Revision: 5603
Author: [email protected]
Date: Tue Sep 24 17:41:30 2013 UTC
Log: Validate severity name passed to ses.ok.
https://codereview.appspot.com/13694048
Previously, ses.ok('not a valid name') was treated as equivalent to
ses.ok(), which is dangerous if, for example, the maxAcceptableSeverity
is set high and the intent of the ses.ok(...) call was to make a choice
based on meeting a lower severity (as caja.js does). Now, passing an
unknown severity name will throw an error.
Fixes <https://code.google.com/p/google-caja/issues/detail?id=1758>.
Supporting changes:
* browser-test-case.html no longer requires an es5= parameter, but will
fail if anything which would depend on it is called while it is
unspecified. This allows it to be used for tests that do not use
caja.js at all, such as this new test for SES.
* Tweaked ses-tests.json catalog to use inheritance/grouping.
* Note: severityNameToLevel was misnamed and entirely unused.
[email protected]
http://code.google.com/p/google-caja/source/detail?r=5603
Added:
/trunk/tests/com/google/caja/ses/test-ses-parts.js
Modified:
/trunk/src/com/google/caja/ses/repairES5.js
/trunk/tests/com/google/caja/plugin/browser-test-case.js
/trunk/tests/com/google/caja/ses/ses-tests.json
=======================================
--- /dev/null
+++ /trunk/tests/com/google/caja/ses/test-ses-parts.js Tue Sep 24 17:41:30
2013 UTC
@@ -0,0 +1,33 @@
+// Copyright (C) 2013 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+var loadSesScript = document.createElement('script');
+loadSesScript.src = '../ses/initSES.js';
+loadSesScript.onload = function() {
+ readyToTest();
+ jsunitRun();
+};
+document.body.appendChild(loadSesScript);
+
+jsunitRegister('testOk', function() {
+ assertEquals(false, ses.ok('MAGICAL_UNICORN'));
+ assertEquals(true, ses.ok('NEW_SYMPTOM'));
+
+ // Check behavior given invalid severity name
+ expectFailure(function() {
+ ses.ok('FOO');
+ });
+
+ jsunitPass();
+});
=======================================
--- /trunk/src/com/google/caja/ses/repairES5.js Fri Aug 30 02:45:50 2013 UTC
+++ /trunk/src/com/google/caja/ses/repairES5.js Tue Sep 24 17:41:30 2013 UTC
@@ -214,19 +214,20 @@
* severity of specific known problems.
*/
ses.maxAcceptableSeverityName =
- validateSeverityName(ses.maxAcceptableSeverityName);
+ validateSeverityName(ses.maxAcceptableSeverityName, false);
ses.maxAcceptableSeverity =
ses.severities[ses.maxAcceptableSeverityName];
- function validateSeverityName(severityName) {
+ function validateSeverityName(severityName, failIfInvalid) {
if (severityName) {
var sev = ses.severities[severityName];
if (sev && typeof sev.level === 'number' &&
sev.level >= ses.severities.MAGICAL_UNICORN.level &&
sev.level < ses.severities.NOT_SUPPORTED.level) {
// do nothing
+ } else if (failIfInvalid) {
+ throw new RangeError('Bad SES severityName: ' + severityName);
} else {
- logger.error('Ignoring bad severityName: ' +
- severityName + '.');
+ logger.error('Ignoring bad severityName: ' + severityName + '.');
severityName = 'SAFE_SPEC_VIOLATION';
}
} else {
@@ -234,8 +235,8 @@
}
return severityName;
}
- function severityNameToLevel(severityName) {
- return ses.severities[validateSeverityName(severityName)];
+ function lookupSeverityName(severityName, failIfInvalid) {
+ return ses.severities[validateSeverityName(severityName,
failIfInvalid)];
}
/**
@@ -300,7 +301,7 @@
*/
ses.ok = function ok(maxSeverity) {
if ('string' === typeof maxSeverity) {
- maxSeverity = ses.severities[maxSeverity];
+ maxSeverity = lookupSeverityName(maxSeverity, true);
}
if (!maxSeverity) {
maxSeverity = ses.maxAcceptableSeverity;
=======================================
--- /trunk/tests/com/google/caja/plugin/browser-test-case.js Thu Aug 22
21:54:52 2013 UTC
+++ /trunk/tests/com/google/caja/plugin/browser-test-case.js Tue Sep 24
17:41:30 2013 UTC
@@ -181,7 +181,7 @@
} else if (getUrlParam('es5') === 'false') {
inES5Mode = false;
} else {
- throw new Error('es5 parameter is not "true" or "false"');
+ inES5Mode = undefined;
}
var minifiedMode;
@@ -193,7 +193,7 @@
throw new Error('minified parameter is not "true" or "false"');
}
-var basicCajaConfig = {
+var basicCajaConfig = inES5Mode === undefined ? null : {
cajaServer: '/caja',
debug: !minifiedMode,
forceES5Mode: inES5Mode
@@ -226,9 +226,11 @@
return el;
}
- put(widget(
- link('ES5/3', !inES5Mode, withUrlParam('es5', 'false')),
- link('SES', inES5Mode, withUrlParam('es5', 'true'))));
+ if (inES5Mode !== undefined) {
+ put(widget(
+ link('ES5/3', !inES5Mode, withUrlParam('es5', 'false')),
+ link('SES', inES5Mode, withUrlParam('es5', 'true'))));
+ }
var max = getUrlParam('minified') === 'false';
put(widget(
@@ -478,6 +480,10 @@
}
function createExtraImportsForTesting(frameGroup, frame) {
+ if (inES5Mode === undefined) {
+ throw new Error('es5 flag not specified, cannot use guests');
+ }
+
var standardImports = {};
standardImports.readyToTest =
=======================================
--- /trunk/tests/com/google/caja/ses/ses-tests.json Fri Aug 23 20:27:28
2013 UTC
+++ /trunk/tests/com/google/caja/ses/ses-tests.json Tue Sep 24 17:41:30
2013 UTC
@@ -1,60 +1,58 @@
[
- {
- "label": "ses-explicit",
- "bare": "../../../../../src/com/google/caja/ses/explicit.html",
- "mode": "none",
- "comment": [
- "Detailed SES initialization report"
- ]
- },
- {
- "label": "ses-loading",
- "bare": "../ses/test-ses-loading.html",
- "mode": "none",
- "tests": [
- {
- "label": "basic",
- "params": { "load": "initSES.js" }
- },
- {
- "label": "basic-min",
- "params": { "load": "initSES-minified.js" }
- },
- {
- "label": "plus",
- "params": { "load": "initSESPlus.js" }
- },
- {
- "label": "plus-min",
- "params": { "load": "initSESPlus-minified.js" }
- },
- {
- "label": "fail-0",
- "params": { "load": "initSES.js", "failAtStage": "0" }
- },
- {
- "label": "fail-1",
- "params": { "load": "initSES.js", "failAtStage": "1" }
- },
- {
- "label": "fail-2",
- "params": { "load": "initSES.js", "failAtStage": "2" }
- },
- {
- "label": "early",
- "comment": "Ensure loading in <head> works.",
- "bare": "../ses/test-ses-early.html"
- }
- ]
- },
- {
- "label": "ses-mitigation",
- "bare": "../ses/test-ses-mitigation.html",
- "mode": "none",
- "tests": [
- {
- "label": "basic"
- }
- ]
- }
+ { "label": "ses", "mode": "none", "tests": [
+ {
+ "label": "explicit",
+ "bare": "../../../../../src/com/google/caja/ses/explicit.html",
+ "comment": [
+ "Detailed SES initialization report"
+ ]
+ },
+ {
+ "label": "loading",
+ "bare": "../ses/test-ses-loading.html",
+ "tests": [
+ {
+ "label": "basic",
+ "params": { "load": "initSES.js" }
+ },
+ {
+ "label": "basic-min",
+ "params": { "load": "initSES-minified.js" }
+ },
+ {
+ "label": "plus",
+ "params": { "load": "initSESPlus.js" }
+ },
+ {
+ "label": "plus-min",
+ "params": { "load": "initSESPlus-minified.js" }
+ },
+ {
+ "label": "fail-0",
+ "params": { "load": "initSES.js", "failAtStage": "0" }
+ },
+ {
+ "label": "fail-1",
+ "params": { "load": "initSES.js", "failAtStage": "1" }
+ },
+ {
+ "label": "fail-2",
+ "params": { "load": "initSES.js", "failAtStage": "2" }
+ },
+ {
+ "label": "early",
+ "comment": "Ensure loading in <head> works.",
+ "bare": "../ses/test-ses-early.html"
+ }
+ ]
+ },
+ {
+ "label": "mitigation",
+ "bare": "../ses/test-ses-mitigation.html"
+ },
+ {
+ "label": "parts",
+ "driver": "../ses/test-ses-parts.js"
+ }
+ ]}
]
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
