fix unit tests

twbs · Aug 19, 2018 · 9c4c72e · 9c4c72e
1 parent 82890e9
commit 9c4c72e
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 46 deletions.
diff --git a/js/tests/unit/affix.js b/js/tests/unit/affix.js
@@ -26,7 +26,7 @@ $(function () {
 
   QUnit.test('should return jquery collection containing the element', function (assert) {
     assert.expect(2)
-    var $el = $('<div/>')
+    var $el = $('<div/>').appendTo('#qunit-fixture')
     var $affix = $el.bootstrapAffix()
     assert.ok($affix instanceof $, 'returns jquery collection')
     assert.strictEqual($affix[0], $el[0], 'collection contains element')
@@ -104,19 +104,4 @@ $(function () {
       }, 250)
     }, 250)
   })
-
-  QUnit.test('should raise exception to avoid xss on target', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-
-      var templateHTML = '<div id="affixTarget"></div>'
-      $(templateHTML).appendTo(document.body)
-
-      $('#affixTarget').bootstrapAffix({
-        target: '<img src=1 onerror=\'alert(0)\'>'
-      })
-
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
 })
diff --git a/js/tests/unit/collapse.js b/js/tests/unit/collapse.js
@@ -439,15 +439,4 @@ $(function () {
       })
       .bootstrapCollapse('show')
   })
-
-  QUnit.test('should raise exception to avoid xss on data-parent', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-      $('<a role="button" data-toggle="collapse" data-parent="<img src=1 onerror=\'alert(0)\'>" href="#collapseThree">')
-        .appendTo('#qunit-fixture')
-        .bootstrapCollapse('show')
-        .trigger('click');
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
 })
diff --git a/js/tests/unit/tooltip.js b/js/tests/unit/tooltip.js
@@ -1321,23 +1321,4 @@ $(function () {
       }
     })
   })
-
-  QUnit.test('should raise exception to avoid xss on data-container', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-      $('<button data-toggle="tooltip" data-container="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
-        .appendTo('#qunit-fixture')
-        .bootstrapTooltip('show')
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
-  QUnit.test('should raise exception to avoid xss on data-viewport', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-      $('<button data-toggle="tooltip" data-viewport="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
-        .appendTo('#qunit-fixture')
-        .bootstrapTooltip('show')
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
 })
diff --git a/js/tests/visual/affix.html b/js/tests/visual/affix.html
@@ -54,6 +54,8 @@
 
   <div class="page-header js-page-header">
     <h1>Affix <small>Bootstrap Visual Test</small></h1>
+
+    <div id="affixTarget">Affix target with XSS</div>
   </div>
 
   <div class="col-md-3">
@@ -277,6 +279,14 @@ <h1>Affix <small>Bootstrap Visual Test</small></h1>
 <!-- JavaScript Test -->
 <script>
 $(function () {
+  try {
+    $('#affixTarget').bootstrapAffix({
+      target: '<img src=1 onerror=\'alert(0)\'>'
+    })
+  } catch (e) {
+    console.error(e)
+  }
+
   $('.js-affixed-element-top').affix({
     offset: {
       top: $('.js-page-header').outerHeight(true) - 10

diff --git a/js/tests/visual/collapse.html b/js/tests/visual/collapse.html
@@ -69,6 +69,10 @@ <h4 class="panel-title">
   <button class="btn" data-toggle="collapse" data-target="<img src=x onerror=alert(0)>">
     Collapse with an XSS
   </button>
+
+  <button class="btn" data-toggle="collapse" data-parent="<img src=1 onerror=\'alert(0)\'>" href="#collapseThree">
+    Collapse with an XSS in data-parent
+  </button>
 </div>
 
 <!-- JavaScript Includes -->

diff --git a/js/tests/visual/tooltip.html b/js/tests/visual/tooltip.html
@@ -30,6 +30,8 @@ <h1>Tooltip <small>Bootstrap Visual Test</small></h1>
     <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="top" title="Tooltip on top">Tooltip on top</button>
     <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom">Tooltip on bottom</button>
     <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="right" title="Tooltip on right">Tooltip on right</button>
+    <button type="button" class="btn btn-default" data-toggle="tooltip" data-container="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip with XSS on data-container</button>
+    <button type="button" class="btn btn-default" data-toggle="tooltip" data-viewport="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip with XSS on data-viewport</button>
   </p>
 
 </div>