upstream/ipython Commit - r14680:6942be28

XSS casper test

Matthias BUSSONNIER -

r14680:6942be28

parent child

IPython/html/tests/casperjs/test_cases/inject_js.js

0 created 644 +23 0

@@ -0,0 +1,23 b''
	1	//
	2	// Test robustness about JS injection in different place
	3	//
	4	// This assume malicious document arrive to the frontend.
	5	//
	6
	7	casper.notebook_test(function () {
	8	var messages = [];
	9	this.on('remote.alert', function (msg) {
	10	messages.push(msg);
	11	});
	12
	13	this.evaluate(function () {
	14	var cell = IPython.notebook.get_cell(0);
	15	var json = cell.toJSON()
	16	json.prompt_number = "<script> alert('hello from input prompts !')</script>"
	17	cell.fromJSON(j)
	18	});
	19
	20	this.then(function () {
	21	this.test.assert(messages.length == 0, "Captured log message from script tag injection !");
	22	});
	23	});

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages