MCPcopy
hub / github.com/HelloZeroNet/ZeroNet / testLinkSecurity

Method testLinkSecurity

src/Test/TestWeb.py:60–98  ·  view source on GitHub ↗
(self, browser, site_url)

Source from the content-addressed store, hash-verified

58 assert "Forbidden" in getUrl("%s/././././././././././//////sites.json" % site_url)
59
60 def testLinkSecurity(self, browser, site_url):
61 browser.get("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url)
62 WebDriverWait(browser, 10).until(title_is("ZeroHello - ZeroNet"))
63 assert getContextUrl(browser) == "%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url
64
65 # Switch to inner frame
66 browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
67 assert "wrapper_nonce" in getContextUrl(browser)
68 assert browser.find_element_by_id("script_output").text == "Result: Works"
69 browser.switch_to.default_content()
70
71 # Clicking on links without target
72 browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
73 with WaitForPageLoad(browser):
74 browser.find_element_by_id("link_to_current").click()
75 assert "wrapper_nonce" not in getContextUrl(browser) # The browser object back to default content
76 assert "Forbidden" not in browser.page_source
77 # Check if we have frame inside frame
78 browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
79 with pytest.raises(NoSuchElementException):
80 assert not browser.find_element_by_id("inner-iframe")
81 browser.switch_to.default_content()
82
83 # Clicking on link with target=_top
84 browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
85 with WaitForPageLoad(browser):
86 browser.find_element_by_id("link_to_top").click()
87 assert "wrapper_nonce" not in getContextUrl(browser) # The browser object back to default content
88 assert "Forbidden" not in browser.page_source
89 browser.switch_to.default_content()
90
91 # Try to escape from inner_frame
92 browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
93 assert "wrapper_nonce" in getContextUrl(browser) # Make sure we are inside of the inner-iframe
94 with WaitForPageLoad(browser):
95 browser.execute_script("window.top.location = window.location")
96 assert "wrapper_nonce" in getContextUrl(browser) # We try to use nonce-ed html without iframe
97 assert "<iframe" in browser.page_source # Only allow to use nonce once-time
98 browser.switch_to.default_content()
99
100 def testRaw(self, browser, site_url):
101 browser.get("%s/raw/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url)

Callers

nothing calls this directly

Calls 3

getContextUrlFunction · 0.85
WaitForPageLoadClass · 0.85
getMethod · 0.45

Tested by

no test coverage detected