Revision f8dedf60
Added by koszko about 1 year ago
| test/haketilo_test/unit/utils.py | ||
|---|---|---|
| 228 | 228 |
return driver.execute_script( |
| 229 | 229 |
''' |
| 230 | 230 |
document.haketilo_scripts_allowed = false; |
| 231 |
document.haketilo_eval_allowed = false; |
|
| 231 | 232 |
const html_ns = "http://www.w3.org/1999/xhtml"; |
| 232 | 233 |
const script = document.createElementNS(html_ns, "script"); |
| 233 |
script.innerHTML = "document.haketilo_scripts_allowed = true;"; |
|
| 234 |
script.innerHTML = ` |
|
| 235 |
document.haketilo_scripts_allowed = true; |
|
| 236 |
eval('document.haketilo_eval_allowed = true;');
|
|
| 237 |
`; |
|
| 234 | 238 |
if (arguments[0]) |
| 235 | 239 |
script.setAttribute("nonce", arguments[0]);
|
| 236 | 240 |
(document.head || document.documentElement).append(script); |
| 241 |
|
|
| 242 |
if (document.haketilo_scripts_allowed != |
|
| 243 |
document.haketilo_eval_allowed) |
|
| 244 |
throw "scripts allowed but eval blocked"; |
|
| 245 |
|
|
| 237 | 246 |
return document.haketilo_scripts_allowed; |
| 238 | 247 |
''', |
| 239 | 248 |
nonce) |
Also available in: Unified diff
allow eval() in injected scripts