0
0
mirror of https://github.com/twbs/bootstrap.git synced 2025-01-18 10:52:19 +01:00

getSelectorFromElement return null on bad selectors (#27912)

This commit is contained in:
Johann-S 2018-12-23 13:30:35 +01:00 committed by XhmikosR
parent 7d5cb2df3a
commit 3bd9fb3649
3 changed files with 32 additions and 32 deletions

View File

@ -82,7 +82,11 @@ const Util = {
selector = hrefAttr && hrefAttr !== '#' ? hrefAttr.trim() : '' selector = hrefAttr && hrefAttr !== '#' ? hrefAttr.trim() : ''
} }
return selector && document.querySelector(selector) ? selector : null try {
return document.querySelector(selector) ? selector : null
} catch (err) {
return null
}
}, },
getTransitionDurationFromElement(element) { getTransitionDurationFromElement(element) {

View File

@ -619,22 +619,20 @@ $(function () {
assert.expect(1) assert.expect(1)
var done = assert.async() var done = assert.async()
try {
var $toggleBtn = $('<button data-toggle="modal" data-target="&lt;div id=&quot;modal-test&quot;&gt;&lt;div class=&quot;contents&quot;&lt;div&lt;div id=&quot;close&quot; data-dismiss=&quot;modal&quot;/&gt;&lt;/div&gt;&lt;/div&gt;"/>') var $toggleBtn = $('<button data-toggle="modal" data-target="&lt;div id=&quot;modal-test&quot;&gt;&lt;div class=&quot;contents&quot;&lt;div&lt;div id=&quot;close&quot; data-dismiss=&quot;modal&quot;/&gt;&lt;/div&gt;&lt;/div&gt;"/>')
.appendTo('#qunit-fixture') .appendTo('#qunit-fixture')
$toggleBtn.trigger('click') $toggleBtn.trigger('click')
} catch (e) { setTimeout(function () {
assert.strictEqual($('#modal-test').length, 0, 'target has not been parsed and added to the document') assert.strictEqual($('#modal-test').length, 0, 'target has not been parsed and added to the document')
done() done()
} }, 0)
}) })
QUnit.test('should not execute js from target', function (assert) { QUnit.test('should not execute js from target', function (assert) {
assert.expect(0) assert.expect(0)
var done = assert.async() var done = assert.async()
try {
// This toggle button contains XSS payload in its data-target // This toggle button contains XSS payload in its data-target
// Note: it uses the onerror handler of an img element to execute the js, because a simple script element does not work here // Note: it uses the onerror handler of an img element to execute the js, because a simple script element does not work here
// a script element works in manual tests though, so here it is likely blocked by the qunit framework // a script element works in manual tests though, so here it is likely blocked by the qunit framework
@ -650,9 +648,8 @@ $(function () {
.appendTo('#qunit-fixture') .appendTo('#qunit-fixture')
$toggleBtn.trigger('click') $toggleBtn.trigger('click')
} catch (e) {
done() setTimeout(done, 500)
}
}) })
QUnit.test('should not try to open a modal which is already visible', function (assert) { QUnit.test('should not try to open a modal which is already visible', function (assert) {

View File

@ -20,17 +20,16 @@ $(function () {
assert.strictEqual(Util.getSelectorFromElement($el2[0]), null) assert.strictEqual(Util.getSelectorFromElement($el2[0]), null)
}) })
QUnit.test('Util.getSelectorFromElement should throw error when there is a bad selector', function (assert) { QUnit.test('Util.getSelectorFromElement should return null when there is a bad selector', function (assert) {
assert.expect(2) assert.expect(2)
var $el = $('<div data-target="#1"></div>').appendTo($('#qunit-fixture')) var $el = $('<div data-target="#1"></div>').appendTo($('#qunit-fixture'))
try { assert.strictEqual(Util.getSelectorFromElement($el[0]), null)
assert.ok(true, 'trying to use a bad selector')
Util.getSelectorFromElement($el[0]) var $el2 = $('<a href="/posts"></a>').appendTo($('#qunit-fixture'))
} catch (e) {
assert.ok(e instanceof DOMException) assert.strictEqual(Util.getSelectorFromElement($el2[0]), null)
}
}) })
QUnit.test('Util.typeCheckConfig should thrown an error when a bad config is passed', function (assert) { QUnit.test('Util.typeCheckConfig should thrown an error when a bad config is passed', function (assert) {