2018-06-28 08:24:21 -04:00
|
|
|
|
import { registerTooltip } from "discourse/lib/tooltip";
|
|
|
|
|
|
|
|
|
|
// prettier-ignore
|
|
|
|
|
QUnit.module("lib:tooltip", {
|
|
|
|
|
beforeEach() {
|
|
|
|
|
fixture().html(
|
2018-11-26 05:15:23 -05:00
|
|
|
|
`
|
|
|
|
|
<a class='test-text-link' data-tooltip='XSS<s onmouseover\=alert(document.domain)>XSS'>test</a>
|
|
|
|
|
<a class='test-html-link' data-html-tooltip='<p>test</p>'>test</a>
|
|
|
|
|
`
|
2018-06-28 08:24:21 -04:00
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2018-11-26 05:15:23 -05:00
|
|
|
|
QUnit.test("text support", async assert => {
|
|
|
|
|
const $testTextLink = fixture(".test-text-link");
|
|
|
|
|
registerTooltip($testTextLink);
|
|
|
|
|
|
|
|
|
|
await $testTextLink.click();
|
|
|
|
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
fixture(".tooltip-content")
|
|
|
|
|
.html()
|
|
|
|
|
.trim(),
|
|
|
|
|
"XSS<s onmouseover=alert(document.domain)>XSS",
|
|
|
|
|
"it prevents XSS injection"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
fixture(".tooltip-content")
|
|
|
|
|
.text()
|
|
|
|
|
.trim(),
|
|
|
|
|
"XSS<s onmouseover=alert(document.domain)>XSS",
|
|
|
|
|
"it returns content as plain text"
|
|
|
|
|
);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
QUnit.test("html support", async assert => {
|
|
|
|
|
const $testHtmlLink = fixture(".test-html-link");
|
|
|
|
|
registerTooltip($testHtmlLink);
|
|
|
|
|
|
|
|
|
|
await $testHtmlLink.click();
|
|
|
|
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
fixture(".tooltip-content")
|
|
|
|
|
.html()
|
|
|
|
|
.trim(),
|
|
|
|
|
"<p>test</p>",
|
|
|
|
|
"it doesn’t escape HTML"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
fixture(".tooltip-content")
|
|
|
|
|
.text()
|
|
|
|
|
.trim(),
|
|
|
|
|
"test",
|
|
|
|
|
"it returns content as plain text"
|
|
|
|
|
);
|
2018-06-28 08:24:21 -04:00
|
|
|
|
});
|