diff options
author | Johann-S <johann.servoire@gmail.com> | 2018-12-23 15:30:35 +0300 |
---|---|---|
committer | XhmikosR <xhmikosr@gmail.com> | 2018-12-23 15:30:35 +0300 |
commit | 3bd9fb3649a233f0a0c26b8a6cb5209d220a7528 (patch) | |
tree | 390db50e54653a5a7ce3e3b298f135cdcff35ad9 /js | |
parent | 7d5cb2df3ad1d3438c0753c78203bca54f28d5a8 (diff) |
getSelectorFromElement return null on bad selectors (#27912)
Diffstat (limited to 'js')
-rw-r--r-- | js/src/util.js | 6 | ||||
-rw-r--r-- | js/tests/unit/modal.js | 45 | ||||
-rw-r--r-- | js/tests/unit/util.js | 13 |
3 files changed, 32 insertions, 32 deletions
diff --git a/js/src/util.js b/js/src/util.js index 0d434c4c51..c3e23e8174 100644 --- a/js/src/util.js +++ b/js/src/util.js @@ -82,7 +82,11 @@ const Util = { selector = hrefAttr && hrefAttr !== '#' ? hrefAttr.trim() : '' } - return selector && document.querySelector(selector) ? selector : null + try { + return document.querySelector(selector) ? selector : null + } catch (err) { + return null + } }, getTransitionDurationFromElement(element) { diff --git a/js/tests/unit/modal.js b/js/tests/unit/modal.js index 782a86eea0..4d7682aaa7 100644 --- a/js/tests/unit/modal.js +++ b/js/tests/unit/modal.js @@ -619,40 +619,37 @@ $(function () { assert.expect(1) var done = assert.async() - try { - var $toggleBtn = $('<button data-toggle="modal" data-target="<div id="modal-test"><div class="contents"<div<div id="close" data-dismiss="modal"/></div></div>"/>') - .appendTo('#qunit-fixture') + var $toggleBtn = $('<button data-toggle="modal" data-target="<div id="modal-test"><div class="contents"<div<div id="close" data-dismiss="modal"/></div></div>"/>') + .appendTo('#qunit-fixture') - $toggleBtn.trigger('click') - } catch (e) { + $toggleBtn.trigger('click') + setTimeout(function () { assert.strictEqual($('#modal-test').length, 0, 'target has not been parsed and added to the document') done() - } + }, 0) }) QUnit.test('should not execute js from target', function (assert) { assert.expect(0) var done = assert.async() - try { - // This toggle button contains XSS payload in its data-target - // Note: it uses the onerror handler of an img element to execute the js, because a simple script element does not work here - // a script element works in manual tests though, so here it is likely blocked by the qunit framework - var $toggleBtn = $('<button data-toggle="modal" data-target="<div><image src="missing.png" onerror="$('#qunit-fixture button.control').trigger('click')"></div>"/>') - .appendTo('#qunit-fixture') - // The XSS payload above does not have a closure over this function and cannot access the assert object directly - // However, it can send a click event to the following control button, which will then fail the assert - $('<button>') - .addClass('control') - .on('click', function () { - assert.notOk(true, 'XSS payload is not executed as js') - }) - .appendTo('#qunit-fixture') + // This toggle button contains XSS payload in its data-target + // Note: it uses the onerror handler of an img element to execute the js, because a simple script element does not work here + // a script element works in manual tests though, so here it is likely blocked by the qunit framework + var $toggleBtn = $('<button data-toggle="modal" data-target="<div><image src="missing.png" onerror="$('#qunit-fixture button.control').trigger('click')"></div>"/>') + .appendTo('#qunit-fixture') + // The XSS payload above does not have a closure over this function and cannot access the assert object directly + // However, it can send a click event to the following control button, which will then fail the assert + $('<button>') + .addClass('control') + .on('click', function () { + assert.notOk(true, 'XSS payload is not executed as js') + }) + .appendTo('#qunit-fixture') - $toggleBtn.trigger('click') - } catch (e) { - done() - } + $toggleBtn.trigger('click') + + setTimeout(done, 500) }) QUnit.test('should not try to open a modal which is already visible', function (assert) { diff --git a/js/tests/unit/util.js b/js/tests/unit/util.js index cb93831433..858fee6f4d 100644 --- a/js/tests/unit/util.js +++ b/js/tests/unit/util.js @@ -20,17 +20,16 @@ $(function () { assert.strictEqual(Util.getSelectorFromElement($el2[0]), null) }) - QUnit.test('Util.getSelectorFromElement should throw error when there is a bad selector', function (assert) { + QUnit.test('Util.getSelectorFromElement should return null when there is a bad selector', function (assert) { assert.expect(2) var $el = $('<div data-target="#1"></div>').appendTo($('#qunit-fixture')) - try { - assert.ok(true, 'trying to use a bad selector') - Util.getSelectorFromElement($el[0]) - } catch (e) { - assert.ok(e instanceof DOMException) - } + assert.strictEqual(Util.getSelectorFromElement($el[0]), null) + + var $el2 = $('<a href="/posts"></a>').appendTo($('#qunit-fixture')) + + assert.strictEqual(Util.getSelectorFromElement($el2[0]), null) }) QUnit.test('Util.typeCheckConfig should thrown an error when a bad config is passed', function (assert) { |