Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attributes: Don't stringify attributes in the setter #4949

Merged
merged 1 commit into from
Nov 1, 2021
Merged

Attributes: Don't stringify attributes in the setter #4949

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/attributes/attr.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ jQuery.extend( {
return ret;
}

elem.setAttribute( name, value + "" );
elem.setAttribute( name, value );
return value;
}

Expand Down
6 changes: 6 additions & 0 deletions test/data/mock.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,12 @@ protected function trustedHtml( $req ) {
echo file_get_contents( __DIR__ . '/trusted-html.html' );
}

protected function trustedTypesAttributes( $req ) {
header( "Content-Security-Policy: require-trusted-types-for 'script'; report-uri ./mock.php?action=cspLog" );
header( 'Content-type: text/html' );
echo file_get_contents( __DIR__ . '/trusted-types-attributes.html' );
}

protected function errorWithScript( $req ) {
header( 'HTTP/1.0 404 Not Found' );
if ( isset( $req->query['withScriptContentType'] ) ) {
Expand Down
61 changes: 61 additions & 0 deletions test/data/trusted-types-attributes.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
<!DOCTYPE html>
<html>
<head>
<meta charset=utf-8 />
<title>Trusted HTML attribute tests</title>
</head>
<body>
<div id="qunit-fixture"></div>
<script src="../../dist/jquery.js"></script>
<script src="iframeTest.js"></script>
<script>
var i, input, elem, policy,
results = [];

function runTests( messagePrefix, getTrustedScriptUrlWrapper ) {
try {
elem = jQuery( "<script><\/script>" )
.attr( "src", getTrustedScriptUrlWrapper( "trusted-types-attributes.js" ) );
elem.appendTo( document.body );

results.push( {
actual: elem.attr( "src" ),
expected: "trusted-types-attributes.js",
message: messagePrefix + ": script URL properly set"
} );
} catch ( e ) {
results.push( {
actual: "error thrown",
expected: "",
message: messagePrefix + ": error has been thrown"
} );
}
}

if ( typeof trustedTypes !== "undefined" ) {
policy = trustedTypes.createPolicy( "jquery-test-policy", {
createScriptURL: function( html ) {
return html;
}
} );

runTests( "TrustedScriptURL", function wrapInTrustedScriptUrl( input ) {
return policy.createScriptURL( input );
} );
} else {

// No TrustedScriptURL support so let's at least run tests with object wrappers
// with a proper `toString` function. See trusted-html.html for more context.
runTests( "Object wrapper", function( input ) {
return {
toString: function toString() {
return input;
}
};
} );
}

startIframeTest( results );
</script>
</body>
</html>
1 change: 1 addition & 0 deletions test/data/trusted-types-attributes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
window.testMessage = "script run";
8 changes: 8 additions & 0 deletions test/middleware-mockserver.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,14 @@ var mocks = {
var body = fs.readFileSync( __dirname + "/data/trusted-html.html" ).toString();
resp.end( body );
},
trustedTypesAttributes: function( req, resp ) {
resp.writeHead( 200, {
"Content-Type": "text/html",
"Content-Security-Policy": "require-trusted-types-for 'script'; report-uri /base/test/data/mock.php?action=cspLog"
} );
var body = fs.readFileSync( __dirname + "/data/trusted-types-attributes.html" ).toString();
resp.end( body );
},
errorWithScript: function( req, resp ) {
if ( req.query.withScriptContentType ) {
resp.writeHead( 404, { "Content-Type": "application/javascript" } );
Expand Down
20 changes: 20 additions & 0 deletions test/unit/attributes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1764,3 +1764,23 @@ QUnit.test( "non-lowercase boolean attribute getters should not crash", function
}
} );
} );


// Test trustedTypes support in browsers where they're supported (currently Chrome 83+).
// Browsers with no TrustedScriptURL support still run tests on object wrappers with
// a proper `toString` function.
testIframe(
"Basic TrustedScriptURL support (gh-4948)",
"mock.php?action=trustedTypesAttributes",
function( assert, jQuery, window, document, test ) {
var done = assert.async();

assert.expect( 1 );

test.forEach( function( result ) {
assert.deepEqual( result.actual, result.expected, result.message );
} );

supportjQuery.get( baseURL + "mock.php?action=cspClean" ).then( done );
}
);