Skip to content

Commit

Permalink
HTML Reporter: Fix an unescaped details.source.
Browse files Browse the repository at this point in the history 
Fix an unescaped details.source  in innerHTML.

It became apparent when using .xhtml (application/xml+xhtml) but may
have other XSS issues (see
https://en.wikipedia.org/wiki/Cross-site_scripting ) in plain HTML.

The new test gets stuck before the production code fix and completes
successfully and promptly after applying it.
  • Loading branch information
@shlomif @trentmwillis
shlomif authored and trentmwillis committed Dec 21, 2018
1 parent b385b83 commit b54e732
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 1 deletion.
1 change: 1 addition & 0 deletions Gruntfile.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@ module.exports = function( grunt ) {
"test/reporter-html/single-testid.html",
"test/reporter-html/window-onerror.html",
"test/reporter-html/window-onerror-preexisting-handler.html",
"test/reporter-html/xhtml-escape-details-source.xhtml",
"test/reporter-html/xhtml-single-testid.xhtml",
"test/reporter-urlparams.html",
"test/moduleId.html",
Expand Down
2 changes: 1 addition & 1 deletion reporter/html.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -936,7 +936,7 @@ export function escapeText( s ) {
// Show the source of the test when showing assertions
if ( details.source ) {
sourceName = document.createElement( "p" );
sourceName.innerHTML = "<strong>Source: </strong>" + details.source;
sourceName.innerHTML = "<strong>Source: </strong>" + escapeText( details.source );
addClass( sourceName, "qunit-source" );
if ( testPassed ) {
addClass( sourceName, "qunit-collapsed" );
Expand Down
8 changes: 8 additions & 0 deletions test/reporter-html/test-escape-details-source.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
QUnit.module( "outer module", function() {
QUnit.module( "inner module", function() {
QUnit.test( "test name with a special char > after char", function( assert ) {
assert.expect( 1 );
assert.ok( true, "dummy test" );
} );
} );
} );
14 changes: 14 additions & 0 deletions test/reporter-html/xhtml-escape-details-source.xhtml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html>
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="UTF-8" />
<title>QUnit Main Test Suite</title>
<link rel="stylesheet" href="../../dist/qunit.css" />
<script src="../../dist/qunit.js"></script>
<script src="test-escape-details-source.js"></script>
</head>
<body>
<div id="qunit"></div>
</body>
</html>

0 comments on commit b54e732

Please sign in to comment.