diff options
author | cash <cash.costello@gmail.com> | 2011-11-10 21:24:47 -0500 |
---|---|---|
committer | cash <cash.costello@gmail.com> | 2011-11-16 19:53:03 -0500 |
commit | 6b6cb8e8f70b254d100ba494ea913d99be95fa7d (patch) | |
tree | 50150d855cd28478b584d45535e2edf7b063c837 /js/tests/ElggSecurityTest.js | |
parent | 45f007ed495b8f79f0b867fec72226d3c11c5eab (diff) | |
download | elgg-6b6cb8e8f70b254d100ba494ea913d99be95fa7d.tar.gz elgg-6b6cb8e8f70b254d100ba494ea913d99be95fa7d.tar.bz2 |
Fixes #4010 not sending naked query strings into add ajax tokens and also fixed a few related bugs in JavaScript
Diffstat (limited to 'js/tests/ElggSecurityTest.js')
-rw-r--r-- | js/tests/ElggSecurityTest.js | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/js/tests/ElggSecurityTest.js b/js/tests/ElggSecurityTest.js index c7309d55f..107c0adbd 100644 --- a/js/tests/ElggSecurityTest.js +++ b/js/tests/ElggSecurityTest.js @@ -26,16 +26,42 @@ ElggSecurityTest.prototype.testAddTokenAcceptsObject = function() { assertEquals(expected, elgg.security.addToken(input)); }; -ElggSecurityTest.prototype.testAddTokenAcceptsString = function() { +ElggSecurityTest.prototype.testAddTokenAcceptsRelativeUrl = function() { var input, str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; - - input = ""; - assertEquals('?' + str, elgg.security.addToken(input)); - + + input = "test"; + assertEquals(input + '?' + str, elgg.security.addToken(input)); +}; + +ElggSecurityTest.prototype.testAddTokenAcceptsFullUrl = function() { + var input, + str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; + + input = "http://elgg.org/"; + assertEquals(input + '?' + str, elgg.security.addToken(input)); +}; + +ElggSecurityTest.prototype.testAddTokenAcceptsQueryString = function() { + var input, + str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; + input = "?data=sofar"; assertEquals(input + '&' + str, elgg.security.addToken(input)); - + + input = "test?data=sofar"; + assertEquals(input + '&' + str, elgg.security.addToken(input)); + + input = "http://elgg.org/?data=sofar"; + assertEquals(input + '&' + str, elgg.security.addToken(input)); +}; + +ElggSecurityTest.prototype.testAddTokenAlreadyAdded = function() { + var input, + str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token; + + input = "http://elgg.org/?" + str + "&data=sofar"; + assertEquals(input, elgg.security.addToken(input)); }; ElggSecurityTest.prototype.testSetTokenSetsElggSecurityToken = function() { @@ -47,5 +73,3 @@ ElggSecurityTest.prototype.testSetTokenSetsElggSecurityToken = function() { elgg.security.setToken(json); assertEquals(json, elgg.security.token); }; - - |