Commit Graph

11 Commits

Author SHA1 Message Date
Timmy Willison
8037b9f53e Tests: align mock.php with main branch (sans spacing diffs)
Ref gh-5531
2024-08-24 10:05:01 -04:00
Timmy Willison
b4ab47afd7 Tests: replace express with basic Node server
Closes gh-5531
2024-08-24 10:05:01 -04:00
Michał Gołębiowski-Owczarek
ba81326ffd Tests: Don't remove csp.log in the cspClean action of mock.php
For some reason the current setup worked fine with Apache but broke for me when
I migrated to nginx.

Closes gh-4936

(cherry picked from commit 1019074f7b)
2021-09-30 00:31:27 +02:00
Michał Gołębiowski-Owczarek
b14b62c8a2 Tests: Strip untypical callback parameter characters from mock.php
Only allow alphanumeric characters & underscores for callback parameters.
The change is done both for the PHP server as well as the Node.js-based version.
This is only test code so we're not fixing any security issue but it happens
often enough that the whole jQuery repository directory structure is deployed
onto the server with PHP enabled that it makes is easy to introduce security
issues if this cleanup is not done.

Ref gh-4764
Closes gh-4871

(cherry picked from a70274632d)
2021-04-13 22:36:19 +02:00
Sean Robinson
da3dd85b63 Ajax: Do not execute scripts for unsuccessful HTTP responses
The script transport used to evaluate fetched script sources which is
undesirable for unsuccessful HTTP responses. This is different to other data
types where such a convention was fine (e.g. in case of JSON).

(cherry picked from 50871a5a85)

Fixes gh-4250
Fixes gh-4655
Closes gh-4379
2020-04-06 22:33:56 +02:00
abnud1
c349818742 Build: Update test code for compatibility with QUnit 2.x (#4297)
Also, run `grunt npmcopy` to sync the "external" directory with dependencies
from package.json. For example, the Sinon library version didn't match.

Ref gh-4234
Closes gh-4297
2019-02-18 19:03:26 +01:00
Michał Gołębiowski-Owczarek
5bdc85b82b
Core: Support passing nonce through jQuery.globalEval
Fixes gh-4278
Closes gh-4280
Ref gh-3541
Ref gh-4269
2019-01-21 18:42:39 +01:00
Michał Gołębiowski-Owczarek
c7c2855ed1
Core: Preserve CSP nonce on scripts in DOM manipulation
Fixes gh-3541
Closes gh-4269
2019-01-14 19:29:54 +01:00
Timmy Willison
b8195fb94c
Tests: fix ajax test failure; add to header instead of replace 2018-11-26 12:46:58 -05:00
Andrei Fangli
e0d9411569 Ajax: Fix getResponseHeader(key) for IE11
- getResponseHeader(key) combines all header values for the provided key into a
single result where values are concatenated by ', '. This does not happen for
IE11 since multiple values for the same header are returned on separate lines.
This makes the function only return the last value of the header for IE11.
- Updated ajax headers test to better cover Object.prototype collisions

Close gh-4173
Fixes gh-3403
2018-11-26 12:00:41 -05:00
Timo Tijhof
ecd8ddea33
Tests: Add support for running unit tests via grunt with karma
- Update QUnit to 1.23.1
- Remove unused dl#dl from test/index.html
- Remove unused map#imgmap from test/index.html
- Ensure all urls to data use baseURI
- Add the 'grunt karma:main' task
  - customContextFile & customDebugFile
- Add 'npm run jenkins' script

Close gh-3744
Fixes gh-1999
2017-12-18 12:27:38 -05:00