Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Temporary workaround to fix js-tests related to sanitizer js loading by phantomjs #6356

Merged
merged 2 commits into from
Apr 12, 2022
Merged

Temporary workaround to fix js-tests related to sanitizer js loading by phantomjs #6356

merged 2 commits into from
Apr 12, 2022

Conversation

echarles
Copy link
Member

Follow up of #6354

@echarles echarles changed the base branch from main to 6.4.x April 12, 2022 06:11
@github-actions
Copy link
Contributor

Binder 👈 Launch a Binder on branch datalayer-externals/jupyter-notebook/fix/ci/sanitizer-workaround

@echarles
Copy link
Member Author

Close/open to trigger CI.

@echarles echarles closed this Apr 12, 2022
@echarles echarles reopened this Apr 12, 2022
@echarles
Copy link
Member Author

echarles commented Apr 12, 2022
edited
Loading

Some python tests are now failing with ERROR - ModuleNotFoundError: No module named 'testpath.

@blink1073 Could it be a side-effect of yesterday #6260 I guess the CI checks has run on January. Not sure if some (transitive) deps have changed since then.

@echarles echarles marked this pull request as ready for review April 12, 2022 06:34
@echarles echarles mentioned this pull request Apr 12, 2022
Closed
@echarles
Copy link
Member Author

@blink1073 The goal of this PR is reached. It solves the casperjs issue. The base javascript test pass, included the sanitizer ones as requested on #6354 (comment)

The service and notebook js tests have failures, but a lot of them pass. The goal is to fix them in subsequent PRs.

I don't think the python failures are related to the changes of this PR.

Test file: /home/runner/work/notebook/notebook/notebook/tests/base/security.js  
PASS Safe: '<p>Hi there</p>'
PASS Safe: '<h1 class="foo">Hi There!</h1>'
PASS Safe: '<a data-cite="foo">citation</a>'
PASS Safe: '<div><span>Hi There</span></div>'
PASS Sanitized: '<script>alert([99](https://github.com/jupyter/notebook/runs/5984992097?check_suite_focus=true#step:9:99)9);</script>' => ''
PASS alert removed
PASS Sanitized: '<a onmouseover="alert(999)">9...' => '<a>999</a>'
PASS alert removed
PASS Sanitized: '<a onmouseover=alert(999)>999...' => '<a>999</a>'
PASS alert removed
PASS Sanitized: '<IMG """><SCRIPT>alert("XSS")...' => '<img>"&gt;'
PASS alert removed
PASS Sanitized: '<IMG SRC=# onmouseover="alert...' => '<img src="#">'
PASS alert removed
PASS Sanitized: '<<SCRIPT>alert(999);//<</SCRIPT>' => '&lt;'
PASS alert removed
PASS Sanitized: '<SCRIPT SRC=http://ha.ckers.o.../' => ''
PASS alert removed
PASS Sanitized: '<META HTTP-EQUIV="refresh" CO...' => ''
PASS alert removed
PASS Sanitized: '<META HTTP-EQUIV="refresh" CO...' => ''
PASS alert removed
PASS Sanitized: '<IFRAME SRC="javascript:alert...' => '<iframe></iframe>'
PASS alert removed
PASS Sanitized: '<IFRAME SRC=# onmouseover="al...' => '<iframe></iframe>'
PASS alert removed
PASS Sanitized: '<EMBED SRC="data:image/svg+xm...' => ''
PASS alert removed
PASS Sanitized: '<style src="http://untrusted/...' => ''
PASS alert removed
PASS Sanitized: '<style>div#notebook { backgro...' => ''
PASS alert removed
PASS Sanitized: '<div style="background-color:...' => '<div></div>'
PASS alert removed
Test file: /home/runner/work/notebook/notebook/notebook/test

@echarles
Copy link
Member Author

#6357 fixes the python testpath issue unrelated to this PR.

blink1073
blink1073 approved these changes Apr 12, 2022
View reviewed changes
Copy link
Contributor

@blink1073 blink1073 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@echarles echarles merged commit e764044 into jupyter:6.4.x Apr 12, 2022
@echarles
Copy link
Member Author

Thx @blink1073

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@blink1073 blink1073 blink1073 approved these changes

Assignees
No one assigned
Labels
maintenance status:resolved-locked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@echarles @blink1073