1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
|
package sockjs
import (
"net/http"
"net/http/httptest"
"strings"
"testing"
)
func TestHandler_htmlFileNoCallback(t *testing.T) {
h := newTestHandler()
rw := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "/server/session/htmlfile", nil)
h.htmlFile(rw, req)
if rw.Code != http.StatusInternalServerError {
t.Errorf("Unexpected response code, got '%d', expected '%d'", rw.Code, http.StatusInternalServerError)
}
expectedContentType := "text/plain; charset=utf-8"
if rw.Header().Get("content-type") != expectedContentType {
t.Errorf("Unexpected content type, got '%s', expected '%s'", rw.Header().Get("content-type"), expectedContentType)
}
}
func TestHandler_htmlFile(t *testing.T) {
h := newTestHandler()
rw := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "/server/session/htmlfile?c=testCallback", nil)
h.htmlFile(rw, req)
if rw.Code != http.StatusOK {
t.Errorf("Unexpected response code, got '%d', expected '%d'", rw.Code, http.StatusOK)
}
expectedContentType := "text/html; charset=UTF-8"
if rw.Header().Get("content-type") != expectedContentType {
t.Errorf("Unexpected content-type, got '%s', expected '%s'", rw.Header().Get("content-type"), expectedContentType)
}
if rw.Body.String() != expectedIFrame {
t.Errorf("Unexpected response body, got '%s', expected '%s'", rw.Body, expectedIFrame)
}
}
func TestHandler_cannotIntoXSS(t *testing.T) {
h := newTestHandler()
rw := httptest.NewRecorder()
// test simple injection
req, _ := http.NewRequest("GET", "/server/session/htmlfile?c=fake%3Balert(1337)", nil)
h.htmlFile(rw, req)
if rw.Code != http.StatusBadRequest {
t.Errorf("Unexpected response code, got '%d', expected '%d'", rw.Code, http.StatusBadRequest)
}
h = newTestHandler()
rw = httptest.NewRecorder()
// test simple injection
req, _ = http.NewRequest("GET", "/server/session/htmlfile?c=fake%2Dalert", nil)
h.htmlFile(rw, req)
if rw.Code != http.StatusBadRequest {
t.Errorf("Unexpected response code, got '%d', expected '%d'", rw.Code, http.StatusBadRequest)
}
}
func init() {
expectedIFrame += strings.Repeat(" ", 1024-len(expectedIFrame)+len("testCallack")+13)
expectedIFrame += "\r\n\r\n"
expectedIFrame += "<script>\np(\"o\");\n</script>\r\n"
}
var expectedIFrame = `<!doctype html>
<html><head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head><body><h2>Don't panic!</h2>
<script>
document.domain = document.domain;
var c = parent.testCallback;
c.start();
function p(d) {c.message(d);};
window.onload = function() {c.stop();};
</script>
`
|