Examples with ScriptResult com.gargoylesoftware.htmlunit.ScriptResult used on opensource projects

Example 16 with ScriptResult

use of com.gargoylesoftware.htmlunit.ScriptResult in project jenkins by jenkinsci.

the class SvgIconTest method ensureXssIsPrevented.

private void ensureXssIsPrevented(TestRootAction testRootAction, String validationPart, String dangerousPart) throws Exception {
    JenkinsRule.WebClient wc = j.createWebClient();
    AtomicBoolean alertTriggered = new AtomicBoolean(false);
    wc.setAlertHandler((p, s) -> {
        alertTriggered.set(true);
    });
    HtmlPage page = wc.goTo(testRootAction.getUrlName());
    // now it's a regular title, but without the correction, the tooltip will be triggered
    // title field is modified by Yahoo tooltip, title attribute is set by the new code
    ScriptResult controlResult = page.executeJavaScript("var s = document.querySelector('#test-panel svg'); s.title || s.getAttribute('title');");
    Object jsControlResult = controlResult.getJavaScriptResult();
    assertThat(jsControlResult, instanceOf(String.class));
    String jsControlString = (String) jsControlResult;
    assertThat("The title attribute is not populated", jsControlString, containsString(validationPart));
    page.executeJavaScript("document.querySelector('#test-panel svg').dispatchEvent(new Event('mouseover'));");
    wc.waitForBackgroundJavaScript(1000);
    ScriptResult result = page.executeJavaScript("document.querySelector('#tt').innerHTML;");
    Object jsResult = result.getJavaScriptResult();
    assertThat(jsResult, instanceOf(String.class));
    String jsResultString = (String) jsResult;
    assertThat("XSS not prevented (content)", jsResultString, not(containsString(dangerousPart)));
    assertFalse("XSS not prevented (alert)", alertTriggered.get());
}

Example 17 with ScriptResult

use of com.gargoylesoftware.htmlunit.ScriptResult in project jenkins by jenkinsci.

the class BehaviorTest method testDuplicateRegistrations.

@Issue("JENKINS-14495")
@Test
public void testDuplicateRegistrations() throws Exception {
    HtmlPage p = j.createWebClient().goTo("self/testDuplicateRegistrations");
    ScriptResult r = p.executeJavaScript("document.getElementsBySelector('DIV.a')[0].innerHTML");
    assertEquals("initial and appended yet different", r.getJavaScriptResult().toString());
}

Example 18 with ScriptResult

use of com.gargoylesoftware.htmlunit.ScriptResult in project jenkins by jenkinsci.

the class RunTest method ensureXssIsPrevented.

private void ensureXssIsPrevented(FreeStyleProject upProject, String validationPart, String dangerousPart) throws Exception {
    JenkinsRule.WebClient wc = j.createWebClient();
    HtmlPage htmlPage = wc.goTo(upProject.getUrl());
    // trigger the tooltip display
    htmlPage.executeJavaScript("document.querySelector('#buildHistory table .build-badge img').dispatchEvent(new Event('mouseover'));");
    wc.waitForBackgroundJavaScript(500);
    ScriptResult result = htmlPage.executeJavaScript("document.querySelector('#tt').innerHTML;");
    Object jsResult = result.getJavaScriptResult();
    assertThat(jsResult, instanceOf(String.class));
    String jsResultString = (String) jsResult;
    assertThat("The tooltip does not work as expected", jsResultString, containsString(validationPart));
    assertThat("XSS not prevented", jsResultString, not(containsString(dangerousPart)));
}

Example 19 with ScriptResult

use of com.gargoylesoftware.htmlunit.ScriptResult in project htmlunit by HtmlUnit.

the class NamedAttrNodeMapImpl method doMouseEvent.

/**
 * Simulates the specified mouse event, returning the page which this element's window contains after the event.
 * The returned page may or may not be the same as the original page, depending on JavaScript event handlers, etc.
 *
 * @param eventType the mouse event type to simulate
 * @param shiftKey {@code true} if SHIFT is pressed during the mouse event
 * @param ctrlKey {@code true} if CTRL is pressed during the mouse event
 * @param altKey {@code true} if ALT is pressed during the mouse event
 * @param button the button code, must be {@link MouseEvent#BUTTON_LEFT}, {@link MouseEvent#BUTTON_MIDDLE}
 *        or {@link MouseEvent#BUTTON_RIGHT}
 * @return the page which this element's window contains after the event
 */
private Page doMouseEvent(final String eventType, final boolean shiftKey, final boolean ctrlKey, final boolean altKey, final int button) {
    final SgmlPage page = getPage();
    if (!page.getWebClient().isJavaScriptEnabled()) {
        return page;
    }
    final ScriptResult scriptResult;
    final Event event;
    if (MouseEvent.TYPE_CONTEXT_MENU.equals(eventType) && getPage().getWebClient().getBrowserVersion().hasFeature(EVENT_ONCLICK_USES_POINTEREVENT)) {
        event = new PointerEvent(this, eventType, shiftKey, ctrlKey, altKey, button, 0);
    } else {
        event = new MouseEvent(this, eventType, shiftKey, ctrlKey, altKey, button);
    }
    scriptResult = fireEvent(event);
    final Page currentPage;
    if (scriptResult == null) {
        currentPage = page;
    } else {
        currentPage = page.getWebClient().getCurrentWindow().getEnclosedPage();
    }
    final boolean mouseOver = !MouseEvent.TYPE_MOUSE_OUT.equals(eventType);
    if (mouseOver_ != mouseOver) {
        mouseOver_ = mouseOver;
        page.clearComputedStyles();
    }
    return currentPage;
}

Example 20 with ScriptResult

use of com.gargoylesoftware.htmlunit.ScriptResult in project htmlunit by HtmlUnit.

the class NamedAttrNodeMapImpl method click.

/**
 * <span style="color:red">INTERNAL API - SUBJECT TO CHANGE AT ANY TIME - USE AT YOUR OWN RISK.</span><br>
 *
 * Simulates clicking on this element, returning the page in the window that has the focus
 * after the element has been clicked. Note that the returned page may or may not be the same
 * as the original page, depending on the type of element being clicked, the presence of JavaScript
 * action listeners, etc.
 *
 * @param event the click event used
 * @param shiftKey {@code true} if SHIFT is pressed during the click
 * @param ctrlKey {@code true} if CTRL is pressed during the click
 * @param altKey {@code true} if ALT is pressed during the click
 * @param ignoreVisibility whether to ignore visibility or not
 * @param <P> the page type
 * @return the page contained in the current window as returned by {@link WebClient#getCurrentWindow()}
 * @exception IOException if an IO error occurs
 */
@SuppressWarnings("unchecked")
public <P extends Page> P click(final Event event, final boolean shiftKey, final boolean ctrlKey, final boolean altKey, final boolean ignoreVisibility) throws IOException {
    final SgmlPage page = getPage();
    if ((!ignoreVisibility && !isDisplayed()) || isDisabledElementAndDisabled()) {
        return (P) page;
    }
    if (!page.getWebClient().isJavaScriptEnabled()) {
        doClickStateUpdate(shiftKey, ctrlKey);
        page.getWebClient().loadDownloadedResponses();
        return (P) getPage().getWebClient().getCurrentWindow().getEnclosedPage();
    }
    // may be different from page when working with "orphaned pages"
    // (ex: clicking a link in a page that is not active anymore)
    final Page contentPage = page.getEnclosingWindow().getEnclosedPage();
    boolean stateUpdated = false;
    boolean changed = false;
    if (isStateUpdateFirst()) {
        changed = doClickStateUpdate(shiftKey, ctrlKey);
        stateUpdated = true;
    }
    final AbstractJavaScriptEngine<?> jsEngine = page.getWebClient().getJavaScriptEngine();
    jsEngine.holdPosponedActions();
    try {
        final ScriptResult scriptResult = doClickFireClickEvent(event);
        final boolean eventIsAborted = event.isAborted(scriptResult);
        final boolean pageAlreadyChanged = contentPage != page.getEnclosingWindow().getEnclosedPage();
        if (!pageAlreadyChanged && !stateUpdated && !eventIsAborted) {
            changed = doClickStateUpdate(shiftKey, ctrlKey);
        }
    } finally {
        jsEngine.processPostponedActions();
    }
    if (changed) {
        doClickFireChangeEvent();
    }
    return (P) getPage().getWebClient().getCurrentWindow().getEnclosedPage();
}