diff options
| author | Frederic Hemberger <mail@frederic-hemberger.de> | 2014-12-09 15:13:46 -0500 |
|---|---|---|
| committer | Timmy Willison <timmywillisn@gmail.com> | 2014-12-09 15:19:01 -0500 |
| commit | 58c24608210c9a9a264a38746628ebc26823f59b (patch) | |
| tree | f62d826814db8afba51396f02b46d16b32a48fed /test/unit/core.js | |
| parent | 43faf6d1f922ba44a84c93f4ff2461d208b2bf48 (diff) | |
| download | jquery-58c24608210c9a9a264a38746628ebc26823f59b.tar.gz jquery-58c24608210c9a9a264a38746628ebc26823f59b.zip | |
Core: use document.implemenation.createHTMLDocument in jQuery.parseHTML
Close gh-1505
Diffstat (limited to 'test/unit/core.js')
| -rw-r--r-- | test/unit/core.js | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/test/unit/core.js b/test/unit/core.js index 66c02ac57..783a7462e 100644 --- a/test/unit/core.js +++ b/test/unit/core.js @@ -1367,6 +1367,24 @@ test("jQuery.parseHTML", function() { ok( jQuery.parseHTML("<#if><tr><p>This is a test.</p></tr><#/if>") || true, "Garbage input should not cause error" ); }); +// This XSS test is optional, as it will only pass when `document.implementation.createHTMLDocument` +// is implemented. This might not be the case for older Android browsers (<= 2.x). +if ( document.implementation.createHTMLDocument ) { + asyncTest("jQuery.parseHTML", function() { + expect ( 1 ); + + Globals.register("parseHTMLError"); + + jQuery.globalEval("parseHTMLError = false;"); + jQuery.parseHTML( "<img src=x onerror='parseHTMLError = true'>" ); + + window.setTimeout(function() { + start(); + equal( window.parseHTMLError, false, "onerror eventhandler has not been called." ); + }, 2000); + }); +} + test("jQuery.parseJSON", function() { expect( 20 ); |