library-mirrors/jquery
1
0
Fork 0
mirror of https://github.com/jquery/jquery.git synced 2024-11-23 02:54:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
de5398a6ad
jquery/test/data
History
Michał Gołębiowski-Owczarek de5398a6ad
Core:Manipulation: Add basic TrustedHTML support 
This ensures HTML wrapped in TrustedHTML can be used as an input to jQuery
manipulation methods in a way that doesn't violate the
`require-trusted-types-for` Content Security Policy directive.
This commit builds on previous work needed for trusted types support, including
gh-4642 and gh-4724.

One restriction is that while any TrustedHTML wrapper should work as input
for jQuery methods like `.html()` or `.append()`, for passing directly to the
`jQuery` factory the string must start with `<` and end with `>`; no trailing
or leading whitespaces are allowed. This is necessary as we cannot parse out
a part of the input for further construction; that would violate the CSP rule -
and that's what's done to HTML input not matching these constraints.

No trusted types API is used explicitly in source; the majority of the work is
ensuring we don't pass the input converted to string to APIs that would
eventually assign it to `innerHTML`. This extra cautiousness is caused by the
API being Blink-only, at least for now.

The ban on passing strings to `innerHTML` means support tests relying on such
assignments are impossible. We don't currently have such tests on the `main`
branch but we used to have many of them in the 3.x & older lines. If there's
a need to re-add such a test, we'll need an escape hatch to skip them for apps
needing CSP-enforced TrustedHTML.

See https://web.dev/trusted-types/ for more information about TrustedHTML.

Fixes gh-4409
Closes gh-4927
Ref gh-4642
Ref gh-4724
2021-09-30 16:00:24 +02:00
..
ajax Tests: Add support for running unit tests via grunt with karma 2017-12-18 12:27:38 -05:00
core Build: Take core-js-bundle from the external directory as well 2021-04-13 22:10:09 +02:00
css CSS: Correctly detect scrollbox support with non-default zoom 2018-05-07 09:28:18 -04:00
data Tests: Refactor testIframe() to make it DRYer and more consistent 2016-04-11 13:32:51 -04:00
dimensions Tests: Refactor testIframe() to make it DRYer and more consistent 2016-04-11 13:32:51 -04:00
event Tests: Add support for running unit tests via grunt with karma 2017-12-18 12:27:38 -05:00
manipulation Core: Fire iframe script in its context, add doc param in globalEval 2020-02-10 19:17:22 +01:00
offset Build:Tests: Fix custom build tests, verify on Travis 2020-01-07 23:59:08 +01:00
selector Tests: Stop using jQuery.find in tests 2019-10-21 19:02:22 +02:00
support Tests: Add support for running unit tests via grunt with karma 2017-12-18 12:27:38 -05:00
1x1.jpg Fixes #11426: getting the responseText of an xhr should be tried/caught because of IE's inability to give access to binary data. Unit test added. 2012-03-07 15:39:39 +01:00
1x1.svg Traversing: $.fn.contents() support for object 2018-05-14 13:41:42 -04:00
badcall.js Revert "Organizes the php scripts used for testing better, so that the whole logic of a unit, server-side and client-side, is contained within the unit itself. Nearly all ajax unit tests take advantage of the new 'framework'. Lots of files got deleted because they became redundant or weren't used anymore." 2012-12-05 14:54:14 +01:00
badjson.js Revert "Organizes the php scripts used for testing better, so that the whole logic of a unit, server-side and client-side, is contained within the unit itself. Nearly all ajax unit tests take advantage of the new 'framework'. Lots of files got deleted because they became redundant or weren't used anymore." 2012-12-05 14:54:14 +01:00
cleanScript.html Manipulation: Don't remove HTML comments from scripts 2021-07-19 19:04:23 +02:00
csp-ajax-script-downloaded.js Ajax: Avoid CSP errors in the script transport for async requests 2020-08-25 21:28:30 +02:00
csp-ajax-script.html Ajax: Avoid CSP errors in the script transport for async requests 2020-08-25 21:28:30 +02:00
csp-ajax-script.js Ajax: Avoid CSP errors in the script transport for async requests 2020-08-25 21:28:30 +02:00
csp-nonce-external.html Core: Preserve CSP nonce on scripts with src attribute in DOM manipulation 2019-03-25 18:14:24 +01:00
csp-nonce-external.js Core: Preserve CSP nonce on scripts with src attribute in DOM manipulation 2019-03-25 18:14:24 +01:00
csp-nonce-globaleval.html Core: Support passing nonce through jQuery.globalEval 2019-01-21 18:42:39 +01:00
csp-nonce-globaleval.js Core: Support passing nonce through jQuery.globalEval 2019-01-21 18:42:39 +01:00
csp-nonce.html Core: Preserve CSP nonce on scripts in DOM manipulation 2019-01-14 19:29:54 +01:00
csp-nonce.js Core: Preserve CSP nonce on scripts in DOM manipulation 2019-01-14 19:29:54 +01:00
csp.include.html Core:Manipulation: Add basic TrustedHTML support 2021-09-30 16:00:24 +02:00
dashboard.xml Revert "Organizes the php scripts used for testing better, so that the whole logic of a unit, server-side and client-side, is contained within the unit itself. Nearly all ajax unit tests take advantage of the new 'framework'. Lots of files got deleted because they became redundant or weren't used anymore." 2012-12-05 14:54:14 +01:00
frame.html Traversing: $.fn.contents() support for object 2018-05-14 13:41:42 -04:00
iframe.html Fix indentation in /speed and /test dirs, closes gh-780. 2012-05-18 13:28:50 -04:00
iframeTest.js Tests: Improve offset test setup and labels 2017-04-24 21:44:51 -04:00
inner_module.js Build: Update test code for compatibility with QUnit 2.x (#4297) 2019-02-18 19:03:26 +01:00
inner_nomodule.js Core: Remove IE-specific support tests, rely on document.documentMode 2019-05-13 21:39:56 +02:00
jquery-1.9.1.js Event: fix incorrect test 2015-10-12 18:37:04 +03:00
json_obj.js Revert "Organizes the php scripts used for testing better, so that the whole logic of a unit, server-side and client-side, is contained within the unit itself. Nearly all ajax unit tests take advantage of the new 'framework'. Lots of files got deleted because they became redundant or weren't used anymore." 2012-12-05 14:54:14 +01:00
mock.php Core:Manipulation: Add basic TrustedHTML support 2021-09-30 16:00:24 +02:00
module.js Build: Update test code for compatibility with QUnit 2.x (#4297) 2019-02-18 19:03:26 +01:00
name.html Build: Update test code for compatibility with QUnit 2.x (#4297) 2019-02-18 19:03:26 +01:00
nomodule.js Core: Remove IE-specific support tests, rely on document.documentMode 2019-05-13 21:39:56 +02:00
qunit-fixture.html Selector: Make empty attribute selectors work in IE again 2019-11-18 22:10:55 +01:00
readywait.html Tests: move readywait to an iframe test 2017-03-20 11:37:15 -04:00
test2.html Build: Update test code for compatibility with QUnit 2.x (#4297) 2019-02-18 19:03:26 +01:00
test3.html Core: rnotwhite -> rhtmlnotwhite and jQuery.trim -> stripAndCollapse 2016-09-15 10:40:27 -04:00
test.include.html Build: Update test code for compatibility with QUnit 2.x (#4297) 2019-02-18 19:03:26 +01:00
testinit-jsdom.js Build: Make Karma work in ES modules mode 2019-12-16 19:33:49 +01:00
testinit.js Tests: Load the TestSwarm listener via HTTPS 2021-09-29 15:28:52 +02:00
testrunner.js Tests: Remove remaining obsolete jQuery.cache references 2020-05-18 18:43:01 +02:00
testsuite.css Tests: Switch background image from online file to local 1x1.jpg 2021-05-24 18:23:50 +02:00
text.txt Tests: Add support for running unit tests via grunt with karma 2017-12-18 12:27:38 -05:00
trusted-html.html Core:Manipulation: Add basic TrustedHTML support 2021-09-30 16:00:24 +02:00
with_fries.xml Revert "Organizes the php scripts used for testing better, so that the whole logic of a unit, server-side and client-side, is contained within the unit itself. Nearly all ajax unit tests take advantage of the new 'framework'. Lots of files got deleted because they became redundant or weren't used anymore." 2012-12-05 14:54:14 +01:00