Show More
| @@ -1,23 +1,23 b'' | |||||
| 1 | // |
|
1 | // | |
| 2 | // Test robustness about JS injection in different place |
|
2 | // Test robustness about JS injection in different place | |
| 3 | // |
|
3 | // | |
| 4 | // This assume malicious document arrive to the frontend. |
|
4 | // This assume malicious document arrive to the frontend. | |
| 5 | // |
|
5 | // | |
| 6 |
|
6 | |||
| 7 | casper.notebook_test(function () { |
|
7 | casper.notebook_test(function () { | |
| 8 | var messages = []; |
|
8 | var messages = []; | |
| 9 | this.on('remote.alert', function (msg) { |
|
9 | this.on('remote.alert', function (msg) { | |
| 10 | messages.push(msg); |
|
10 | messages.push(msg); | |
| 11 | }); |
|
11 | }); | |
| 12 |
|
12 | |||
| 13 | this.evaluate(function () { |
|
13 | this.evaluate(function () { | |
| 14 | var cell = IPython.notebook.get_cell(0); |
|
14 | var cell = IPython.notebook.get_cell(0); | |
| 15 | var json = cell.toJSON() |
|
15 | var json = cell.toJSON(); | |
| 16 | json.prompt_number = "<script> alert('hello from input prompts !')</script>" |
|
16 | json.prompt_number = "<script> alert('hello from input prompts !')</script>"; | |
| 17 | cell.fromJSON(j) |
|
17 | cell.fromJSON(json); | |
| 18 | }); |
|
18 | }); | |
| 19 |
|
19 | |||
| 20 | this.then(function () { |
|
20 | this.then(function () { | |
| 21 | this.test.assert(messages.length == 0, "Captured log message from script tag injection !"); |
|
21 | this.test.assert(messages.length == 0, "Captured log message from script tag injection !"); | |
| 22 | }); |
|
22 | }); | |
| 23 | }); |
|
23 | }); | |
General Comments 0
You need to be logged in to leave comments.
Login now