Move various tests to plugin folders
This commit is contained in:
parent
2b984e7851
commit
a67603f689
@ -25,51 +25,52 @@ module.exports = function(config) {
|
|||||||
{ pattern: "node_modules/sinon/pkg/sinon.js", type: 'module' },
|
{ pattern: "node_modules/sinon/pkg/sinon.js", type: 'module' },
|
||||||
{ pattern: "spec/mock.js", type: 'module' },
|
{ pattern: "spec/mock.js", type: 'module' },
|
||||||
|
|
||||||
{ pattern: "spec/user-details-modal.js", type: 'module' },
|
|
||||||
{ pattern: "spec/spoilers.js", type: 'module' },
|
|
||||||
{ pattern: "spec/emojis.js", type: 'module' },
|
|
||||||
{ pattern: "spec/muclist.js", type: 'module' },
|
|
||||||
{ pattern: "spec/utils.js", type: 'module' },
|
|
||||||
{ pattern: "spec/converse.js", type: 'module' },
|
{ pattern: "spec/converse.js", type: 'module' },
|
||||||
{ pattern: "spec/bookmarks.js", type: 'module' },
|
|
||||||
{ pattern: "spec/headline.js", type: 'module' },
|
|
||||||
{ pattern: "spec/disco.js", type: 'module' },
|
|
||||||
{ pattern: "spec/protocol.js", type: 'module' },
|
|
||||||
{ pattern: "spec/presence.js", type: 'module' },
|
|
||||||
{ pattern: "spec/eventemitter.js", type: 'module' },
|
|
||||||
{ pattern: "spec/smacks.js", type: 'module' },
|
|
||||||
{ pattern: "spec/ping.js", type: 'module' },
|
|
||||||
{ pattern: "spec/push.js", type: 'module' },
|
|
||||||
{ pattern: "spec/xmppstatus.js", type: 'module' },
|
|
||||||
{ pattern: "spec/mam.js", type: 'module' },
|
|
||||||
{ pattern: "spec/omemo.js", type: 'module' },
|
|
||||||
{ pattern: "spec/controlbox.js", type: 'module' },
|
|
||||||
{ pattern: "spec/roster.js", type: 'module' },
|
|
||||||
{ pattern: "spec/chatbox.js", type: 'module' },
|
|
||||||
{ pattern: "spec/messages.js", type: 'module' },
|
|
||||||
{ pattern: "spec/corrections.js", type: 'module' },
|
{ pattern: "spec/corrections.js", type: 'module' },
|
||||||
{ pattern: "spec/styling.js", type: 'module' },
|
{ pattern: "spec/disco.js", type: 'module' },
|
||||||
{ pattern: "spec/receipts.js", type: 'module' },
|
{ pattern: "spec/emojis.js", type: 'module' },
|
||||||
{ pattern: "spec/markers.js", type: 'module' },
|
{ pattern: "spec/eventemitter.js", type: 'module' },
|
||||||
{ pattern: "spec/rai.js", type: 'module' },
|
|
||||||
{ pattern: "spec/muc_messages.js", type: 'module' },
|
|
||||||
{ pattern: "spec/unfurls.js", type: 'module' },
|
|
||||||
{ pattern: "spec/muc-mentions.js", type: 'module' },
|
|
||||||
{ pattern: "spec/me-messages.js", type: 'module' },
|
|
||||||
{ pattern: "spec/mentions.js", type: 'module' },
|
|
||||||
{ pattern: "spec/retractions.js", type: 'module' },
|
|
||||||
{ pattern: "spec/muc-api.js", type: 'module' },
|
|
||||||
{ pattern: "spec/muc.js", type: 'module' },
|
|
||||||
{ pattern: "spec/modtools.js", type: 'module' },
|
|
||||||
{ pattern: "spec/room_registration.js", type: 'module' },
|
|
||||||
{ pattern: "spec/autocomplete.js", type: 'module' },
|
|
||||||
{ pattern: "spec/minchats.js", type: 'module' },
|
|
||||||
{ pattern: "spec/notification.js", type: 'module' },
|
|
||||||
{ pattern: "spec/login.js", type: 'module' },
|
|
||||||
{ pattern: "spec/register.js", type: 'module' },
|
|
||||||
{ pattern: "spec/hats.js", type: 'module' },
|
|
||||||
{ pattern: "spec/http-file-upload.js", type: 'module' },
|
{ pattern: "spec/http-file-upload.js", type: 'module' },
|
||||||
{ pattern: "spec/xss.js", type: 'module' }
|
{ pattern: "spec/mam.js", type: 'module' },
|
||||||
|
{ pattern: "spec/markers.js", type: 'module' },
|
||||||
|
{ pattern: "spec/omemo.js", type: 'module' },
|
||||||
|
{ pattern: "spec/ping.js", type: 'module' },
|
||||||
|
{ pattern: "spec/presence.js", type: 'module' },
|
||||||
|
{ pattern: "spec/protocol.js", type: 'module' },
|
||||||
|
{ pattern: "spec/push.js", type: 'module' },
|
||||||
|
{ pattern: "spec/retractions.js", type: 'module' },
|
||||||
|
{ pattern: "spec/smacks.js", type: 'module' },
|
||||||
|
{ pattern: "spec/styling.js", type: 'module' },
|
||||||
|
{ pattern: "spec/unfurls.js", type: 'module' },
|
||||||
|
{ pattern: "spec/user-details-modal.js", type: 'module' },
|
||||||
|
{ pattern: "spec/utils.js", type: 'module' },
|
||||||
|
{ pattern: "spec/xmppstatus.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/bookmark-views/tests/bookmarks.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/chatview/tests/chatbox.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/chatview/tests/me-messages.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/chatview/tests/messages.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/chatview/tests/receipts.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/chatview/tests/spoilers.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/chatview/tests/xss.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/controlbox/tests/controlbox.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/controlbox/tests/login.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/headlines-view/tests/headline.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/minimize/tests/minchats.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/autocomplete.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/hats.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/mentions.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/modtools.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/muc-api.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/muc-mentions.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/muc-messages.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/muc-registration.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/muc.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/muclist.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/rai.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/muc-views/tests/xss.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/notifications/tests/notification.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/register/tests/register.js", type: 'module' },
|
||||||
|
{ pattern: "src/plugins/rosterview/tests/roster.js", type: 'module' }
|
||||||
],
|
],
|
||||||
|
|
||||||
proxies: {
|
proxies: {
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
/*global mock, converse */
|
/*global mock, converse */
|
||||||
|
|
||||||
const $pres = converse.env.$pres;
|
|
||||||
const sizzle = converse.env.sizzle;
|
const sizzle = converse.env.sizzle;
|
||||||
const u = converse.env.utils;
|
const u = converse.env.utils;
|
||||||
|
|
||||||
@ -254,54 +253,4 @@ describe("XSS", function () {
|
|||||||
done();
|
done();
|
||||||
}));
|
}));
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("A Groupchat", function () {
|
|
||||||
|
|
||||||
it("escapes occupant nicknames when rendering them, to avoid JS-injection attacks",
|
|
||||||
mock.initConverse([], {}, async function (done, _converse) {
|
|
||||||
|
|
||||||
await mock.openAndEnterChatRoom(_converse, 'lounge@montague.lit', 'romeo');
|
|
||||||
/* <presence xmlns="jabber:client" to="jc@chat.example.org/converse.js-17184538"
|
|
||||||
* from="oo@conference.chat.example.org/<img src="x" onerror="alert(123)"/>">
|
|
||||||
* <x xmlns="http://jabber.org/protocol/muc#user">
|
|
||||||
* <item jid="jc@chat.example.org/converse.js-17184538" affiliation="owner" role="moderator"/>
|
|
||||||
* <status code="110"/>
|
|
||||||
* </x>
|
|
||||||
* </presence>"
|
|
||||||
*/
|
|
||||||
const presence = $pres({
|
|
||||||
to:'romeo@montague.lit/pda',
|
|
||||||
from:"lounge@montague.lit/<img src="x" onerror="alert(123)"/>"
|
|
||||||
}).c('x').attrs({xmlns:'http://jabber.org/protocol/muc#user'})
|
|
||||||
.c('item').attrs({
|
|
||||||
jid: 'someone@montague.lit',
|
|
||||||
role: 'moderator',
|
|
||||||
}).up()
|
|
||||||
.c('status').attrs({code:'110'}).nodeTree;
|
|
||||||
|
|
||||||
_converse.connection._dataRecv(mock.createRequest(presence));
|
|
||||||
const view = _converse.chatboxviews.get('lounge@montague.lit');
|
|
||||||
await u.waitUntil(() => view.querySelectorAll('.occupant-list .occupant-nick').length === 2);
|
|
||||||
const occupants = view.querySelectorAll('.occupant-list li .occupant-nick');
|
|
||||||
expect(occupants.length).toBe(2);
|
|
||||||
expect(occupants[0].textContent.trim()).toBe("<img src="x" onerror="alert(123)"/>");
|
|
||||||
done();
|
|
||||||
}));
|
|
||||||
|
|
||||||
it("escapes the subject before rendering it, to avoid JS-injection attacks",
|
|
||||||
mock.initConverse([], {}, async function (done, _converse) {
|
|
||||||
|
|
||||||
await mock.openAndEnterChatRoom(_converse, 'jdev@conference.jabber.org', 'jc');
|
|
||||||
spyOn(window, 'alert');
|
|
||||||
const subject = '<img src="x" onerror="alert(\'XSS\');"/>';
|
|
||||||
const view = _converse.chatboxviews.get('jdev@conference.jabber.org');
|
|
||||||
view.model.set({'subject': {
|
|
||||||
'text': subject,
|
|
||||||
'author': 'ralphm'
|
|
||||||
}});
|
|
||||||
const text = await u.waitUntil(() => view.querySelector('.chat-head__desc')?.textContent.trim());
|
|
||||||
expect(text).toBe(subject);
|
|
||||||
done();
|
|
||||||
}));
|
|
||||||
});
|
|
||||||
});
|
});
|
@ -7,7 +7,6 @@ const $iq = converse.env.$iq,
|
|||||||
|
|
||||||
describe("Chatrooms", function () {
|
describe("Chatrooms", function () {
|
||||||
|
|
||||||
|
|
||||||
describe("The /register commmand", function () {
|
describe("The /register commmand", function () {
|
||||||
|
|
||||||
it("allows you to register your nickname in a room",
|
it("allows you to register your nickname in a room",
|
56
src/plugins/muc-views/tests/xss.js
Normal file
56
src/plugins/muc-views/tests/xss.js
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
/*global mock, converse */
|
||||||
|
|
||||||
|
const $pres = converse.env.$pres;
|
||||||
|
const u = converse.env.utils;
|
||||||
|
|
||||||
|
describe("XSS", function () {
|
||||||
|
describe("A Groupchat", function () {
|
||||||
|
|
||||||
|
it("escapes occupant nicknames when rendering them, to avoid JS-injection attacks",
|
||||||
|
mock.initConverse([], {}, async function (done, _converse) {
|
||||||
|
|
||||||
|
await mock.openAndEnterChatRoom(_converse, 'lounge@montague.lit', 'romeo');
|
||||||
|
/* <presence xmlns="jabber:client" to="jc@chat.example.org/converse.js-17184538"
|
||||||
|
* from="oo@conference.chat.example.org/<img src="x" onerror="alert(123)"/>">
|
||||||
|
* <x xmlns="http://jabber.org/protocol/muc#user">
|
||||||
|
* <item jid="jc@chat.example.org/converse.js-17184538" affiliation="owner" role="moderator"/>
|
||||||
|
* <status code="110"/>
|
||||||
|
* </x>
|
||||||
|
* </presence>"
|
||||||
|
*/
|
||||||
|
const presence = $pres({
|
||||||
|
to:'romeo@montague.lit/pda',
|
||||||
|
from:"lounge@montague.lit/<img src="x" onerror="alert(123)"/>"
|
||||||
|
}).c('x').attrs({xmlns:'http://jabber.org/protocol/muc#user'})
|
||||||
|
.c('item').attrs({
|
||||||
|
jid: 'someone@montague.lit',
|
||||||
|
role: 'moderator',
|
||||||
|
}).up()
|
||||||
|
.c('status').attrs({code:'110'}).nodeTree;
|
||||||
|
|
||||||
|
_converse.connection._dataRecv(mock.createRequest(presence));
|
||||||
|
const view = _converse.chatboxviews.get('lounge@montague.lit');
|
||||||
|
await u.waitUntil(() => view.querySelectorAll('.occupant-list .occupant-nick').length === 2);
|
||||||
|
const occupants = view.querySelectorAll('.occupant-list li .occupant-nick');
|
||||||
|
expect(occupants.length).toBe(2);
|
||||||
|
expect(occupants[0].textContent.trim()).toBe("<img src="x" onerror="alert(123)"/>");
|
||||||
|
done();
|
||||||
|
}));
|
||||||
|
|
||||||
|
it("escapes the subject before rendering it, to avoid JS-injection attacks",
|
||||||
|
mock.initConverse([], {}, async function (done, _converse) {
|
||||||
|
|
||||||
|
await mock.openAndEnterChatRoom(_converse, 'jdev@conference.jabber.org', 'jc');
|
||||||
|
spyOn(window, 'alert');
|
||||||
|
const subject = '<img src="x" onerror="alert(\'XSS\');"/>';
|
||||||
|
const view = _converse.chatboxviews.get('jdev@conference.jabber.org');
|
||||||
|
view.model.set({'subject': {
|
||||||
|
'text': subject,
|
||||||
|
'author': 'ralphm'
|
||||||
|
}});
|
||||||
|
const text = await u.waitUntil(() => view.querySelector('.chat-head__desc')?.textContent.trim());
|
||||||
|
expect(text).toBe(subject);
|
||||||
|
done();
|
||||||
|
}));
|
||||||
|
});
|
||||||
|
});
|
Loading…
Reference in New Issue
Block a user