angular-cn/public/docs/_examples/security/e2e-spec.ts

'use strict'; // necessary for es6 output in node 

import { browser, element, By } from 'protractor';

describe('Security E2E Tests', () => {
  beforeAll(() => browser.get(''));

  it('sanitizes innerHTML', () => {
    let interpolated = element(By.className('e2e-inner-html-interpolated'));
    expect(interpolated.getText())
        .toContain('Template <script>alert("0wned")</script> <b>Syntax</b>');
    let bound = element(By.className('e2e-inner-html-bound'));
    expect(bound.getText()).toContain('Template alert("0wned") Syntax');
    let bold = element(By.css('.e2e-inner-html-bound b'));
    expect(bold.getText()).toContain('Syntax');
  });

  it('escapes untrusted URLs', () => {
    let untrustedUrl = element(By.className('e2e-dangerous-url'));
    expect(untrustedUrl.getAttribute('href')).toMatch(/^unsafe:javascript/);
  });

  it('binds trusted URLs', () => {
    let trustedUrl = element(By.className('e2e-trusted-url'));
    expect(trustedUrl.getAttribute('href')).toMatch(/^javascript:alert/);
  });

  it('escapes untrusted resource URLs', () => {
    let iframe = element(By.className('e2e-iframe-untrusted-src'));
    expect(iframe.getAttribute('src')).toBe('');
  });

  it('binds trusted resource URLs', () => {
    let iframe = element(By.className('e2e-iframe-trusted-src'));
    expect(iframe.getAttribute('src')).toMatch(/^https:\/\/www.youtube.com\//);
  });
});
chore(test): add protractor4 (#2233) * chore(test): add protractor4 * fix lint, remove boilerplate files, fix less gen * separate scripts between package.json * ignore a2docs.css in boilerplate * remove tslint in _examples 2016-10-06 23:25:52 +01:00			`'use strict'; // necessary for es6 output in node`

			`import { browser, element, By } from 'protractor';`
docs(security): proofread prose, app now shows good and bad - App now shows how Angular handles untrusted URLs and resources - E2e test covered new functionality - Copyedits to prose - Updated provider expressions to use latest syntax The original security feature tracker: https://github.com/angular/angular/issues/8511 2016-06-30 07:21:55 -07:00
docs(security): Add security documentation. Substantially rewritten, based on original content by Brian Clarkio and Ward Bell and contributions from Naomi Black. 2016-06-20 23:34:14 -07:00			`describe('Security E2E Tests', () => {`
docs(security): proofread prose, app now shows good and bad - App now shows how Angular handles untrusted URLs and resources - E2e test covered new functionality - Copyedits to prose - Updated provider expressions to use latest syntax The original security feature tracker: https://github.com/angular/angular/issues/8511 2016-06-30 07:21:55 -07:00			`beforeAll(() => browser.get(''));`
docs(security): Add security documentation. Substantially rewritten, based on original content by Brian Clarkio and Ward Bell and contributions from Naomi Black. 2016-06-20 23:34:14 -07:00
			`it('sanitizes innerHTML', () => {`
			`let interpolated = element(By.className('e2e-inner-html-interpolated'));`
			`expect(interpolated.getText())`
			`.toContain('Template <script>alert("0wned")</script> <b>Syntax</b>');`
			`let bound = element(By.className('e2e-inner-html-bound'));`
			`expect(bound.getText()).toContain('Template alert("0wned") Syntax');`
			`let bold = element(By.css('.e2e-inner-html-bound b'));`
			`expect(bold.getText()).toContain('Syntax');`
			`});`

docs(security): proofread prose, app now shows good and bad - App now shows how Angular handles untrusted URLs and resources - E2e test covered new functionality - Copyedits to prose - Updated provider expressions to use latest syntax The original security feature tracker: https://github.com/angular/angular/issues/8511 2016-06-30 07:21:55 -07:00			`it('escapes untrusted URLs', () => {`
			`let untrustedUrl = element(By.className('e2e-dangerous-url'));`
			`expect(untrustedUrl.getAttribute('href')).toMatch(/^unsafe:javascript/);`
			`});`

docs(security): Add security documentation. Substantially rewritten, based on original content by Brian Clarkio and Ward Bell and contributions from Naomi Black. 2016-06-20 23:34:14 -07:00			`it('binds trusted URLs', () => {`
docs(security): proofread prose, app now shows good and bad - App now shows how Angular handles untrusted URLs and resources - E2e test covered new functionality - Copyedits to prose - Updated provider expressions to use latest syntax The original security feature tracker: https://github.com/angular/angular/issues/8511 2016-06-30 07:21:55 -07:00			`let trustedUrl = element(By.className('e2e-trusted-url'));`
			`expect(trustedUrl.getAttribute('href')).toMatch(/^javascript:alert/);`
			`});`

			`it('escapes untrusted resource URLs', () => {`
			`let iframe = element(By.className('e2e-iframe-untrusted-src'));`
			`expect(iframe.getAttribute('src')).toBe('');`
docs(security): Add security documentation. Substantially rewritten, based on original content by Brian Clarkio and Ward Bell and contributions from Naomi Black. 2016-06-20 23:34:14 -07:00			`});`

			`it('binds trusted resource URLs', () => {`
docs(security): proofread prose, app now shows good and bad - App now shows how Angular handles untrusted URLs and resources - E2e test covered new functionality - Copyedits to prose - Updated provider expressions to use latest syntax The original security feature tracker: https://github.com/angular/angular/issues/8511 2016-06-30 07:21:55 -07:00			`let iframe = element(By.className('e2e-iframe-trusted-src'));`
docs(security): Add security documentation. Substantially rewritten, based on original content by Brian Clarkio and Ward Bell and contributions from Naomi Black. 2016-06-20 23:34:14 -07:00			`expect(iframe.getAttribute('src')).toMatch(/^https:\/\/www.youtube.com\//);`
			`});`
			`});`