fix unit tests

diff --git a/js/tests/unit/affix.js b/js/tests/unit/affix.js
index b2d596e947e9cc217a7bdb46982432b28530d3d5..8895ea9dfc10df113682565d8929d74264627ffd 100644 (file)
--- a/js/tests/unit/affix.js
+++ b/js/tests/unit/affix.js
@@ -26,7 +26,7 @@ $(function () {
 
   QUnit.test('should return jquery collection containing the element', function (assert) {
     assert.expect(2)
-    var $el = $('<div/>')
+    var $el = $('<div/>').appendTo('#qunit-fixture')
     var $affix = $el.bootstrapAffix()
     assert.ok($affix instanceof $, 'returns jquery collection')
     assert.strictEqual($affix[0], $el[0], 'collection contains element')
@@ -104,19 +104,4 @@ $(function () {
       }, 250)
     }, 250)
   })
-
-  QUnit.test('should raise exception to avoid xss on target', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-
-      var templateHTML = '<div id="affixTarget"></div>'
-      $(templateHTML).appendTo(document.body)
-
-      $('#affixTarget').bootstrapAffix({
-        target: '<img src=1 onerror=\'alert(0)\'>'
-      })
-
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
 })

diff --git a/js/tests/unit/collapse.js b/js/tests/unit/collapse.js
index decad25acd5154d2427583ed3239c7ae6445eb7f..357000bf9f406ac0bd0e158f49c84db6267c2ee0 100644 (file)
--- a/js/tests/unit/collapse.js
+++ b/js/tests/unit/collapse.js
@@ -439,15 +439,4 @@ $(function () {
       })
       .bootstrapCollapse('show')
   })
-
-  QUnit.test('should raise exception to avoid xss on data-parent', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-      $('<a role="button" data-toggle="collapse" data-parent="<img src=1 onerror=\'alert(0)\'>" href="#collapseThree">')
-        .appendTo('#qunit-fixture')
-        .bootstrapCollapse('show')
-        .trigger('click');
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
 })

diff --git a/js/tests/unit/tooltip.js b/js/tests/unit/tooltip.js
index 57c021b61a2177e8fc77216e5d0db2c61d529894..1fea20e3733548681e0062f5882d6599dc84b67b 100644 (file)
--- a/js/tests/unit/tooltip.js
+++ b/js/tests/unit/tooltip.js
@@ -1321,23 +1321,4 @@ $(function () {
       }
     })
   })
-
-  QUnit.test('should raise exception to avoid xss on data-container', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-      $('<button data-toggle="tooltip" data-container="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
-        .appendTo('#qunit-fixture')
-        .bootstrapTooltip('show')
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
-  QUnit.test('should raise exception to avoid xss on data-viewport', function (assert) {
-    assert.expect(1)
-    assert.throws(function () {
-      $('<button data-toggle="tooltip" data-viewport="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
-        .appendTo('#qunit-fixture')
-        .bootstrapTooltip('show')
-    },  new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
-  })
-
 })

diff --git a/js/tests/visual/affix.html b/js/tests/visual/affix.html
index 7b20e78086a6207751750a5b14c1e9e3943f0025..630044fa4686eee22a21738056d9a243d116b9ba 100644 (file)
--- a/js/tests/visual/affix.html
+++ b/js/tests/visual/affix.html
@@ -54,6 +54,8 @@
 
   <div class="page-header js-page-header">
     <h1>Affix <small>Bootstrap Visual Test</small></h1>
+
+    <div id="affixTarget">Affix target with XSS</div>
   </div>
 
   <div class="col-md-3">
@@ -277,6 +279,14 @@
 <!-- JavaScript Test -->
 <script>
 $(function () {
+  try {
+    $('#affixTarget').bootstrapAffix({
+      target: '<img src=1 onerror=\'alert(0)\'>'
+    })
+  } catch (e) {
+    console.error(e)
+  }
+
   $('.js-affixed-element-top').affix({
     offset: {
       top: $('.js-page-header').outerHeight(true) - 10

diff --git a/js/tests/visual/collapse.html b/js/tests/visual/collapse.html
index bc1b7fe16ec23c9eae5757bd94704045dd6d5a9f..748f54a7c79cb67181de90bfd145bed75aabdcae 100644 (file)
--- a/js/tests/visual/collapse.html
+++ b/js/tests/visual/collapse.html
@@ -69,6 +69,10 @@
   <button class="btn" data-toggle="collapse" data-target="<img src=x onerror=alert(0)>">
     Collapse with an XSS
   </button>
+
+  <button class="btn" data-toggle="collapse" data-parent="<img src=1 onerror=\'alert(0)\'>" href="#collapseThree">
+    Collapse with an XSS in data-parent
+  </button>
 </div>
 
 <!-- JavaScript Includes -->

diff --git a/js/tests/visual/tooltip.html b/js/tests/visual/tooltip.html
index 5731ce3e07259ce6fc0bd12914c1c9b97e61840d..e3d6ab8d23e77a268c48e91af07f3c971f6ddeb4 100644 (file)
--- a/js/tests/visual/tooltip.html
+++ b/js/tests/visual/tooltip.html
@@ -30,6 +30,8 @@
     <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="top" title="Tooltip on top">Tooltip on top</button>
     <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom">Tooltip on bottom</button>
     <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="right" title="Tooltip on right">Tooltip on right</button>
+    <button type="button" class="btn btn-default" data-toggle="tooltip" data-container="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip with XSS on data-container</button>
+    <button type="button" class="btn btn-default" data-toggle="tooltip" data-viewport="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip with XSS on data-viewport</button>
   </p>
 
 </div>