(self, browser, site_url)
| 58 | assert "Forbidden" in getUrl("%s/././././././././././//////sites.json" % site_url) |
| 59 | |
| 60 | def testLinkSecurity(self, browser, site_url): |
| 61 | browser.get("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url) |
| 62 | WebDriverWait(browser, 10).until(title_is("ZeroHello - ZeroNet")) |
| 63 | assert getContextUrl(browser) == "%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url |
| 64 | |
| 65 | # Switch to inner frame |
| 66 | browser.switch_to.frame(browser.find_element_by_id("inner-iframe")) |
| 67 | assert "wrapper_nonce" in getContextUrl(browser) |
| 68 | assert browser.find_element_by_id("script_output").text == "Result: Works" |
| 69 | browser.switch_to.default_content() |
| 70 | |
| 71 | # Clicking on links without target |
| 72 | browser.switch_to.frame(browser.find_element_by_id("inner-iframe")) |
| 73 | with WaitForPageLoad(browser): |
| 74 | browser.find_element_by_id("link_to_current").click() |
| 75 | assert "wrapper_nonce" not in getContextUrl(browser) # The browser object back to default content |
| 76 | assert "Forbidden" not in browser.page_source |
| 77 | # Check if we have frame inside frame |
| 78 | browser.switch_to.frame(browser.find_element_by_id("inner-iframe")) |
| 79 | with pytest.raises(NoSuchElementException): |
| 80 | assert not browser.find_element_by_id("inner-iframe") |
| 81 | browser.switch_to.default_content() |
| 82 | |
| 83 | # Clicking on link with target=_top |
| 84 | browser.switch_to.frame(browser.find_element_by_id("inner-iframe")) |
| 85 | with WaitForPageLoad(browser): |
| 86 | browser.find_element_by_id("link_to_top").click() |
| 87 | assert "wrapper_nonce" not in getContextUrl(browser) # The browser object back to default content |
| 88 | assert "Forbidden" not in browser.page_source |
| 89 | browser.switch_to.default_content() |
| 90 | |
| 91 | # Try to escape from inner_frame |
| 92 | browser.switch_to.frame(browser.find_element_by_id("inner-iframe")) |
| 93 | assert "wrapper_nonce" in getContextUrl(browser) # Make sure we are inside of the inner-iframe |
| 94 | with WaitForPageLoad(browser): |
| 95 | browser.execute_script("window.top.location = window.location") |
| 96 | assert "wrapper_nonce" in getContextUrl(browser) # We try to use nonce-ed html without iframe |
| 97 | assert "<iframe" in browser.page_source # Only allow to use nonce once-time |
| 98 | browser.switch_to.default_content() |
| 99 | |
| 100 | def testRaw(self, browser, site_url): |
| 101 | browser.get("%s/raw/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url) |
nothing calls this directly
no test coverage detected