Show More
@@ -0,0 +1,23 b'' | |||
|
1 | // | |
|
2 | // Test robustness about JS injection in different place | |
|
3 | // | |
|
4 | // This assume malicious document arrive to the frontend. | |
|
5 | // | |
|
6 | ||
|
7 | casper.notebook_test(function () { | |
|
8 | var messages = []; | |
|
9 | this.on('remote.alert', function (msg) { | |
|
10 | messages.push(msg); | |
|
11 | }); | |
|
12 | ||
|
13 | this.evaluate(function () { | |
|
14 | var cell = IPython.notebook.get_cell(0); | |
|
15 | var json = cell.toJSON() | |
|
16 | json.prompt_number = "<script> alert('hello from input prompts !')</script>" | |
|
17 | cell.fromJSON(j) | |
|
18 | }); | |
|
19 | ||
|
20 | this.then(function () { | |
|
21 | this.test.assert(messages.length == 0, "Captured log message from script tag injection !"); | |
|
22 | }); | |
|
23 | }); |
General Comments 0
You need to be logged in to leave comments.
Login now