UNPKG

@apache-royale/royale-js

Version:

Apache Royale (formerly FlexJS)

royale.apache.org

103 lines (82 loc) 3.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// Copyright 2014 The Closure Library Authors. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS-IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. /** * @fileoverview Unit tests for goog.html.SafeScript and its builders. */ goog.provide('goog.html.safeScriptTest'); goog.require('goog.html.SafeScript'); goog.require('goog.object'); goog.require('goog.string.Const'); goog.require('goog.testing.jsunit'); goog.setTestOnly('goog.html.safeScriptTest'); function testSafeScript() { var script = 'var string = \'hello\';'; var safeScript = goog.html.SafeScript.fromConstant(goog.string.Const.from(script)); var extracted = goog.html.SafeScript.unwrap(safeScript); assertEquals(script, extracted); assertEquals(script, safeScript.getTypedStringValue()); assertEquals('SafeScript{' + script + '}', String(safeScript)); // Interface marker is present. assertTrue(safeScript.implementsGoogStringTypedString); } /** @suppress {checkTypes} */ function testUnwrap() { var privateFieldName = 'privateDoNotAccessOrElseSafeScriptWrappedValue_'; var markerFieldName = 'SAFE_SCRIPT_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_'; var propNames = goog.object.getKeys( goog.html.SafeScript.fromConstant(goog.string.Const.from(''))); assertContains(privateFieldName, propNames); assertContains(markerFieldName, propNames); var evil = {}; evil[privateFieldName] = 'var string = \'evil\';'; evil[markerFieldName] = {}; var exception = assertThrows(function() { goog.html.SafeScript.unwrap(evil); }); assertContains('expected object of type SafeScript', exception.message); } function testFromConstant_allowsEmptyString() { assertEquals( goog.html.SafeScript.EMPTY, goog.html.SafeScript.fromConstant(goog.string.Const.from(''))); } function testEmpty() { assertEquals('', goog.html.SafeScript.unwrap(goog.html.SafeScript.EMPTY)); } function testFromConstantAndArgs() { var script = goog.html.SafeScript.fromConstantAndArgs( goog.string.Const.from( 'function(str, num, nul, json) { foo(str, num, nul, json); }'), 'hello world', 42, null, {'foo': 'bar'}); assertEquals( '(function(str, num, nul, json) { foo(str, num, nul, json); })' + '("hello world", 42, null, {"foo":"bar"});', goog.html.SafeScript.unwrap(script)); } function testFromConstantAndArgs_escaping() { var script = goog.html.SafeScript.fromConstantAndArgs( goog.string.Const.from('function(str) { alert(str); }'), '</script</script'); assertEquals( '(function(str) { alert(str); })' + '("\\x3c/script\\x3c/script");', goog.html.SafeScript.unwrap(script)); } function testFromConstantAndArgs_eval() { var script = goog.html.SafeScript.fromConstantAndArgs( goog.string.Const.from('function(arg1, arg2) { return arg1 * arg2; }'), 21, 2); var result = eval(goog.html.SafeScript.unwrap(script)); assertEquals(42, result); }