mirror of
https://github.com/twbs/bootstrap.git
synced 2025-01-18 10:52:19 +01:00
fix unit tests
This commit is contained in:
Johann-S
parent
82890e9bcf
commit
9c4c72e31e
@ -26,7 +26,7 @@ $(function () {
|
|||||||
|
|
||||||
QUnit.test('should return jquery collection containing the element', function (assert) {
|
QUnit.test('should return jquery collection containing the element', function (assert) {
|
||||||
assert.expect(2)
|
assert.expect(2)
|
||||||
var $el = $('<div/>')
|
var $el = $('<div/>').appendTo('#qunit-fixture')
|
||||||
var $affix = $el.bootstrapAffix()
|
var $affix = $el.bootstrapAffix()
|
||||||
assert.ok($affix instanceof $, 'returns jquery collection')
|
assert.ok($affix instanceof $, 'returns jquery collection')
|
||||||
assert.strictEqual($affix[0], $el[0], 'collection contains element')
|
assert.strictEqual($affix[0], $el[0], 'collection contains element')
|
||||||
@ -104,19 +104,4 @@ $(function () {
|
|||||||
}, 250)
|
}, 250)
|
||||||
}, 250)
|
}, 250)
|
||||||
})
|
})
|
||||||
|
|
||||||
QUnit.test('should raise exception to avoid xss on target', function (assert) {
|
|
||||||
assert.expect(1)
|
|
||||||
assert.throws(function () {
|
|
||||||
|
|
||||||
var templateHTML = '<div id="affixTarget"></div>'
|
|
||||||
$(templateHTML).appendTo(document.body)
|
|
||||||
|
|
||||||
$('#affixTarget').bootstrapAffix({
|
|
||||||
target: '<img src=1 onerror=\'alert(0)\'>'
|
|
||||||
})
|
|
||||||
|
|
||||||
}, new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
|
|
||||||
})
|
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|||||||
@ -439,15 +439,4 @@ $(function () {
|
|||||||
})
|
})
|
||||||
.bootstrapCollapse('show')
|
.bootstrapCollapse('show')
|
||||||
})
|
})
|
||||||
|
|
||||||
QUnit.test('should raise exception to avoid xss on data-parent', function (assert) {
|
|
||||||
assert.expect(1)
|
|
||||||
assert.throws(function () {
|
|
||||||
$('<a role="button" data-toggle="collapse" data-parent="<img src=1 onerror=\'alert(0)\'>" href="#collapseThree">')
|
|
||||||
.appendTo('#qunit-fixture')
|
|
||||||
.bootstrapCollapse('show')
|
|
||||||
.trigger('click');
|
|
||||||
}, new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
|
|
||||||
})
|
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|||||||
@ -1321,23 +1321,4 @@ $(function () {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
QUnit.test('should raise exception to avoid xss on data-container', function (assert) {
|
|
||||||
assert.expect(1)
|
|
||||||
assert.throws(function () {
|
|
||||||
$('<button data-toggle="tooltip" data-container="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
|
|
||||||
.appendTo('#qunit-fixture')
|
|
||||||
.bootstrapTooltip('show')
|
|
||||||
}, new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
|
|
||||||
})
|
|
||||||
|
|
||||||
QUnit.test('should raise exception to avoid xss on data-viewport', function (assert) {
|
|
||||||
assert.expect(1)
|
|
||||||
assert.throws(function () {
|
|
||||||
$('<button data-toggle="tooltip" data-viewport="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
|
|
||||||
.appendTo('#qunit-fixture')
|
|
||||||
.bootstrapTooltip('show')
|
|
||||||
}, new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
|
|
||||||
})
|
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|||||||
@ -54,6 +54,8 @@
|
|||||||
|
|
||||||
<div class="page-header js-page-header">
|
<div class="page-header js-page-header">
|
||||||
<h1>Affix <small>Bootstrap Visual Test</small></h1>
|
<h1>Affix <small>Bootstrap Visual Test</small></h1>
|
||||||
|
|
||||||
|
<div id="affixTarget">Affix target with XSS</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="col-md-3">
|
<div class="col-md-3">
|
||||||
@ -277,6 +279,14 @@
|
|||||||
<!-- JavaScript Test -->
|
<!-- JavaScript Test -->
|
||||||
<script>
|
<script>
|
||||||
$(function () {
|
$(function () {
|
||||||
|
try {
|
||||||
|
$('#affixTarget').bootstrapAffix({
|
||||||
|
target: '<img src=1 onerror=\'alert(0)\'>'
|
||||||
|
})
|
||||||
|
} catch (e) {
|
||||||
|
console.error(e)
|
||||||
|
}
|
||||||
|
|
||||||
$('.js-affixed-element-top').affix({
|
$('.js-affixed-element-top').affix({
|
||||||
offset: {
|
offset: {
|
||||||
top: $('.js-page-header').outerHeight(true) - 10
|
top: $('.js-page-header').outerHeight(true) - 10
|
||||||
|
|||||||
@ -69,6 +69,10 @@
|
|||||||
<button class="btn" data-toggle="collapse" data-target="<img src=x onerror=alert(0)>">
|
<button class="btn" data-toggle="collapse" data-target="<img src=x onerror=alert(0)>">
|
||||||
Collapse with an XSS
|
Collapse with an XSS
|
||||||
</button>
|
</button>
|
||||||
|
|
||||||
|
<button class="btn" data-toggle="collapse" data-parent="<img src=1 onerror=\'alert(0)\'>" href="#collapseThree">
|
||||||
|
Collapse with an XSS in data-parent
|
||||||
|
</button>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- JavaScript Includes -->
|
<!-- JavaScript Includes -->
|
||||||
|
|||||||
@ -30,6 +30,8 @@
|
|||||||
<button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="top" title="Tooltip on top">Tooltip on top</button>
|
<button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="top" title="Tooltip on top">Tooltip on top</button>
|
||||||
<button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom">Tooltip on bottom</button>
|
<button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom">Tooltip on bottom</button>
|
||||||
<button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="right" title="Tooltip on right">Tooltip on right</button>
|
<button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="right" title="Tooltip on right">Tooltip on right</button>
|
||||||
|
<button type="button" class="btn btn-default" data-toggle="tooltip" data-container="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip with XSS on data-container</button>
|
||||||
|
<button type="button" class="btn btn-default" data-toggle="tooltip" data-viewport="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip with XSS on data-viewport</button>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user