]> source.dussan.org Git - jquery.git/commitdiff
projects / jquery.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ea3766c)
Tests: Workaround failures in recent XSS tests in iOS 8 - 12
authorMichał Gołębiowski-Owczarek <m.goleb@gmail.com>
Thu, 30 Apr 2020 19:25:29 +0000 (21:25 +0200)
committerMichał Gołębiowski-Owczarek <m.goleb@gmail.com>
Thu, 30 Apr 2020 19:26:18 +0000 (21:26 +0200)
iOS 8-12 parses `<noembed>` tags differently, executing this code. This is no
different to native behavior on that OS, though, so just accept it.

Ref gh-4685
Closes gh-4694

(cherry picked from commit 11066a9e6ac183dd710d1bc7aa74a3f809757136)

test/unit/manipulation.js patch | blob | history

diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js
index 39aa86a3aeba08291eeb40eb9a164a5ef3a3f767..22e9ae7470d18c99f4cdc8d936cbaf7cc164f82c 100644 (file)
--- a/test/unit/manipulation.js
+++ b/test/unit/manipulation.js
@@ -2962,7 +2962,8 @@ QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) {
 
        var container,
                counter = 0,
-               assertCount = 13,
+               oldIos = /iphone os (?:8|9|10|11|12)_/i.test( navigator.userAgent ),
+               assertCount = oldIos ? 12 : 13,
                done = assert.async( assertCount );
 
        assert.expect( assertCount );
@@ -2999,10 +3000,17 @@ QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) {
        test( "<title><title /><img src=url404 onerror=xss(4)>" );
        test( "<iframe><iframe/><img src=url404 onerror=xss(5)>" );
        test( "<noframes><noframes/><img src=url404 onerror=xss(6)>" );
-       test( "<noembed><noembed/><img src=url404 onerror=xss(7)>" );
-       test( "<noscript><noscript/><img src=url404 onerror=xss(8)>" );
-       test( "<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(9)>\">" );
-       test( "<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(10)>\">" );
-       test( "<noscript/><img src=url404 onerror=xss(11)>" );
-       test( "<option><style></option></select><img src=url404 onerror=xss(12)></style>" );
+       test( "<noscript><noscript/><img src=url404 onerror=xss(7)>" );
+       test( "<foo\" alt=\"\" title=\"/><img src=url404 onerror=xss(8)>\">" );
+       test( "<img alt=\"<x\" title=\"\" src=\"/><img src=url404 onerror=xss(9)>\">" );
+       test( "<noscript/><img src=url404 onerror=xss(10)>" );
+
+       test( "<option><style></option></select><img src=url404 onerror=xss(11)></style>" );
+
+       // Support: iOS 8 - 12 only.
+       // Old iOS parses `<noembed>` tags differently, executing this code. This is no
+       // different to native behavior on that OS, though, so just accept it.
+       if ( !oldIos ) {
+               test( "<noembed><noembed/><img src=url404 onerror=xss(12)>" );
+       }
 } );
jQuery JavaScript Library: https://github.com/jquery/jquery