Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

making Request.HTML reject script tags outside the scope of a filtere…

…d tag
  • Loading branch information...
commit 365f928511300bcb2c5cf14b633ba40bd8a860f3 1 parent d54312c
Javier Blanco Gutiérrez authored
15 Source/Request/Request.HTML.js
@@ -30,14 +30,21 @@ Request.HTML = new Class({
30 30
31 31 success: function(text){
32 32 var options = this.options, response = this.response;
  33 +
  34 + response.html = text;
33 35
34   - response.html = text.stripScripts(function(script){
  36 + var match = response.html.match(/<body[^>]*>([\s\S]*?)<\/body>/i);
  37 + if (match) response.html = match[1];
  38 + var temp = new Element('div', {html: response.html});
  39 +
  40 + if (options.filter)
  41 + response.html = temp.getElement(options.filter).outerHTML;
  42 +
  43 + response.html = response.html.stripScripts(function(script){
35 44 response.javascript = script;
36 45 });
37 46
38   - var match = response.html.match(/<body[^>]*>([\s\S]*?)<\/body>/i);
39   - if (match) response.html = match[1];
40   - var temp = new Element('div').set('html', response.html);
  47 + temp = new Element('div', {html: response.html});
41 48
42 49 response.tree = temp.childNodes;
43 50 response.elements = temp.getElements(options.filter || '*');
5 Specs/1.3client/Request/Request.HTML.js
@@ -157,7 +157,7 @@ describe('Request.HTML', function(){
157 157
158 158 it('should create an ajax request and correctly filter it by the passed selector', function(){
159 159
160   - var response = '<span>text</span><a>aaa</a>';
  160 + var response = '<span>text</span><script>___SPEC___=1;</script><a>aaa<script>___SPEC___=2;</script></a><script>___SPEC___=3;</script>';
161 161
162 162 this.spy.identity = 'Request.HTML onComplete filter';
163 163 var request = new Request.HTML({
@@ -173,7 +173,8 @@ describe('Request.HTML', function(){
173 173 expect(onCompleteArgs[0].length).toEqual(1);
174 174 expect(onCompleteArgs[0][0].get('tag')).toEqual('a');
175 175 expect(onCompleteArgs[0][0].get('text')).toEqual('aaa');
176   -
  176 + expect(onCompleteArgs[3].trim()).toEqual('___SPEC___=2;');
  177 + expect(___SPEC___).toEqual(2);
177 178 });
178 179
179 180 it('should create an ajax request that filters the response and updates the target', function(){

0 comments on commit 365f928

Please sign in to comment.
Something went wrong with that request. Please try again.