From 08f376f2ea3d3bb384f10e3c01f7d48ed21ce351 Mon Sep 17 00:00:00 2001 From: Igor Minar Date: Tue, 15 Oct 2013 15:00:22 -0700 Subject: fix(csp): fix csp auto-detection and stylesheet injection When we refactored , we broke the csp mode because the previous implementation relied on the fact that it was ok to lazy initialize the .csp property, this is not the case any more. Besides, we need to know about csp mode during bootstrap and avoid injecting the stylesheet when csp is active, so I refactored the code to fix both issues. PR #4411 will follow up on this commit and add more improvements. Closes #917 Closes #2963 Closes #4394 Closes #4444 BREAKING CHANGE: triggering ngCsp directive via `ng:csp` attribute is not supported any more. Please use data-ng-csp instead. --- test/AngularSpec.js | 40 ++++++++++++++++++++++++++++++++++++++++ test/ng/directive/ngCspSpec.js | 10 ---------- test/ng/snifferSpec.js | 13 ++----------- 3 files changed, 42 insertions(+), 21 deletions(-) delete mode 100644 test/ng/directive/ngCspSpec.js (limited to 'test') diff --git a/test/AngularSpec.js b/test/AngularSpec.js index c1914947..1b08a18e 100644 --- a/test/AngularSpec.js +++ b/test/AngularSpec.js @@ -348,6 +348,46 @@ describe('angular', function() { }); + describe('csp', function() { + var originalSecurityPolicy; + + beforeEach(function() { + originalSecurityPolicy = document.securityPolicy; + }); + + afterEach(function() { + document.securityPolicy = originalSecurityPolicy; + }); + + + it('should return the false when CSP is not enabled (the default)', function() { + expect(csp()).toBe(false); + }); + + + it('should return true if CSP is autodetected via CSP v1.1 securityPolicy.isActive property', function() { + document.securityPolicy = {isActive: true}; + expect(csp()).toBe(true); + }); + + it('should return the true when CSP is enabled manually via [ng-csp]', function() { + spyOn(document, 'querySelector').andCallFake(function(selector) { + if (selector == '[ng-csp]') return {}; + }); + expect(csp()).toBe(true); + }); + + + it('should return the true when CSP is enabled manually via [data-ng-csp]', function() { + spyOn(document, 'querySelector').andCallFake(function(selector) { + if (selector == '[data-ng-csp]') return {}; + }); + expect(csp()).toBe(true); + expect(document.querySelector).toHaveBeenCalledWith('[data-ng-csp]'); + }); + }); + + describe('parseKeyValue', function() { it('should parse a string into key-value pairs', function() { expect(parseKeyValue('')).toEqual({}); diff --git a/test/ng/directive/ngCspSpec.js b/test/ng/directive/ngCspSpec.js deleted file mode 100644 index 7a21b587..00000000 --- a/test/ng/directive/ngCspSpec.js +++ /dev/null @@ -1,10 +0,0 @@ -'use strict'; - -describe('ngCsp', function() { - - it('it should turn on CSP mode in $sniffer', inject(function($sniffer, $compile) { - expect($sniffer.csp).toBe(false); - $compile('
'); - expect($sniffer.csp).toBe(true); - })); -}); diff --git a/test/ng/snifferSpec.js b/test/ng/snifferSpec.js index 6edf9f61..6e9dc830 100644 --- a/test/ng/snifferSpec.js +++ b/test/ng/snifferSpec.js @@ -85,21 +85,12 @@ describe('$sniffer', function() { describe('csp', function() { - it('should be false if document.securityPolicy.isActive not available', function() { + it('should be false by default', function() { expect(sniffer({}).csp).toBe(false); }); - - - it('should use document.securityPolicy.isActive if available', function() { - var createDocumentWithCSP = function(csp) { - return {securityPolicy: {isActive: csp}}; - }; - - expect(sniffer({}, createDocumentWithCSP(false)).csp).toBe(false); - expect(sniffer({}, createDocumentWithCSP(true)).csp).toBe(true); - }); }); + describe('vendorPrefix', function() { it('should return the correct vendor prefix based on the browser', function() { -- cgit v1.2.3