fix unit tests

author: Johann-S <johann.servoire@gmail.com> 2018-08-19 17:37:37 +0300
committer: Johann-S <johann.servoire@gmail.com> 2018-08-19 17:57:25 +0300
commit: 9c4c72e31e7316c372ceef9c937ad0cba5ae50e7 (patch)
tree: 00c2e6a121842d956438d2a57173860a8caa0bbc /js
parent: 82890e9bcf1de18dcef62fe3aebc0a574fe9da85 (diff)
6 files changed, 17 insertions, 46 deletions
diff --git a/js/tests/unit/affix.js b/js/tests/unit/affix.js
index b2d596e947..8895ea9dfc 100644
--- a/js/tests/unit/affix.js
+++ b/js/tests/unit/affix.js
@@ -26,7 +26,7 @@ $(function () {
 
   QUnit.test('should return jquery collection containing the element', function (assert) {
     assert.expect(2)
-    var $el = $('<div/>')
+    var $el = $('<div/>').appendTo('#qunit-fixture')
     var $affix = $el.bootstrapAffix()
     assert.ok($affix instanceof $, 'returns jquery collection')
     assert.strictEqual($affix[0], $el[0], 'collection contains element')
@@ -104,19 +104,4 @@ $(function () {
       }, 250)
     }, 250)
   })
-
-  QUnit.test('should raise exception to avoid xss on target', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-
-      var templateHTML = '<div id="affixTarget"></div>'
-      $(templateHTML).appendTo(document.body)
-
-      $('#affixTarget').bootstrapAffix({
-        target: '<img src=1 onerror=\'alert(0)\'>'
-      })
-
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
 })
diff --git a/js/tests/unit/collapse.js b/js/tests/unit/collapse.js
index decad25acd..357000bf9f 100644
--- a/js/tests/unit/collapse.js
+++ b/js/tests/unit/collapse.js
@@ -439,15 +439,4 @@ $(function () {
       })
       .bootstrapCollapse('show')
   })
-
-  QUnit.test('should raise exception to avoid xss on data-parent', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-      $('<a role="button" data-toggle="collapse" data-parent="<img src=1 onerror=\'alert(0)\'>" href="#collapseThree">')
-        .appendTo('#qunit-fixture')
-        .bootstrapCollapse('show')
-        .trigger('click');
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
 })
diff --git a/js/tests/unit/tooltip.js b/js/tests/unit/tooltip.js
index 57c021b61a..1fea20e373 100644
--- a/js/tests/unit/tooltip.js
+++ b/js/tests/unit/tooltip.js
@@ -1321,23 +1321,4 @@ $(function () {
       }
     })
   })
-
-  QUnit.test('should raise exception to avoid xss on data-container', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-      $('<button data-toggle="tooltip" data-container="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
-        .appendTo('#qunit-fixture')
-        .bootstrapTooltip('show')
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
-  QUnit.test('should raise exception to avoid xss on data-viewport', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-      $('<button data-toggle="tooltip" data-viewport="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
-        .appendTo('#qunit-fixture')
-        .bootstrapTooltip('show')
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
 })
diff --git a/js/tests/visual/affix.html b/js/tests/visual/affix.html
index 7b20e78086..630044fa46 100644
--- a/js/tests/visual/affix.html
+++ b/js/tests/visual/affix.html
@@ -54,6 +54,8 @@
 
   <div class="page-header js-page-header">
     <h1>Affix <small>Bootstrap Visual Test</small></h1>
+
+    <div id="affixTarget">Affix target with XSS</div>
   </div>
 
   <div class="col-md-3">
@@ -277,6 +279,14 @@
 <!-- JavaScript Test -->
 <script>
 $(function () {
+  try {
+    $('#affixTarget').bootstrapAffix({
+      target: '<img src=1 onerror=\'alert(0)\'>'
+    })
+  } catch (e) {
+    console.error(e)
+  }
+
   $('.js-affixed-element-top').affix({
     offset: {
       top: $('.js-page-header').outerHeight(true) - 10
diff --git a/js/tests/visual/collapse.html b/js/tests/visual/collapse.html
index bc1b7fe16e..748f54a7c7 100644
--- a/js/tests/visual/collapse.html
+++ b/js/tests/visual/collapse.html
@@ -69,6 +69,10 @@
   <button class="btn" data-toggle="collapse" data-target="<img src=x onerror=alert(0)>">
     Collapse with an XSS
   </button>
+
+  <button class="btn" data-toggle="collapse" data-parent="<img src=1 onerror=\'alert(0)\'>" href="#collapseThree">
+    Collapse with an XSS in data-parent
+  </button>
 </div>
 
 <!-- JavaScript Includes -->
diff --git a/js/tests/visual/tooltip.html b/js/tests/visual/tooltip.html
index 5731ce3e07..e3d6ab8d23 100644
--- a/js/tests/visual/tooltip.html
+++ b/js/tests/visual/tooltip.html
@@ -30,6 +30,8 @@
     <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="top" title="Tooltip on top">Tooltip on top</button>
     <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom">Tooltip on bottom</button>
     <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="right" title="Tooltip on right">Tooltip on right</button>
+    <button type="button" class="btn btn-default" data-toggle="tooltip" data-container="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip with XSS on data-container</button>
+    <button type="button" class="btn btn-default" data-toggle="tooltip" data-viewport="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip with XSS on data-viewport</button>
   </p>
 
 </div>
author	Johann-S <johann.servoire@gmail.com>	2018-08-19 17:37:37 +0300
committer	Johann-S <johann.servoire@gmail.com>	2018-08-19 17:57:25 +0300
commit	9c4c72e31e7316c372ceef9c937ad0cba5ae50e7 (patch)
tree	00c2e6a121842d956438d2a57173860a8caa0bbc /js
parent	82890e9bcf1de18dcef62fe3aebc0a574fe9da85 (diff)