##// END OF EJS Templates
Document replace field in set_next_input payload
Document replace field in set_next_input payload

File last commit:

r18587:1e136a8b
r19253:f67caff2
Show More
inject_js.js
23 lines | 650 B | application/javascript | JavascriptLexer
Matthias BUSSONNIER
XSS casper test
r14680 //
// Test robustness about JS injection in different place
//
// This assume malicious document arrive to the frontend.
//
casper.notebook_test(function () {
var messages = [];
this.on('remote.alert', function (msg) {
messages.push(msg);
});
this.evaluate(function () {
var cell = IPython.notebook.get_cell(0);
Paul Ivanov
make the JS test fail
r14692 var json = cell.toJSON();
MinRK
s/prompt_number/execution_count in nbformat 4
r18587 json.execution_count = "<script> alert('hello from input prompts !')</script>";
Paul Ivanov
make the JS test fail
r14692 cell.fromJSON(json);
Matthias BUSSONNIER
XSS casper test
r14680 });
this.then(function () {
this.test.assert(messages.length == 0, "Captured log message from script tag injection !");
});
});