mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Fix mistake in JS response parser:
- Restore ability to accept ecmascript JS response should not modify DOM.
This commit is contained in:
parent
faca40dfd4
commit
db65f73f2e
2 changed files with 31 additions and 3 deletions
|
@ -64,10 +64,10 @@ processResponse = (response, type) ->
|
||||||
if typeof response is 'string' and typeof type is 'string'
|
if typeof response is 'string' and typeof type is 'string'
|
||||||
if type.match(/\bjson\b/)
|
if type.match(/\bjson\b/)
|
||||||
try response = JSON.parse(response)
|
try response = JSON.parse(response)
|
||||||
else if type.match(/\bjavascript\b/)
|
else if type.match(/\b(?:java|ecma)script\b/)
|
||||||
script = document.createElement('script')
|
script = document.createElement('script')
|
||||||
script.innerHTML = response
|
script.text = response
|
||||||
document.body.appendChild(script)
|
document.head.appendChild(script).parentNode.removeChild(script)
|
||||||
else if type.match(/\b(xml|html|svg)\b/)
|
else if type.match(/\b(xml|html|svg)\b/)
|
||||||
parser = new DOMParser()
|
parser = new DOMParser()
|
||||||
type = type.replace(/;.+/, '') # remove something like ';charset=utf-8'
|
type = type.replace(/;.+/, '') # remove something like ';charset=utf-8'
|
||||||
|
|
|
@ -100,6 +100,34 @@ asyncTest('JS code should be executed', 1, function() {
|
||||||
submit()
|
submit()
|
||||||
})
|
})
|
||||||
|
|
||||||
|
asyncTest('ecmascript code should be executed', 1, function() {
|
||||||
|
buildForm({ method: 'post', 'data-type': 'script' })
|
||||||
|
|
||||||
|
$('form').append('<input type="text" name="content_type" value="application/ecmascript">')
|
||||||
|
$('form').append('<input type="text" name="content" value="ok(true, \'remote code should be run\')">')
|
||||||
|
|
||||||
|
submit()
|
||||||
|
})
|
||||||
|
|
||||||
|
asyncTest('execution of JS code does not modify current DOM', 1, function() {
|
||||||
|
var docLength, newDocLength
|
||||||
|
function getDocLength() {
|
||||||
|
return document.documentElement.outerHTML.length
|
||||||
|
}
|
||||||
|
|
||||||
|
buildForm({ method: 'post', 'data-type': 'script' })
|
||||||
|
|
||||||
|
$('form').append('<input type="text" name="content_type" value="text/javascript">')
|
||||||
|
$('form').append('<input type="text" name="content" value="\'remote code should be run\'">')
|
||||||
|
|
||||||
|
docLength = getDocLength()
|
||||||
|
|
||||||
|
submit(function() {
|
||||||
|
newDocLength = getDocLength()
|
||||||
|
ok(docLength === newDocLength, 'executed JS should not present in the document')
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
asyncTest('XML document should be parsed', 1, function() {
|
asyncTest('XML document should be parsed', 1, function() {
|
||||||
buildForm({ method: 'post', 'data-type': 'html' })
|
buildForm({ method: 'post', 'data-type': 'html' })
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue