From 3ad81b1beb210a16d491f72dec78e93844f4f82b Mon Sep 17 00:00:00 2001 From: Martin Probst Date: Thu, 23 Jun 2016 13:57:34 -0700 Subject: [PATCH] test(security): simplify integration test. --- .../test/linker/security_integration_spec.ts | 51 ++++++++++--------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/modules/@angular/core/test/linker/security_integration_spec.ts b/modules/@angular/core/test/linker/security_integration_spec.ts index bda6fdf177..2a4f6ea410 100644 --- a/modules/@angular/core/test/linker/security_integration_spec.ts +++ b/modules/@angular/core/test/linker/security_integration_spec.ts @@ -10,7 +10,6 @@ import {ddescribe, describe, expect, inject, beforeEachProviders, beforeEach, af import {TestComponentBuilder} from '@angular/compiler/testing'; import {AsyncTestCompleter} from '@angular/core/testing/testing_internal'; import {getDOM} from '@angular/platform-browser/src/dom/dom_adapter'; -import {PromiseWrapper} from '../../src/facade/async'; import {provide, Injectable, OpaqueToken} from '@angular/core'; import {CompilerConfig} from '@angular/compiler'; import {Component, ViewMetadata} from '@angular/core/src/metadata'; @@ -31,7 +30,7 @@ export function main() { } } -@Component({selector: 'my-comp', directives: []}) +@Component({selector: 'my-comp', template: '', directives: []}) class SecuredComponent { ctxProp: string; constructor() { this.ctxProp = 'some value'; } @@ -73,15 +72,17 @@ function declareTests({useJit}: {useJit: boolean}) { itAsync( 'should disallow binding on*', (tcb: TestComponentBuilder, async: AsyncTestCompleter) => { let tpl = `
`; - tcb = tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl})); - PromiseWrapper.catchError(tcb.createAsync(SecuredComponent), (e) => { - expect(e.message).toContain( - `Template parse errors:\n` + - `Binding to event attribute 'onclick' is disallowed ` + - `for security reasons, please use (click)=... `); - async.done(); - return null; - }); + tcb.overrideTemplate(SecuredComponent, tpl) + .createAsync(SecuredComponent) + .then(v => async.done(new Error('unexpected success'))) + .catch((e) => { + expect(e.message).toContain( + `Template parse errors:\n` + + `Binding to event attribute 'onclick' is disallowed ` + + `for security reasons, please use (click)=... `); + async.done(); + return null; + }); }); describe('safe HTML values', function() { @@ -91,7 +92,7 @@ function declareTests({useJit}: {useJit: boolean}) { (tcb: TestComponentBuilder, async: AsyncTestCompleter, sanitizer: DomSanitizationService) => { let tpl = `Link Title`; - tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) + tcb.overrideTemplate(SecuredComponent, tpl) .createAsync(SecuredComponent) .then((fixture) => { let e = fixture.debugElement.children[0].nativeElement; @@ -111,7 +112,7 @@ function declareTests({useJit}: {useJit: boolean}) { (tcb: TestComponentBuilder, async: AsyncTestCompleter, sanitizer: DomSanitizationService) => { let tpl = `Link Title`; - tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) + tcb.overrideTemplate(SecuredComponent, tpl) .createAsync(SecuredComponent) .then((fixture) => { let trusted = sanitizer.bypassSecurityTrustScript('javascript:alert(1)'); @@ -130,7 +131,7 @@ function declareTests({useJit}: {useJit: boolean}) { (tcb: TestComponentBuilder, async: AsyncTestCompleter, sanitizer: DomSanitizationService) => { let tpl = `Link Title`; - tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) + tcb.overrideTemplate(SecuredComponent, tpl) .createAsync(SecuredComponent) .then((fixture) => { let e = fixture.debugElement.children[0].nativeElement; @@ -150,7 +151,7 @@ function declareTests({useJit}: {useJit: boolean}) { 'should escape unsafe attributes', (tcb: TestComponentBuilder, async: AsyncTestCompleter) => { let tpl = `Link Title`; - tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) + tcb.overrideTemplate(SecuredComponent, tpl) .createAsync(SecuredComponent) .then((fixture) => { let e = fixture.debugElement.children[0].nativeElement; @@ -173,7 +174,7 @@ function declareTests({useJit}: {useJit: boolean}) { 'should escape unsafe style values', (tcb: TestComponentBuilder, async: AsyncTestCompleter) => { let tpl = `
Text
`; - tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) + tcb.overrideTemplate(SecuredComponent, tpl) .createAsync(SecuredComponent) .then((fixture) => { let e = fixture.debugElement.children[0].nativeElement; @@ -198,20 +199,21 @@ function declareTests({useJit}: {useJit: boolean}) { 'should escape unsafe SVG attributes', (tcb: TestComponentBuilder, async: AsyncTestCompleter) => { let tpl = `Text`; - tcb = tcb.overrideView( - SecuredComponent, new ViewMetadata({template: tpl, directives: []})); - PromiseWrapper.catchError(tcb.createAsync(SecuredComponent), (e) => { - expect(e.message).toContain(`Can't bind to 'xlink:href'`); - async.done(); - return null; - }); + tcb.overrideTemplate(SecuredComponent, tpl) + .createAsync(SecuredComponent) + .then(v => async.done(new Error('unexpected success'))) + .catch((e) => { + expect(e.message).toContain(`Can't bind to 'xlink:href'`); + async.done(); + return null; + }); }); itAsync( 'should escape unsafe HTML values', (tcb: TestComponentBuilder, async: AsyncTestCompleter) => { let tpl = `
Text
`; - tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) + tcb.overrideTemplate(SecuredComponent, tpl) .createAsync(SecuredComponent) .then((fixture) => { let e = fixture.debugElement.children[0].nativeElement; @@ -237,6 +239,5 @@ function declareTests({useJit}: {useJit: boolean}) { }); }); }); - }); } \ No newline at end of file