diff options
| author | Igor Minar | 2013-10-15 15:00:22 -0700 |
|---|---|---|
| committer | Igor Minar | 2013-10-18 17:33:53 -0700 |
| commit | 08f376f2ea3d3bb384f10e3c01f7d48ed21ce351 (patch) | |
| tree | c6b71fbd761100f4aa73c310cf082526cf97b590 /test/AngularSpec.js | |
| parent | 14438058da39c3e523f420549074934ca5881b09 (diff) | |
| download | angular.js-08f376f2ea3d3bb384f10e3c01f7d48ed21ce351.tar.bz2 | |
fix(csp): fix csp auto-detection and stylesheet injection
When we refactored , we broke the csp mode because the previous implementation
relied on the fact that it was ok to lazy initialize the .csp property, this
is not the case any more.
Besides, we need to know about csp mode during bootstrap and avoid injecting the
stylesheet when csp is active, so I refactored the code to fix both issues.
PR #4411 will follow up on this commit and add more improvements.
Closes #917
Closes #2963
Closes #4394
Closes #4444
BREAKING CHANGE: triggering ngCsp directive via `ng:csp` attribute is not
supported any more. Please use data-ng-csp instead.
Diffstat (limited to 'test/AngularSpec.js')
| -rw-r--r-- | test/AngularSpec.js | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/test/AngularSpec.js b/test/AngularSpec.js index c1914947..1b08a18e 100644 --- a/test/AngularSpec.js +++ b/test/AngularSpec.js @@ -348,6 +348,46 @@ describe('angular', function() { }); + describe('csp', function() { + var originalSecurityPolicy; + + beforeEach(function() { + originalSecurityPolicy = document.securityPolicy; + }); + + afterEach(function() { + document.securityPolicy = originalSecurityPolicy; + }); + + + it('should return the false when CSP is not enabled (the default)', function() { + expect(csp()).toBe(false); + }); + + + it('should return true if CSP is autodetected via CSP v1.1 securityPolicy.isActive property', function() { + document.securityPolicy = {isActive: true}; + expect(csp()).toBe(true); + }); + + it('should return the true when CSP is enabled manually via [ng-csp]', function() { + spyOn(document, 'querySelector').andCallFake(function(selector) { + if (selector == '[ng-csp]') return {}; + }); + expect(csp()).toBe(true); + }); + + + it('should return the true when CSP is enabled manually via [data-ng-csp]', function() { + spyOn(document, 'querySelector').andCallFake(function(selector) { + if (selector == '[data-ng-csp]') return {}; + }); + expect(csp()).toBe(true); + expect(document.querySelector).toHaveBeenCalledWith('[data-ng-csp]'); + }); + }); + + describe('parseKeyValue', function() { it('should parse a string into key-value pairs', function() { expect(parseKeyValue('')).toEqual({}); |