Merge pull request #464 from peernohell/main

Merge branch 'main' of https://github.com/cure53/DOMPurify into main
cure53 · Sep 3, 2020 · 4743c0b · 4743c0b
2 parents e2b2a09 + 1727266
commit 4743c0b
Show file tree

Hide file tree

Showing 4 changed files with 283 additions and 155 deletions.
diff --git a/package.json b/package.json
@@ -69,7 +69,7 @@
     "eslint-plugin-prettier": "^3.1.3",
     "he": "^1.2.0",
     "jquery": "^3.5.0",
-    "jsdom": "8.x.x",
+    "jsdom": "16.x.x",
     "karma": "^5.1.0",
     "karma-browserstack-launcher": "^1.5.1",
     "karma-chrome-launcher": "^2.2.0",

diff --git a/test/bootstrap-test-suite.js b/test/bootstrap-test-suite.js
@@ -1,4 +1,6 @@
-module.exports = function (jsdom) {
+const fs = require('fs');
+
+module.exports = function (JSDOM) {
   class StringWrapper {
     constructor(s) {
       this.s = s;
@@ -9,40 +11,39 @@ module.exports = function (jsdom) {
     }
   }
 
-  function loadDOMPurify(assert, head, setup, onload) {
+  function loadDOMPurify(assert, addScriptAttribute, setup, onload) {
     const testDone = assert.async();
-    jsdom.env({
-      html: '<head>' + head + '</head>',
-      features: {
-        FetchExternalResources: ['script'],
-        ProcessExternalResources: ['script'],
-      },
-      created(err, window) {
-        if (setup) {
-          setup(window);
-        }
-      },
-      done(err, window) {
-        assert.ok(window.DOMPurify.sanitize);
-        // Sanity check
-        assert.equal(
-          window.DOMPurify.sanitize('<img src=x onerror=alert(1)>'),
-          '<img src="x">'
-        );
-        if (onload) {
-          onload(window);
-        }
-        testDone();
-      },
-    });
+    const { window } = new JSDOM('<head></head>', { runScripts: "dangerously" });
+    require('jquery')(window);
+    if (setup) {
+      setup(window);
+    }
+
+    const myLibrary = fs.readFileSync('dist/purify.js', { encoding: "utf-8" });
+    const scriptEl = window.document.createElement("script");
+    if (addScriptAttribute) scriptEl.setAttribute('data-tt-policy-suffix', 'suffix');
+
+    scriptEl.textContent = myLibrary;
+    window.document.body.appendChild(scriptEl);
+
+    assert.ok(window.DOMPurify.sanitize);
+    // Sanity check
+    assert.equal(
+      window.DOMPurify.sanitize('<img src=x onerror=alert(1)>'),
+      '<img src="x">'
+    );
+    if (onload) {
+      onload(window);
+    }
+    testDone();
   }
 
   QUnit.test('works in a non-Trusted Type environment', function (assert) {
     let policyCreated;
 
     loadDOMPurify(
       assert,
-      '<script src="dist/purify.js"></script>',
+      false,
       function setup(window) {
         delete window.trustedTypes;
       },
@@ -58,7 +59,7 @@ module.exports = function (jsdom) {
 
     loadDOMPurify(
       assert,
-      '<script src="dist/purify.js"></script>',
+      false,
       function setup(window) {
         window.trustedTypes = {
           createPolicy(name, rules) {
@@ -89,7 +90,7 @@ module.exports = function (jsdom) {
 
       loadDOMPurify(
         assert,
-        '<script data-tt-policy-suffix="suffix" src="dist/purify.js"></script>',
+        true,
         function setup(window) {
           window.trustedTypes = {
             createPolicy(name, rules) {

diff --git a/test/jsdom-node.js b/test/jsdom-node.js
@@ -5,6 +5,11 @@
 // Test DOMPurify + jsdom using Node.js (version 8 and up)
 const createDOMPurify = require('../dist/purify.cjs');
 const jsdom = require('jsdom');
+const { JSDOM, VirtualConsole } = jsdom;
+const virtualConsole = new VirtualConsole();
+const { window } = new JSDOM(`<html><head></head><body><div id="qunit-fixture"></div></body></html>`, { runScripts: "dangerously", virtualConsole });
+require('jquery')(window);
+
 const sanitizeTestSuite = require('./test-suite');
 const bootstrapTestSuite = require('./bootstrap-test-suite');
 const tests = require('./fixtures/expect');
@@ -19,44 +24,27 @@ QUnit.assert.contains = function (needle, haystack, message) {
 
 QUnit.config.autostart = false;
 
-QUnit.module('DOMPurify - bootstrap', bootstrapTestSuite(jsdom));
-
-jsdom.env({
-  html: `<html><head></head><body><div id="qunit-fixture"></div></body></html>`,
-  scripts: ['node_modules/jquery/dist/jquery.js'],
-  features: {
-    ProcessExternalResources: ['script'], // needed for firing the onload event for about:blank iframes
-  },
-  done(err, window) {
-    QUnit.module('DOMPurify in jsdom');
-    if (err) {
-      console.error(
-        'Unexpected error returned by jsdom.env():',
-        err,
-        err.stack
-      );
-      process.exit(1);
-    }
-
-    if (!window.jQuery) {
-      console.warn('Unable to load jQuery');
-    }
-
-    const DOMPurify = createDOMPurify(window);
-    if (!DOMPurify.isSupported) {
-      console.error(
-        'Unexpected error returned by jsdom.env():',
-        err,
-        err.stack
-      );
-      process.exit(1);
-    }
-
-    window.alert = () => {
-      window.xssed = true;
-    };
-
-    sanitizeTestSuite(DOMPurify, window, tests, xssTests);
-    QUnit.start();
-  },
-});
+QUnit.module('DOMPurify - bootstrap', bootstrapTestSuite(JSDOM));
+
+QUnit.module('DOMPurify in jsdom');
+
+if (!window.jQuery) {
+  console.warn('Unable to load jQuery');
+}
+
+const DOMPurify = createDOMPurify(window);
+if (!DOMPurify.isSupported) {
+  console.error(
+    'Unexpected error returned by jsdom.env():',
+    err,
+    err.stack
+  );
+  process.exit(1);
+}
+
+window.alert = () => {
+  window.xssed = true;
+};
+
+sanitizeTestSuite(DOMPurify, window, tests, xssTests);
+QUnit.start();