File: htmlfile_test.go

package info (click to toggle)
golang-github-igm-sockjs-go 3.0.2-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, sid, trixie
  • size: 512 kB
  • sloc: javascript: 39; makefile: 5
file content (80 lines) | stat: -rw-r--r-- 2,648 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
package sockjs

import (
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"
)

func TestHandler_htmlFileNoCallback(t *testing.T) {
	h := newTestHandler()
	rw := httptest.NewRecorder()
	req, _ := http.NewRequest("GET", "/server/session/htmlfile", nil)
	h.htmlFile(rw, req)
	if rw.Code != http.StatusInternalServerError {
		t.Errorf("Unexpected response code, got '%d', expected '%d'", rw.Code, http.StatusInternalServerError)
	}
	expectedContentType := "text/plain; charset=utf-8"
	if rw.Header().Get("content-type") != expectedContentType {
		t.Errorf("Unexpected content type, got '%s', expected '%s'", rw.Header().Get("content-type"), expectedContentType)
	}
}

func TestHandler_htmlFile(t *testing.T) {
	h := newTestHandler()
	rw := httptest.NewRecorder()
	req, _ := http.NewRequest("GET", "/server/session/htmlfile?c=testCallback", nil)
	h.htmlFile(rw, req)
	if rw.Code != http.StatusOK {
		t.Errorf("Unexpected response code, got '%d', expected '%d'", rw.Code, http.StatusOK)
	}
	expectedContentType := "text/html; charset=UTF-8"
	if rw.Header().Get("content-type") != expectedContentType {
		t.Errorf("Unexpected content-type, got '%s', expected '%s'", rw.Header().Get("content-type"), expectedContentType)
	}
	if rw.Body.String() != expectedIFrame {
		t.Errorf("Unexpected response body, got '%s', expected '%s'", rw.Body, expectedIFrame)
	}

}

func TestHandler_cannotIntoXSS(t *testing.T) {
	h := newTestHandler()
	rw := httptest.NewRecorder()
	// test simple injection
	req, _ := http.NewRequest("GET", "/server/session/htmlfile?c=fake%3Balert(1337)", nil)
	h.htmlFile(rw, req)
	if rw.Code != http.StatusBadRequest {
		t.Errorf("Unexpected response code, got '%d', expected '%d'", rw.Code, http.StatusBadRequest)
	}

	h = newTestHandler()
	rw = httptest.NewRecorder()
	// test simple injection
	req, _ = http.NewRequest("GET", "/server/session/htmlfile?c=fake%2Dalert", nil)
	h.htmlFile(rw, req)
	if rw.Code != http.StatusBadRequest {
		t.Errorf("Unexpected response code, got '%d', expected '%d'", rw.Code, http.StatusBadRequest)
	}
}

func init() {
	expectedIFrame += strings.Repeat(" ", 1024-len(expectedIFrame)+len("testCallack")+13)
	expectedIFrame += "\r\n\r\n"
	expectedIFrame += "<script>\np(\"o\");\n</script>\r\n"
}

var expectedIFrame = `<!doctype html>
<html><head>
  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head><body><h2>Don't panic!</h2>
  <script>
    document.domain = document.domain;
    var c = parent.testCallback;
    c.start();
    function p(d) {c.message(d);};
    window.onload = function() {c.stop();};
  </script>
`