#qunit-fixture') - $toggleBtn.trigger('click') - setTimeout(function () { + $toggleBtn.trigger('click') + } catch (e) { assert.strictEqual($('#modal-test').length, 0, 'target has not been parsed and added to the document') done() - }, 1) + } }) QUnit.test('should not execute js from target', function (assert) { assert.expect(0) var done = assert.async() - // This toggle button contains XSS payload in its data-target - // Note: it uses the onerror handler of an img element to execute the js, because a simple script element does not work here - // a script element works in manual tests though, so here it is likely blocked by the qunit framework - var $toggleBtn = $('<button data-toggle="modal" data-target="<div><image src="missing.png" onerror="$('#qunit-fixture button.control').trigger('click')"></div>"/>') - .appendTo('#qunit-fixture') - // The XSS payload above does not have a closure over this function and cannot access the assert object directly - // However, it can send a click event to the following control button, which will then fail the assert - $('<button>') - .addClass('control') - .on('click', function () { - assert.notOk(true, 'XSS payload is not executed as js') - }) - .appendTo('#qunit-fixture') - - $toggleBtn.trigger('click') - setTimeout(done, 500) + try { + // This toggle button contains XSS payload in its data-target + // Note: it uses the onerror handler of an img element to execute the js, because a simple script element does not work here + // a script element works in manual tests though, so here it is likely blocked by the qunit framework + var $toggleBtn = $('<button data-toggle="modal" data-target="<div><image src="missing.png" onerror="$('#qunit-fixture button.control').trigger('click')"></div>"/>') + .appendTo('#qunit-fixture') + // The XSS payload above does not have a closure over this function and cannot access the assert object directly + // However, it can send a click event to the following control button, which will then fail the assert + $('<button>') + .addClass('control') + .on('click', function () { + assert.notOk(true, 'XSS payload is not executed as js') + }) + .appendTo('#qunit-fixture') + + $toggleBtn.trigger('click') + } catch (e) { + done() + } }) QUnit.test('should not try to open a modal which is already visible', function (assert) { diff --git a/js/tests/unit/tab.js b/js/tests/unit/tab.js index c70e0d1c96..e28ca83a75 100644 --- a/js/tests/unit/tab.js +++ b/js/tests/unit/tab.js @@ -186,8 +186,8 @@ $(function () { '<ul class="drop nav">' + ' <li class="dropdown"><a data-toggle="dropdown" href="#">1</a>' + ' <ul class="dropdown-menu nav">' + - ' <li><a href="#1-1" data-toggle="tab">1-1</a></li>' + - ' <li><a href="#1-2" data-toggle="tab">1-2</a></li>' + + ' <li><a href="#a1-1" data-toggle="tab">1-1</a></li>' + + ' <li><a href="#a1-2" data-toggle="tab">1-2</a></li>' + ' </ul>' + ' </li>' + '</ul>' @@ -198,10 +198,10 @@ $(function () { .end() .find('ul > li:last-child a') .on('show.bs.tab', function (e) { - assert.strictEqual(e.relatedTarget.hash, '#1-1', 'references correct element as relatedTarget') + assert.strictEqual(e.relatedTarget.hash, '#a1-1', 'references correct element as relatedTarget') }) .on('shown.bs.tab', function (e) { - assert.strictEqual(e.relatedTarget.hash, '#1-1', 'references correct element as relatedTarget') + assert.strictEqual(e.relatedTarget.hash, '#a1-1', 'references correct element as relatedTarget') done() }) .bootstrapTab('show') diff --git a/js/tests/unit/util.js b/js/tests/unit/util.js index 37327b8681..768afc8fe5 100644 --- a/js/tests/unit/util.js +++ b/js/tests/unit/util.js @@ -20,6 +20,19 @@ $(function () { assert.strictEqual(Util.getSelectorFromElement($el2[0]), null) }) + QUnit.test('Util.getSelectorFromElement should throw error when there is a bad selector', function (assert) { + assert.expect(2) + + var $el = $('<div data-target="#1"></div>').appendTo($('#qunit-fixture')) + + try { + assert.ok(true, 'trying to use a bad selector') + Util.getSelectorFromElement($el[0]) + } catch (e) { + assert.ok(e instanceof DOMException) + } + }) + QUnit.test('Util.typeCheckConfig should thrown an error when a bad config is passed', function (assert) { assert.expect(1) var namePlugin = 'collapse' |