diff options
Diffstat (limited to 'test/haketilo_test/unit/utils.py')
-rw-r--r-- | test/haketilo_test/unit/utils.py | 73 |
1 files changed, 43 insertions, 30 deletions
diff --git a/test/haketilo_test/unit/utils.py b/test/haketilo_test/unit/utils.py index 7ddf92a..9b3e4a0 100644 --- a/test/haketilo_test/unit/utils.py +++ b/test/haketilo_test/unit/utils.py @@ -228,12 +228,21 @@ def are_scripts_allowed(driver, nonce=None): return driver.execute_script( ''' document.haketilo_scripts_allowed = false; + document.haketilo_eval_allowed = false; const html_ns = "http://www.w3.org/1999/xhtml"; const script = document.createElementNS(html_ns, "script"); - script.innerHTML = "document.haketilo_scripts_allowed = true;"; + script.innerHTML = ` + document.haketilo_scripts_allowed = true; + eval('document.haketilo_eval_allowed = true;'); + `; if (arguments[0]) script.setAttribute("nonce", arguments[0]); (document.head || document.documentElement).append(script); + + if (document.haketilo_scripts_allowed != + document.haketilo_eval_allowed) + throw "scripts allowed but eval blocked"; + return document.haketilo_scripts_allowed; ''', nonce) @@ -246,36 +255,40 @@ def mock_broadcast(execute_in_page): 'Object.keys(broadcast).forEach(k => broadcast[k] = () => {});' ) -def mock_cacher(execute_in_page): - """ - Some parts of code depend on content/repo_query_cacher.js and - background/CORS_bypass_server.js running in their appropriate contexts. This - function modifies the relevant browser.runtime.sendMessage function to - perform fetch(), bypassing the cacher. - """ - execute_in_page( - '''{ - const old_sendMessage = browser.tabs.sendMessage, old_fetch = fetch; - async function new_sendMessage(tab_id, msg) { - if (msg[0] !== "repo_query") - return old_sendMessage(tab_id, msg); - - /* Use snapshotted fetch(), allow other test code to override it. */ - const response = await old_fetch(msg[1]); - if (!response) - return {error: "Something happened :o"}; - - const result = {ok: response.ok, status: response.status}; - try { - result.json = await response.json(); - } catch(e) { - result.error_json = "" + e; - } - return result; - } +""" +Some parts of code depend on content/repo_query_cacher.js and +background/CORS_bypass_server.js running in their appropriate contexts. This +snippet modifies the relevant browser.runtime.sendMessage function to perform +fetch(), bypassing the cacher. +""" +mock_cacher_code = '''{ +const uint8_to_hex = + array => [...array].map(b => ("0" + b.toString(16)).slice(-2)).join(""); - browser.tabs.sendMessage = new_sendMessage; - }''') +const old_sendMessage = browser.tabs.sendMessage; +window.mock_cacher_fetch = fetch; +browser.tabs.sendMessage = async function(tab_id, msg) { + if (msg[0] !== "repo_query") + return old_sendMessage(tab_id, msg); + + /* + * Use snapshotted fetch() under the name window.mock_cacher_fetch, + * allow other test code to override it. + */ + try { + const response = await window.mock_cacher_fetch(msg[1]); + const buf = await response.arrayBuffer(); + return { + status: response.status, + statusText: response.statusText, + headers: [...response.headers.entries()], + body: uint8_to_hex(new Uint8Array(buf)) + } + } catch(e) { + return {error: {name: e.name, message: e.message}}; + } +} +}''' """ Convenience snippet of code to retrieve a copy of given object with only those |