diff options
author | Wojtek Kosior <koszko@koszko.org> | 2022-06-01 18:14:09 +0200 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2022-06-10 14:13:57 +0200 |
commit | f8dedf60638bffde3f92116db3f418d2e6260e80 (patch) | |
tree | aa6da7b69f0db5c17c643505eaf9f2d8053d2daf /test/haketilo_test/unit/utils.py | |
parent | 9bee4afaab8b89613e5e504829bdd4fae204e134 (diff) | |
download | browser-extension-f8dedf60638bffde3f92116db3f418d2e6260e80.tar.gz browser-extension-f8dedf60638bffde3f92116db3f418d2e6260e80.zip |
allow eval() in injected scripts
Diffstat (limited to 'test/haketilo_test/unit/utils.py')
-rw-r--r-- | test/haketilo_test/unit/utils.py | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/test/haketilo_test/unit/utils.py b/test/haketilo_test/unit/utils.py index a49ce8c..9b3e4a0 100644 --- a/test/haketilo_test/unit/utils.py +++ b/test/haketilo_test/unit/utils.py @@ -228,12 +228,21 @@ def are_scripts_allowed(driver, nonce=None): return driver.execute_script( ''' document.haketilo_scripts_allowed = false; + document.haketilo_eval_allowed = false; const html_ns = "http://www.w3.org/1999/xhtml"; const script = document.createElementNS(html_ns, "script"); - script.innerHTML = "document.haketilo_scripts_allowed = true;"; + script.innerHTML = ` + document.haketilo_scripts_allowed = true; + eval('document.haketilo_eval_allowed = true;'); + `; if (arguments[0]) script.setAttribute("nonce", arguments[0]); (document.head || document.documentElement).append(script); + + if (document.haketilo_scripts_allowed != + document.haketilo_eval_allowed) + throw "scripts allowed but eval blocked"; + return document.haketilo_scripts_allowed; ''', nonce) |