Revision f8dedf60
Added by koszko about 1 year ago
test/haketilo_test/unit/utils.py | ||
---|---|---|
228 | 228 |
return driver.execute_script( |
229 | 229 |
''' |
230 | 230 |
document.haketilo_scripts_allowed = false; |
231 |
document.haketilo_eval_allowed = false; |
|
231 | 232 |
const html_ns = "http://www.w3.org/1999/xhtml"; |
232 | 233 |
const script = document.createElementNS(html_ns, "script"); |
233 |
script.innerHTML = "document.haketilo_scripts_allowed = true;"; |
|
234 |
script.innerHTML = ` |
|
235 |
document.haketilo_scripts_allowed = true; |
|
236 |
eval('document.haketilo_eval_allowed = true;'); |
|
237 |
`; |
|
234 | 238 |
if (arguments[0]) |
235 | 239 |
script.setAttribute("nonce", arguments[0]); |
236 | 240 |
(document.head || document.documentElement).append(script); |
241 |
|
|
242 |
if (document.haketilo_scripts_allowed != |
|
243 |
document.haketilo_eval_allowed) |
|
244 |
throw "scripts allowed but eval blocked"; |
|
245 |
|
|
237 | 246 |
return document.haketilo_scripts_allowed; |
238 | 247 |
''', |
239 | 248 |
nonce) |
Also available in: Unified diff
allow eval() in injected scripts