move util in a util folder with the sanitizer

author: Johann-S <[email protected]> 2019-02-23 00:37:55 +0200
committer: XhmikosR <[email protected]> 2019-02-26 13:04:04 +0200
commit: 8a37045b798fd66ede9c68774f9bb657e28d956a (patch)
tree: 35a1cf1b26701975f9732e99553e53fb295678c7 /js/tests/unit
parent: 8affe84c722bc459e7152e57d36a4f515f537abf (diff)
download: bootstrap-8a37045b798fd66ede9c68774f9bb657e28d956a.tar.xz
bootstrap-8a37045b798fd66ede9c68774f9bb657e28d956a.zip
5 files changed, 59 insertions, 26 deletions
diff --git a/js/tests/unit/.eslintrc.json b/js/tests/unit/.eslintrc.json
index dfcf1eaa5..19ab5d998 100644
--- a/js/tests/unit/.eslintrc.json
+++ b/js/tests/unit/.eslintrc.json
@@ -8,6 +8,7 @@
     "bootstrap": false,
     "sinon": false,
     "Util": false,
+    "Sanitizer": false,
     "Data": false,
     "Alert": false,
     "Button": false,
diff --git a/js/tests/unit/modal.js b/js/tests/unit/modal.js
index a9a3df838..6939c5e5b 100644
--- a/js/tests/unit/modal.js
+++ b/js/tests/unit/modal.js
@@ -695,13 +695,10 @@ $(function () {
     ].join('')
 
     var $modal = $(modalHTML).appendTo('#qunit-fixture')
-    var expectedTransitionDuration = 300
-    var spy = sinon.spy(Util, 'getTransitionDurationFromElement')
 
     $modal.on('shown.bs.modal', function () {
-      assert.ok(spy.returned(expectedTransitionDuration))
       $style.remove()
-      spy.restore()
+      assert.ok(true)
       done()
     })
       .bootstrapModal('show')
diff --git a/js/tests/unit/tooltip.js b/js/tests/unit/tooltip.js
index 85fafe4b8..b542cbfb1 100644
--- a/js/tests/unit/tooltip.js
+++ b/js/tests/unit/tooltip.js
@@ -722,8 +722,10 @@ $(function () {
 
   QUnit.test('should not reload the tooltip on subsequent mouseenter events', function (assert) {
     assert.expect(1)
+    var fakeId = 1
     var titleHtml = function () {
-      var uid = Util.getUID('tooltip')
+      var uid = fakeId
+      fakeId++
       return '<p id="tt-content">' + uid + '</p><p>' + uid + '</p><p>' + uid + '</p>'
     }
 
@@ -753,8 +755,10 @@ $(function () {
   QUnit.test('should not reload the tooltip if the mouse leaves and re-enters before hiding', function (assert) {
     assert.expect(4)
 
+    var fakeId = 1
     var titleHtml = function () {
-      var uid = Util.getUID('tooltip')
+      var uid = 'tooltip' + fakeId
+      fakeId++
       return '<p id="tt-content">' + uid + '</p><p>' + uid + '</p><p>' + uid + '</p>'
     }
 
@@ -1152,24 +1156,6 @@ $(function () {
     assert.strictEqual(tooltip.config.template.indexOf('onError'), -1)
   })
 
-  QUnit.test('should sanitize template by removing tags with XSS', function (assert) {
-    assert.expect(1)
-
-    var $trigger = $('<a href="#" rel="tooltip" data-trigger="click" title="Another tooltip"/>')
-      .appendTo('#qunit-fixture')
-      .bootstrapTooltip({
-        template: [
-          '<div>',
-          '  <a href="javascript:alert(7)">Click me</a>',
-          '  <span>Some content</span>',
-          '</div>'
-        ].join('')
-      })
-
-    var tooltip = Tooltip._getInstance($trigger[0])
-    assert.strictEqual(tooltip.config.template.indexOf('script'), -1)
-  })
-
   QUnit.test('should allow custom sanitization rules', function (assert) {
     assert.expect(2)
 
diff --git a/js/tests/unit/util.js b/js/tests/unit/util/index.js
index db1412a3b..2d52ca59a 100644
--- a/js/tests/unit/util.js
+++ b/js/tests/unit/util/index.js
@@ -1,8 +1,6 @@
 $(function () {
   'use strict'
 
-  window.Util = typeof bootstrap !== 'undefined' ? bootstrap.Util : Util
-
   QUnit.module('util', {
     afterEach: function () {
       $('#qunit-fixture').html('')
diff --git a/js/tests/unit/util/sanitizer.js b/js/tests/unit/util/sanitizer.js
new file mode 100644
index 000000000..4120f0767
--- /dev/null
+++ b/js/tests/unit/util/sanitizer.js
@@ -0,0 +1,51 @@
+$(function () {
+  'use strict'
+
+  QUnit.module('sanitizer', {
+    afterEach: function () {
+      $('#qunit-fixture').html('')
+    }
+  })
+
+  QUnit.test('should export a default white list', function (assert) {
+    assert.expect(1)
+
+    assert.ok(Sanitizer.DefaultWhitelist)
+  })
+
+  QUnit.test('should sanitize template by removing tags with XSS', function (assert) {
+    assert.expect(1)
+
+    var template = [
+      '<div>',
+      '  <a href="javascript:alert(7)">Click me</a>',
+      '  <span>Some content</span>',
+      '</div>'
+    ].join('')
+
+    var result = Sanitizer.sanitizeHtml(template, Sanitizer.DefaultWhitelist, null)
+
+    assert.strictEqual(result.indexOf('script'), -1)
+  })
+
+  QUnit.test('should not use native api to sanitize if a custom function passed', function (assert) {
+    assert.expect(2)
+
+    var template = [
+      '<div>',
+      '  <span>Some content</span>',
+      '</div>'
+    ].join('')
+
+    function mySanitize(htmlUnsafe) {
+      return htmlUnsafe
+    }
+
+    var spy = sinon.spy(DOMParser.prototype, 'parseFromString')
+    var result = Sanitizer.sanitizeHtml(template, Sanitizer.DefaultWhitelist, mySanitize)
+
+    assert.strictEqual(result, template)
+    assert.strictEqual(spy.called, false)
+    spy.restore()
+  })
+})
author	Johann-S <[email protected]>	2019-02-23 00:37:55 +0200
committer	XhmikosR <[email protected]>	2019-02-26 13:04:04 +0200
commit	8a37045b798fd66ede9c68774f9bb657e28d956a (patch)
tree	35a1cf1b26701975f9732e99553e53fb295678c7 /js/tests/unit
parent	8affe84c722bc459e7152e57d36a4f515f537abf (diff)
download	bootstrap-8a37045b798fd66ede9c68774f9bb657e28d956a.tar.xz bootstrap-8a37045b798fd66ede9c68774f9bb657e28d956a.zip