1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Fix mistake in JS response parser:

-
  Restore ability to accept ecmascript
  JS response should not modify DOM.
This commit is contained in:
Dmytro Vasin 2017-04-13 16:58:36 +03:00
parent faca40dfd4
commit db65f73f2e
2 changed files with 31 additions and 3 deletions

View file

@ -64,10 +64,10 @@ processResponse = (response, type) ->
if typeof response is 'string' and typeof type is 'string' if typeof response is 'string' and typeof type is 'string'
if type.match(/\bjson\b/) if type.match(/\bjson\b/)
try response = JSON.parse(response) try response = JSON.parse(response)
else if type.match(/\bjavascript\b/) else if type.match(/\b(?:java|ecma)script\b/)
script = document.createElement('script') script = document.createElement('script')
script.innerHTML = response script.text = response
document.body.appendChild(script) document.head.appendChild(script).parentNode.removeChild(script)
else if type.match(/\b(xml|html|svg)\b/) else if type.match(/\b(xml|html|svg)\b/)
parser = new DOMParser() parser = new DOMParser()
type = type.replace(/;.+/, '') # remove something like ';charset=utf-8' type = type.replace(/;.+/, '') # remove something like ';charset=utf-8'

View file

@ -100,6 +100,34 @@ asyncTest('JS code should be executed', 1, function() {
submit() submit()
}) })
asyncTest('ecmascript code should be executed', 1, function() {
buildForm({ method: 'post', 'data-type': 'script' })
$('form').append('<input type="text" name="content_type" value="application/ecmascript">')
$('form').append('<input type="text" name="content" value="ok(true, \'remote code should be run\')">')
submit()
})
asyncTest('execution of JS code does not modify current DOM', 1, function() {
var docLength, newDocLength
function getDocLength() {
return document.documentElement.outerHTML.length
}
buildForm({ method: 'post', 'data-type': 'script' })
$('form').append('<input type="text" name="content_type" value="text/javascript">')
$('form').append('<input type="text" name="content" value="\'remote code should be run\'">')
docLength = getDocLength()
submit(function() {
newDocLength = getDocLength()
ok(docLength === newDocLength, 'executed JS should not present in the document')
})
})
asyncTest('XML document should be parsed', 1, function() { asyncTest('XML document should be parsed', 1, function() {
buildForm({ method: 'post', 'data-type': 'html' }) buildForm({ method: 'post', 'data-type': 'html' })