upstream/ipython Files · IPython/html/tests/notebook/inject_js.js

Change $.post to this.post in the kernel js file...

Change $.post to this.post in the kernel js file This makes it easy to override the post function for custom communication requirements. Any replacement function, of course, needs to have the same semantics as $.post.

Jonathan Frederic - - Load All Authors

File last commit:

r15201:029ac024


                r16277:4e3aea89

Download file

             inject_js.js
        
                    23 lines
            
             | 648 B
            
                | application/javascript
            
             |
                JavascriptLexer
            
             / IPython / html / tests / notebook / inject_js.js
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Matthias BUSSONNIER
    
XSS casper test

              r14680
            
      //

      // Test robustness about JS injection in different place

      //

      // This assume malicious document arrive to the frontend.

      //

      casper.notebook_test(function () {

          var messages = [];

          this.on('remote.alert', function (msg) {

              messages.push(msg);

          });

          this.evaluate(function () {

              var cell = IPython.notebook.get_cell(0);

        Paul Ivanov
    
make the JS test fail

              r14692
            
              var json = cell.toJSON();

              json.prompt_number = "<script> alert('hello from input prompts !')</script>";

              cell.fromJSON(json);

        Matthias BUSSONNIER
    
XSS casper test

              r14680
            
          });

          this.then(function () {

              this.test.assert(messages.length == 0, "Captured log message from script tag injection !");

          });

      });

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Matthias BUSSONNIER XSS casper test	r14680	//
		// Test robustness about JS injection in different place
		//
		// This assume malicious document arrive to the frontend.
		//

		casper.notebook_test(function () {
		var messages = [];
		this.on('remote.alert', function (msg) {
		messages.push(msg);
		});

		this.evaluate(function () {
		var cell = IPython.notebook.get_cell(0);
Paul Ivanov make the JS test fail	r14692	var json = cell.toJSON();
		json.prompt_number = "<script> alert('hello from input prompts !')</script>";
		cell.fromJSON(json);
Matthias BUSSONNIER XSS casper test	r14680	});

		this.then(function () {
		this.test.assert(messages.length == 0, "Captured log message from script tag injection !");
		});
		});