forked from angular/angular.js
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbase-tag.spec.js
38 lines (29 loc) · 1.1 KB
/
base-tag.spec.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
'use strict';
describe('SCE URL policy when base tags are present', function() {
beforeEach(function() {
loadFixture('base-tag');
});
it('allows the page URL (location.href)', function() {
expectToBeTrusted(browser.getCurrentUrl(), true);
});
it('blocks off-origin URLs', function() {
expectToBeTrusted('http://evil.com', false);
});
it('allows relative URLs ("/relative")', function() {
expectToBeTrusted('/relative', true);
});
it('allows absolute URLs from the base origin', function() {
expectToBeTrusted('http://www.example.com/path/to/file.html', true);
});
it('tracks changes to the base URL', function() {
browser.executeScript(
'document.getElementsByTagName("base")[0].href = "http://xxx.example.com/";');
expectToBeTrusted('http://xxx.example.com/path/to/file.html', true);
expectToBeTrusted('http://www.example.com/path/to/file.html', false);
});
// Helpers
function expectToBeTrusted(url, isTrusted) {
var urlIsTrusted = browser.executeScript('return isTrustedUrl(arguments[0])', url);
expect(urlIsTrusted).toBe(isTrusted);
}
});