aboutsummaryrefslogtreecommitdiff
path: root/js/tests
diff options
context:
space:
mode:
authorcash <cash.costello@gmail.com>2011-11-10 21:24:47 -0500
committercash <cash.costello@gmail.com>2011-11-10 21:24:47 -0500
commit8cf115081e7a168eb3f3c74b279dac7f4e258287 (patch)
treee9a9ed6ac76722bcb6059d1a93e8aa98799a1c41 /js/tests
parent2d43e8efdfa4e8281450e683e392091fe4dadf06 (diff)
downloadelgg-8cf115081e7a168eb3f3c74b279dac7f4e258287.tar.gz
elgg-8cf115081e7a168eb3f3c74b279dac7f4e258287.tar.bz2
Fixes #4010 not sending naked query strings into add ajax tokens and also fixed a few related bugs in JavaScript
Diffstat (limited to 'js/tests')
-rw-r--r--js/tests/ElggLibTest.js22
-rw-r--r--js/tests/ElggSecurityTest.js40
2 files changed, 54 insertions, 8 deletions
diff --git a/js/tests/ElggLibTest.js b/js/tests/ElggLibTest.js
index c53c6331d..a29ebf743 100644
--- a/js/tests/ElggLibTest.js
+++ b/js/tests/ElggLibTest.js
@@ -105,3 +105,25 @@ ElggLibTest.prototype.testNormalizeUrl = function() {
assertEquals(args[1], elgg.normalize_url(args[0]));
});
};
+
+ElggLibTest.prototype.testParseUrl = function() {
+
+ [
+ ["http://www.elgg.org/test/", {'scheme': 'http', 'host': 'www.elgg.org', 'path': '/test/'}],
+ ["https://www.elgg.org/test/", {'scheme': 'https', 'host': 'www.elgg.org', 'path': '/test/'}],
+ ["ftp://www.elgg.org/test/", {'scheme': 'ftp', 'host': 'www.elgg.org', 'path': '/test/'}],
+ ["http://elgg.org/test?val1=one&val2=two", {'scheme': 'http', 'host': 'elgg.org', 'path': '/test', 'query': 'val1=one&val2=two'}],
+ ["http://elgg.org:8080/", {'scheme': 'http', 'host': 'elgg.org', 'port': 8080, 'path': '/'}],
+ ["http://elgg.org/test#there", {'scheme': 'http', 'host': 'elgg.org', 'path': '/test', 'fragment': 'there'}],
+
+ ["test?val=one", {'host': 'test', 'query': 'val=one'}],
+ ["?val=one", {'query': 'val=one'}],
+
+ ["mailto:joe@elgg.org", {'scheme': 'mailto', 'path': 'joe@elgg.org'}],
+ ["javascript:load()", {'scheme': 'javascript', 'path': 'load()'}]
+
+ ].forEach(function(args) {
+ assertEquals(args[1], elgg.parse_url(args[0]));
+ });
+};
+
diff --git a/js/tests/ElggSecurityTest.js b/js/tests/ElggSecurityTest.js
index c7309d55f..107c0adbd 100644
--- a/js/tests/ElggSecurityTest.js
+++ b/js/tests/ElggSecurityTest.js
@@ -26,16 +26,42 @@ ElggSecurityTest.prototype.testAddTokenAcceptsObject = function() {
assertEquals(expected, elgg.security.addToken(input));
};
-ElggSecurityTest.prototype.testAddTokenAcceptsString = function() {
+ElggSecurityTest.prototype.testAddTokenAcceptsRelativeUrl = function() {
var input,
str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token;
-
- input = "";
- assertEquals('?' + str, elgg.security.addToken(input));
-
+
+ input = "test";
+ assertEquals(input + '?' + str, elgg.security.addToken(input));
+};
+
+ElggSecurityTest.prototype.testAddTokenAcceptsFullUrl = function() {
+ var input,
+ str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token;
+
+ input = "http://elgg.org/";
+ assertEquals(input + '?' + str, elgg.security.addToken(input));
+};
+
+ElggSecurityTest.prototype.testAddTokenAcceptsQueryString = function() {
+ var input,
+ str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token;
+
input = "?data=sofar";
assertEquals(input + '&' + str, elgg.security.addToken(input));
-
+
+ input = "test?data=sofar";
+ assertEquals(input + '&' + str, elgg.security.addToken(input));
+
+ input = "http://elgg.org/?data=sofar";
+ assertEquals(input + '&' + str, elgg.security.addToken(input));
+};
+
+ElggSecurityTest.prototype.testAddTokenAlreadyAdded = function() {
+ var input,
+ str = "__elgg_ts=" + this.ts + "&__elgg_token=" + this.token;
+
+ input = "http://elgg.org/?" + str + "&data=sofar";
+ assertEquals(input, elgg.security.addToken(input));
};
ElggSecurityTest.prototype.testSetTokenSetsElggSecurityToken = function() {
@@ -47,5 +73,3 @@ ElggSecurityTest.prototype.testSetTokenSetsElggSecurityToken = function() {
elgg.security.setToken(json);
assertEquals(json, elgg.security.token);
};
-
-