honeymoose/angular-cn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
angular-cn/public/docs/_examples/security/e2e-spec.ts
Patrice Chalin 705d8c50fd docs(security): proofread prose, app now shows good and bad 
- App now shows how Angular handles untrusted URLs and resources
- E2e test covered new functionality
- Copyedits to prose
- Updated provider expressions to use latest syntax

The original security feature tracker:
https://github.com/angular/angular/issues/8511
2016-06-30 13:04:55 -07:00

37 lines
1.3 KiB
TypeScript
Raw Blame History

/// <reference path="../_protractor/e2e.d.ts" />
'use strict';
describe('Security E2E Tests', () => {
beforeAll(() => browser.get(''));
it('sanitizes innerHTML', () => {
let interpolated = element(By.className('e2e-inner-html-interpolated'));
expect(interpolated.getText())
.toContain('Template <script>alert("0wned")</script> <b>Syntax</b>');
let bound = element(By.className('e2e-inner-html-bound'));
expect(bound.getText()).toContain('Template alert("0wned") Syntax');
let bold = element(By.css('.e2e-inner-html-bound b'));
expect(bold.getText()).toContain('Syntax');
});
it('escapes untrusted URLs', () => {
let untrustedUrl = element(By.className('e2e-dangerous-url'));
expect(untrustedUrl.getAttribute('href')).toMatch(/^unsafe:javascript/);
});
it('binds trusted URLs', () => {
let trustedUrl = element(By.className('e2e-trusted-url'));
expect(trustedUrl.getAttribute('href')).toMatch(/^javascript:alert/);
});
it('escapes untrusted resource URLs', () => {
let iframe = element(By.className('e2e-iframe-untrusted-src'));
expect(iframe.getAttribute('src')).toBe('');
});
it('binds trusted resource URLs', () => {
let iframe = element(By.className('e2e-iframe-trusted-src'));
expect(iframe.getAttribute('src')).toMatch(/^https:\/\/www.youtube.com\//);
});
});
Reference in New Issue View Git Blame Copy Permalink