dwindown/formipay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c103e368be3843aa7ef3c1fd06083e8d4ee523f2
formipay/node_modules/csp_evaluator/parser_test.ts
dwindown e8fbfb14c1 fix: prevent asset conflicts between React and Grid.js versions 
Add coexistence checks to all enqueue methods to prevent loading
both React and Grid.js assets simultaneously.

Changes:
- ReactAdmin.php: Only enqueue React assets when ?react=1
- Init.php: Skip Grid.js when React active on admin pages
- Form.php, Coupon.php, Access.php: Restore classic assets when ?react=0
- Customer.php, Product.php, License.php: Add coexistence checks

Now the toggle between Classic and React versions works correctly.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 17:02:14 +07:00

145 lines
5.4 KiB
TypeScript
Raw Blame History

/**
* @fileoverview Tests for CSP Parser.
* @author lwe@google.com (Lukas Weichselbaum)
*
* @license
* Copyright 2016 Google Inc. All rights reserved.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import 'jasmine';
import {CspParser, TEST_ONLY} from './parser';
describe('Test parser', () => {
it('CspParser', () => {
const validCsp = // Test policy with different features from CSP2.
'default-src \'none\';' +
'script-src \'nonce-unsafefoobar\' \'unsafe-eval\' \'unsafe-inline\' \n' +
'https://example.com/foo.js foo.bar; ' +
'object-src \'none\';' +
'img-src \'self\' https: data: blob:;' +
'style-src \'self\' \'unsafe-inline\' \'sha256-1DCfk1NYWuHMfoobarfoobar=\';' +
'font-src *;' +
'child-src *.example.com:9090;' +
'upgrade-insecure-requests;\n' +
'report-uri /csp/test';
const parser = new (CspParser)(validCsp);
const parsedCsp = parser.csp;
// check directives
const directives = Object.keys(parsedCsp.directives);
const expectedDirectives = [
'default-src', 'script-src', 'object-src', 'img-src', 'style-src',
'font-src', 'child-src', 'upgrade-insecure-requests', 'report-uri'
];
expect(expectedDirectives)
.toEqual(jasmine.arrayWithExactContents(directives));
// check directive values
expect(['\'none\''])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['default-src'] as string[]));
expect([
'\'nonce-unsafefoobar\'', '\'unsafe-eval\'', '\'unsafe-inline\'',
'https://example.com/foo.js', 'foo.bar'
])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['script-src'] as string[]));
expect(['\'none\''])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['object-src'] as string[]));
expect(['\'self\'', 'https:', 'data:', 'blob:'])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['img-src'] as string[]));
expect([
'\'self\'', '\'unsafe-inline\'', '\'sha256-1DCfk1NYWuHMfoobarfoobar=\''
])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['style-src'] as string[]));
expect(['*']).toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['font-src'] as string[]));
expect(['*.example.com:9090'])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['child-src'] as string[]));
expect([]).toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['upgrade-insecure-requests'] as string[]));
expect(['/csp/test'])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['report-uri'] as string[]));
});
it('CspParserDuplicateDirectives', () => {
const validCsp = 'default-src \'none\';' +
'default-src foo.bar;' +
'object-src \'none\';' +
'OBJECT-src foo.bar;';
const parser = new (CspParser)(validCsp);
const parsedCsp = parser.csp;
// check directives
const directives = Object.keys(parsedCsp.directives);
const expectedDirectives = ['default-src', 'object-src'];
expect(expectedDirectives)
.toEqual(jasmine.arrayWithExactContents(directives));
// check directive values
expect(['\'none\''])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['default-src'] as string[]));
expect(['\'none\''])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['object-src'] as string[]));
});
it('CspParserMixedCaseKeywords', () => {
const validCsp = 'DEFAULT-src \'NONE\';' + // Keywords should be
// case insensetive.
'img-src \'sElf\' HTTPS: Example.com/CaseSensitive;';
const parser = new (CspParser)(validCsp);
const parsedCsp = parser.csp;
// check directives
const directives = Object.keys(parsedCsp.directives);
const expectedDirectives = ['default-src', 'img-src'];
expect(expectedDirectives)
.toEqual(jasmine.arrayWithExactContents(directives));
// check directive values
expect(['\'none\''])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['default-src'] as string[]));
expect(['\'self\'', 'https:', 'Example.com/CaseSensitive'])
.toEqual(jasmine.arrayWithExactContents(
parsedCsp.directives['img-src'] as string[]));
});
it('NormalizeDirectiveValue', () => {
expect(TEST_ONLY.normalizeDirectiveValue('\'nOnE\'')).toBe('\'none\'');
expect(TEST_ONLY.normalizeDirectiveValue('\'nonce-aBcD\''))
.toBe('\'nonce-aBcD\'');
expect(TEST_ONLY.normalizeDirectiveValue('\'hash-XyZ==\''))
.toBe('\'hash-XyZ==\'');
expect(TEST_ONLY.normalizeDirectiveValue('HTTPS:')).toBe('https:');
expect(TEST_ONLY.normalizeDirectiveValue('example.com/TEST'))
.toBe('example.com/TEST');
});
});
Reference in New Issue View Git Blame Copy Permalink