Show More
inject_js.js
23 lines
| 648 B
| application/javascript
|
JavascriptLexer
Matthias BUSSONNIER
|
r14680 | // | ||
// Test robustness about JS injection in different place | ||||
// | ||||
// This assume malicious document arrive to the frontend. | ||||
// | ||||
casper.notebook_test(function () { | ||||
var messages = []; | ||||
this.on('remote.alert', function (msg) { | ||||
messages.push(msg); | ||||
}); | ||||
this.evaluate(function () { | ||||
var cell = IPython.notebook.get_cell(0); | ||||
Paul Ivanov
|
r14692 | var json = cell.toJSON(); | ||
json.prompt_number = "<script> alert('hello from input prompts !')</script>"; | ||||
cell.fromJSON(json); | ||||
Matthias BUSSONNIER
|
r14680 | }); | ||
this.then(function () { | ||||
this.test.assert(messages.length == 0, "Captured log message from script tag injection !"); | ||||
}); | ||||
}); | ||||