honeymoose
/
angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test(security): simplify integration test.

This commit is contained in:
Martin Probst 2016-06-23 13:57:34 -07:00
parent 5ab0534164
commit 3ad81b1beb
1 changed files with 26 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
modules/@angular/core/test/linker/security_integration_spec.ts
View File

@ -10,7 +10,6 @@ import {ddescribe, describe, expect, inject, beforeEachProviders, beforeEach, af
import {TestComponentBuilder} from '@angular/compiler/testing'; import {TestComponentBuilder} from '@angular/compiler/testing';
import {AsyncTestCompleter} from '@angular/core/testing/testing_internal'; import {AsyncTestCompleter} from '@angular/core/testing/testing_internal';
import {getDOM} from '@angular/platform-browser/src/dom/dom_adapter'; import {getDOM} from '@angular/platform-browser/src/dom/dom_adapter';
import {PromiseWrapper} from '../../src/facade/async';
import {provide, Injectable, OpaqueToken} from '@angular/core'; import {provide, Injectable, OpaqueToken} from '@angular/core';
import {CompilerConfig} from '@angular/compiler'; import {CompilerConfig} from '@angular/compiler';
import {Component, ViewMetadata} from '@angular/core/src/metadata'; import {Component, ViewMetadata} from '@angular/core/src/metadata';
@ -31,7 +30,7 @@ export function main() {
} }
} }
@Component({selector: 'my-comp', directives: []}) @Component({selector: 'my-comp', template: '', directives: []})
class SecuredComponent { class SecuredComponent {
ctxProp: string; ctxProp: string;
constructor() { this.ctxProp = 'some value'; } constructor() { this.ctxProp = 'some value'; }
@ -73,8 +72,10 @@ function declareTests({useJit}: {useJit: boolean}) {
itAsync( itAsync(
'should disallow binding on*', (tcb: TestComponentBuilder, async: AsyncTestCompleter) => { 'should disallow binding on*', (tcb: TestComponentBuilder, async: AsyncTestCompleter) => {
let tpl = `<div [attr.onclick]="ctxProp"></div>`; let tpl = `<div [attr.onclick]="ctxProp"></div>`;
tcb = tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl})); tcb.overrideTemplate(SecuredComponent, tpl)
PromiseWrapper.catchError(tcb.createAsync(SecuredComponent), (e) => { .createAsync(SecuredComponent)
.then(v => async.done(new Error('unexpected success')))
.catch((e) => {
expect(e.message).toContain( expect(e.message).toContain(
`Template parse errors:\n` + `Template parse errors:\n` +
`Binding to event attribute 'onclick' is disallowed ` + `Binding to event attribute 'onclick' is disallowed ` +
@ -91,7 +92,7 @@ function declareTests({useJit}: {useJit: boolean}) {
(tcb: TestComponentBuilder, async: AsyncTestCompleter, (tcb: TestComponentBuilder, async: AsyncTestCompleter,
sanitizer: DomSanitizationService) => { sanitizer: DomSanitizationService) => {
let tpl = `<a [href]="ctxProp">Link Title</a>`; let tpl = `<a [href]="ctxProp">Link Title</a>`;
tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) tcb.overrideTemplate(SecuredComponent, tpl)
.createAsync(SecuredComponent) .createAsync(SecuredComponent)
.then((fixture) => { .then((fixture) => {
let e = fixture.debugElement.children[0].nativeElement; let e = fixture.debugElement.children[0].nativeElement;
@ -111,7 +112,7 @@ function declareTests({useJit}: {useJit: boolean}) {
(tcb: TestComponentBuilder, async: AsyncTestCompleter, (tcb: TestComponentBuilder, async: AsyncTestCompleter,
sanitizer: DomSanitizationService) => { sanitizer: DomSanitizationService) => {
let tpl = `<a [href]="ctxProp">Link Title</a>`; let tpl = `<a [href]="ctxProp">Link Title</a>`;
tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) tcb.overrideTemplate(SecuredComponent, tpl)
.createAsync(SecuredComponent) .createAsync(SecuredComponent)
.then((fixture) => { .then((fixture) => {
let trusted = sanitizer.bypassSecurityTrustScript('javascript:alert(1)'); let trusted = sanitizer.bypassSecurityTrustScript('javascript:alert(1)');
@ -130,7 +131,7 @@ function declareTests({useJit}: {useJit: boolean}) {
(tcb: TestComponentBuilder, async: AsyncTestCompleter, (tcb: TestComponentBuilder, async: AsyncTestCompleter,
sanitizer: DomSanitizationService) => { sanitizer: DomSanitizationService) => {
let tpl = `<a href="/foo/{{ctxProp}}">Link Title</a>`; let tpl = `<a href="/foo/{{ctxProp}}">Link Title</a>`;
tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) tcb.overrideTemplate(SecuredComponent, tpl)
.createAsync(SecuredComponent) .createAsync(SecuredComponent)
.then((fixture) => { .then((fixture) => {
let e = fixture.debugElement.children[0].nativeElement; let e = fixture.debugElement.children[0].nativeElement;
@ -150,7 +151,7 @@ function declareTests({useJit}: {useJit: boolean}) {
'should escape unsafe attributes', 'should escape unsafe attributes',
(tcb: TestComponentBuilder, async: AsyncTestCompleter) => { (tcb: TestComponentBuilder, async: AsyncTestCompleter) => {
let tpl = `<a [href]="ctxProp">Link Title</a>`; let tpl = `<a [href]="ctxProp">Link Title</a>`;
tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) tcb.overrideTemplate(SecuredComponent, tpl)
.createAsync(SecuredComponent) .createAsync(SecuredComponent)
.then((fixture) => { .then((fixture) => {
let e = fixture.debugElement.children[0].nativeElement; let e = fixture.debugElement.children[0].nativeElement;
@ -173,7 +174,7 @@ function declareTests({useJit}: {useJit: boolean}) {
'should escape unsafe style values', 'should escape unsafe style values',
(tcb: TestComponentBuilder, async: AsyncTestCompleter) => { (tcb: TestComponentBuilder, async: AsyncTestCompleter) => {
let tpl = `<div [style.background]="ctxProp">Text</div>`; let tpl = `<div [style.background]="ctxProp">Text</div>`;
tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) tcb.overrideTemplate(SecuredComponent, tpl)
.createAsync(SecuredComponent) .createAsync(SecuredComponent)
.then((fixture) => { .then((fixture) => {
let e = fixture.debugElement.children[0].nativeElement; let e = fixture.debugElement.children[0].nativeElement;
@ -198,9 +199,10 @@ function declareTests({useJit}: {useJit: boolean}) {
'should escape unsafe SVG attributes', 'should escape unsafe SVG attributes',
(tcb: TestComponentBuilder, async: AsyncTestCompleter) => { (tcb: TestComponentBuilder, async: AsyncTestCompleter) => {
let tpl = `<svg:circle [xlink:href]="ctxProp">Text</svg:circle>`; let tpl = `<svg:circle [xlink:href]="ctxProp">Text</svg:circle>`;
tcb = tcb.overrideView( tcb.overrideTemplate(SecuredComponent, tpl)
SecuredComponent, new ViewMetadata({template: tpl, directives: []})); .createAsync(SecuredComponent)
PromiseWrapper.catchError(tcb.createAsync(SecuredComponent), (e) => { .then(v => async.done(new Error('unexpected success')))
.catch((e) => {
expect(e.message).toContain(`Can't bind to 'xlink:href'`); expect(e.message).toContain(`Can't bind to 'xlink:href'`);
async.done(); async.done();
return null; return null;
@ -211,7 +213,7 @@ function declareTests({useJit}: {useJit: boolean}) {
'should escape unsafe HTML values', 'should escape unsafe HTML values',
(tcb: TestComponentBuilder, async: AsyncTestCompleter) => { (tcb: TestComponentBuilder, async: AsyncTestCompleter) => {
let tpl = `<div [innerHTML]="ctxProp">Text</div>`; let tpl = `<div [innerHTML]="ctxProp">Text</div>`;
tcb.overrideView(SecuredComponent, new ViewMetadata({template: tpl, directives: []})) tcb.overrideTemplate(SecuredComponent, tpl)
.createAsync(SecuredComponent) .createAsync(SecuredComponent)
.then((fixture) => { .then((fixture) => {
let e = fixture.debugElement.children[0].nativeElement; let e = fixture.debugElement.children[0].nativeElement;
@ -237,6 +239,5 @@ function declareTests({useJit}: {useJit: boolean}) {
}); });
}); });
}); });
}); });
} }