angular-cn/modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts

import * as t from '@angular/core/testing/testing_internal';

import {getDOM} from '../../src/dom/dom_adapter';
import {sanitizeStyle} from '../../src/security/style_sanitizer';

export function main() {
  t.describe('Style sanitizer', () => {
    let logMsgs: string[];
    let originalLog: (msg: any) => any;

    t.beforeEach(() => {
      logMsgs = [];
      originalLog = getDOM().log;  // Monkey patch DOM.log.
      getDOM().log = (msg) => logMsgs.push(msg);
    });
    t.afterEach(() => { getDOM().log = originalLog; });


    t.it('sanitizes values', () => {
      t.expect(sanitizeStyle('abc')).toEqual('abc');
      t.expect(sanitizeStyle('expression(haha)')).toEqual('unsafe');
      // Unbalanced quotes.
      t.expect(sanitizeStyle('"value" "')).toEqual('unsafe');

      t.expect(logMsgs.join('\n')).toMatch(/sanitizing unsafe style value/);
    });
  });
}
feat(security): add tests for style sanitisation. 2016-05-03 21:41:07 -04:00			`import * as t from '@angular/core/testing/testing_internal';`
feat(security): warn users when sanitizing in dev mode. This should help developers to figure out what's going on when the sanitizer strips some input. Fixes #8522. 2016-05-09 10:46:31 -04:00
			`import {getDOM} from '../../src/dom/dom_adapter';`
feat(security): add tests for style sanitisation. 2016-05-03 21:41:07 -04:00			`import {sanitizeStyle} from '../../src/security/style_sanitizer';`

			`export function main() {`
			`t.describe('Style sanitizer', () => {`
feat(security): warn users when sanitizing in dev mode. This should help developers to figure out what's going on when the sanitizer strips some input. Fixes #8522. 2016-05-09 10:46:31 -04:00			`let logMsgs: string[];`
			`let originalLog: (msg: any) => any;`

			`t.beforeEach(() => {`
			`logMsgs = [];`
			`originalLog = getDOM().log; // Monkey patch DOM.log.`
			`getDOM().log = (msg) => logMsgs.push(msg);`
			`});`
			`t.afterEach(() => { getDOM().log = originalLog; });`


feat(security): add tests for style sanitisation. 2016-05-03 21:41:07 -04:00			`t.it('sanitizes values', () => {`
			`t.expect(sanitizeStyle('abc')).toEqual('abc');`
			`t.expect(sanitizeStyle('expression(haha)')).toEqual('unsafe');`
			`// Unbalanced quotes.`
			`t.expect(sanitizeStyle('"value" "')).toEqual('unsafe');`
feat(security): warn users when sanitizing in dev mode. This should help developers to figure out what's going on when the sanitizer strips some input. Fixes #8522. 2016-05-09 10:46:31 -04:00
			`t.expect(logMsgs.join('\n')).toMatch(/sanitizing unsafe style value/);`
feat(security): add tests for style sanitisation. 2016-05-03 21:41:07 -04:00			`});`
			`});`
			`}`