This repository has been archived by the owner on Feb 1, 2019. It is now read-only.
/
test_js_instanceproperties.py
153 lines (110 loc) · 3.55 KB
/
test_js_instanceproperties.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
from mock import patch
from validator.compat import FX18_DEFINITION
from js_helper import _do_test_raw, TestCase
def test_innerHTML():
"""Tests that the dev can't define event handlers in innerHTML."""
assert not _do_test_raw("""
var x = foo();
x.innerHTML = "<div></div>";
""").failed()
assert _do_test_raw("""
var x = foo();
x.innerHTML = "<div onclick=\\"foo\\"></div>";
""").failed()
# Test without declaration
assert _do_test_raw("""
x.innerHTML = "<div onclick=\\"foo\\"></div>";
""").failed()
assert _do_test_raw("""
var x = foo();
x.innerHTML = "x" + y;
""").failed()
assert _do_test_raw("""x.innerHTML = "<script>";""").failed()
assert _do_test_raw("""
x.innerHTML = '<a href="javascript:alert();">';
""").failed()
def test_outerHTML():
"""Test that the dev can't define event handler in outerHTML."""
assert not _do_test_raw("""
var x = foo();
x.outerHTML = "<div></div>";
""").failed()
assert _do_test_raw("""
var x = foo();
x.outerHTML = "<div onclick=\\"foo\\"></div>";
""").failed()
# Test without declaration
assert _do_test_raw("""
x.outerHTML = "<div onclick=\\"foo\\"></div>";
""").failed()
assert _do_test_raw("""
var x = foo();
x.outerHTML = "x" + y;
""").failed()
def _mock_html_error(self, *args, **kwargs):
self.err.error(("foo", "bar"),
"Does not pass validation.")
@patch('validator.testcases.markup.markuptester.MarkupParser.process',
_mock_html_error)
def test_complex_innerHTML():
"""Tests that innerHTML can't be assigned an HTML chunk with bad code"""
assert _do_test_raw("""
var x = foo();
x.innerHTML = "<b></b>";
""").failed()
def test_function_return():
"""
Test that the return value of a function is considered a dynamic value.
"""
assert _do_test_raw("""x.innerHTML = foo();""").failed()
def test_on_event():
"""Tests that on* properties are not assigned strings."""
assert not _do_test_raw("""
var x = foo();
x.fooclick = "bar";
""").failed()
assert not _do_test_raw("""
var x = foo();
x.onclick = function() {};
""").failed()
assert _do_test_raw("""
var x = foo();
x.onclick = "bar";
""").failed()
def test_on_event_null():
"""Null should not trigger on* events."""
assert not _do_test_raw("""
var x = foo(),
y = null;
x.onclick = y;
""").failed()
class TestHandleEvent(TestCase):
def test_on_event_handleEvent_pass(self):
"""
Test that objects with `handleEvent` methods aren't flagged for
versions of Gecko less than 18.
"""
self.run_script("""
foo.onclick = {handleEvent: function() {alert("bar");}};
""")
self.assert_failed(with_warnings=True)
def test_on_event_handleEvent_fail(self):
"""
Objects with `handleEvent` methods should be flagged as errors when add-ons
target Gecko version 18.
"""
self.setup_err(for_appversions=FX18_DEFINITION)
self.run_script("""
foo.onclick = {handleEvent: function() {alert("bar");}};
""")
self.assert_failed(with_errors=True)
def test_on_event_handleEvent_ignore(self):
"""
Test that dirty objects don't trigger handleEvent errors.
"""
self.setup_err(for_appversions=FX18_DEFINITION)
self.run_script("""
var dirty = this_creates_a_dirty_object();
foo.onclick = dirty;
""")
self.assert_silent()