Show More
@@ -1,23 +1,23 b'' | |||||
1 | // |
|
1 | // | |
2 | // Test robustness about JS injection in different place |
|
2 | // Test robustness about JS injection in different place | |
3 | // |
|
3 | // | |
4 | // This assume malicious document arrive to the frontend. |
|
4 | // This assume malicious document arrive to the frontend. | |
5 | // |
|
5 | // | |
6 |
|
6 | |||
7 | casper.notebook_test(function () { |
|
7 | casper.notebook_test(function () { | |
8 | var messages = []; |
|
8 | var messages = []; | |
9 | this.on('remote.alert', function (msg) { |
|
9 | this.on('remote.alert', function (msg) { | |
10 | messages.push(msg); |
|
10 | messages.push(msg); | |
11 | }); |
|
11 | }); | |
12 |
|
12 | |||
13 | this.evaluate(function () { |
|
13 | this.evaluate(function () { | |
14 | var cell = IPython.notebook.get_cell(0); |
|
14 | var cell = IPython.notebook.get_cell(0); | |
15 | var json = cell.toJSON() |
|
15 | var json = cell.toJSON(); | |
16 | json.prompt_number = "<script> alert('hello from input prompts !')</script>" |
|
16 | json.prompt_number = "<script> alert('hello from input prompts !')</script>"; | |
17 | cell.fromJSON(j) |
|
17 | cell.fromJSON(json); | |
18 | }); |
|
18 | }); | |
19 |
|
19 | |||
20 | this.then(function () { |
|
20 | this.then(function () { | |
21 | this.test.assert(messages.length == 0, "Captured log message from script tag injection !"); |
|
21 | this.test.assert(messages.length == 0, "Captured log message from script tag injection !"); | |
22 | }); |
|
22 | }); | |
23 | }); |
|
23 | }); |
General Comments 0
You need to be logged in to leave comments.
Login now