-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support allowed scheme with
openUrl
card action (#3226)
* Support allowet pushd scheme with `openUrl` card action * Update entry * Fix test * Fix tests * Fix tests * Apply suggestions from code review Co-authored-by: Corina <[email protected]> Co-authored-by: Corina <[email protected]>
- Loading branch information
Showing
7 changed files
with
286 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
115 changes: 115 additions & 0 deletions
115
__tests__/html/cardAction.adaptiveCard.disallowedScheme.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
<!DOCTYPE html> | ||
<html lang="en-US"> | ||
<head> | ||
<script crossorigin="anonymous" src="/__dist__/testharness.js"></script> | ||
<script crossorigin="anonymous" src="/__dist__/webchat-es5.js"></script> | ||
</head> | ||
<body> | ||
<div id="webchat"></div> | ||
<script type="text/babel" data-presets="env,stage-3,react"> | ||
const { | ||
conditions, | ||
createRunHookActivityMiddleware, | ||
createStore, | ||
elements, | ||
expect, | ||
getConsoleHistory, | ||
host, | ||
pageObjects, | ||
timeouts, | ||
token | ||
} = window.WebChatTest; | ||
|
||
function stringToArrayBuffer(value) { | ||
// This assume the string is ASCII (0-127). | ||
|
||
const { length } = value; | ||
const byteArray = new Array(length); | ||
|
||
for (let index = 0; index < length; index++) { | ||
const charCode = value.charCodeAt(index); | ||
|
||
if (charCode > 127) { | ||
throw new Error('Only ASCII characters are supported.'); | ||
} | ||
|
||
byteArray[index] = charCode; | ||
} | ||
|
||
return new Uint8Array(byteArray).buffer; | ||
} | ||
|
||
(async function() { | ||
window.WebChat.renderWebChat( | ||
{ | ||
activityMiddleware: createRunHookActivityMiddleware(), | ||
directLine: window.WebChat.createDirectLine({ token: await token.fetchDirectLineToken() }), | ||
store: createStore() | ||
}, | ||
document.getElementById('webchat') | ||
); | ||
|
||
await pageObjects.wait(conditions.uiConnected(), timeouts.directLine); | ||
|
||
const fileBlob = new Blob([ | ||
stringToArrayBuffer( | ||
JSON.stringify( | ||
{ | ||
contentType: 'application/vnd.microsoft.card.adaptive', | ||
content: { | ||
type: 'AdaptiveCard', | ||
body: [ | ||
{ | ||
type: 'TextBlock', | ||
size: 'Medium', | ||
text: 'Tap on this Adaptive Card will open Bing.com.' | ||
} | ||
], | ||
$schema: 'http://adaptivecards.io/schemas/adaptive-card.json', | ||
version: '1.2', | ||
selectAction: { | ||
type: 'Action.OpenUrl', | ||
url: 'javascript:alert(1)' | ||
} | ||
} | ||
}, | ||
null, | ||
2 | ||
) | ||
) | ||
]); | ||
|
||
fileBlob.name = 'openurl-card.attachmentjson'; | ||
|
||
await pageObjects.runHook(({ useSendFiles }) => useSendFiles()([fileBlob])); | ||
await pageObjects.wait(conditions.minNumActivitiesShown(2), timeouts.directLine); | ||
|
||
const calls = []; | ||
|
||
window.open = (url, windowName, windowFeatures) => calls.push([url, windowName, windowFeatures]); | ||
|
||
const adaptiveCard = elements.activities()[1].querySelector('.ac-adaptiveCard'); | ||
|
||
adaptiveCard.click(); | ||
|
||
expect(calls).toHaveProperty('length', 0); | ||
|
||
// Expect to show a warning. | ||
await expect(getConsoleHistory()).toEqual( | ||
expect.arrayContaining([ | ||
expect.objectContaining({ | ||
args: expect.arrayContaining([expect.stringContaining('disallowed scheme')]), | ||
level: 'warn' | ||
}) | ||
]) | ||
); | ||
|
||
await host.done(); | ||
})().catch(async err => { | ||
console.error(err); | ||
|
||
await host.error(err); | ||
}); | ||
</script> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
/** | ||
* @jest-environment ./__tests__/html/__jest__/WebChatEnvironment.js | ||
*/ | ||
|
||
describe('"openUrl" action on Adaptive Card', () => { | ||
test('with a disallowed scheme should not open', () => runHTMLTest('cardAction.adaptiveCard.disallowedScheme.html')); | ||
}); |
106 changes: 106 additions & 0 deletions
106
__tests__/html/cardAction.heroCard.disallowedScheme.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
<!DOCTYPE html> | ||
<html lang="en-US"> | ||
<head> | ||
<script crossorigin="anonymous" src="/__dist__/testharness.js"></script> | ||
<script crossorigin="anonymous" src="/__dist__/webchat-es5.js"></script> | ||
</head> | ||
<body> | ||
<div id="webchat"></div> | ||
<script type="text/babel" data-presets="env,stage-3,react"> | ||
const { | ||
conditions, | ||
createRunHookActivityMiddleware, | ||
createStore, | ||
elements, | ||
expect, | ||
getConsoleHistory, | ||
host, | ||
pageObjects, | ||
timeouts, | ||
token | ||
} = window.WebChatTest; | ||
|
||
function stringToArrayBuffer(value) { | ||
// This assume the string is ASCII (0-127). | ||
|
||
const { length } = value; | ||
const byteArray = new Array(length); | ||
|
||
for (let index = 0; index < length; index++) { | ||
const charCode = value.charCodeAt(index); | ||
|
||
if (charCode > 127) { | ||
throw new Error('Only ASCII characters are supported.'); | ||
} | ||
|
||
byteArray[index] = charCode; | ||
} | ||
|
||
return new Uint8Array(byteArray).buffer; | ||
} | ||
|
||
(async function() { | ||
window.WebChat.renderWebChat( | ||
{ | ||
activityMiddleware: createRunHookActivityMiddleware(), | ||
directLine: window.WebChat.createDirectLine({ token: await token.fetchDirectLineToken() }), | ||
store: createStore() | ||
}, | ||
document.getElementById('webchat') | ||
); | ||
|
||
await pageObjects.wait(conditions.uiConnected(), timeouts.directLine); | ||
|
||
const fileBlob = new Blob([ | ||
stringToArrayBuffer( | ||
JSON.stringify( | ||
{ | ||
contentType: 'application/vnd.microsoft.card.hero', | ||
content: { | ||
tap: { | ||
type: 'openUrl', | ||
value: 'javascript:alert(1)' | ||
}, | ||
title: 'Tap on this hero card will open Bing.com.' | ||
} | ||
}, | ||
null, | ||
2 | ||
) | ||
) | ||
]); | ||
|
||
fileBlob.name = 'openurl-card.attachmentjson'; | ||
|
||
await pageObjects.runHook(({ useSendFiles }) => useSendFiles()([fileBlob])); | ||
await pageObjects.wait(conditions.minNumActivitiesShown(2), timeouts.directLine); | ||
|
||
const calls = []; | ||
|
||
window.open = (url, windowName, windowFeatures) => calls.push([url, windowName, windowFeatures]); | ||
|
||
const adaptiveCard = elements.activities()[1].querySelector('.ac-adaptiveCard'); | ||
|
||
adaptiveCard.click(); | ||
|
||
expect(calls).toHaveProperty('length', 0); | ||
|
||
// Expect to show a warning. | ||
await expect(getConsoleHistory()).toEqual( | ||
expect.arrayContaining([ | ||
expect.objectContaining({ | ||
args: expect.arrayContaining([expect.stringContaining('disallowed scheme')]), | ||
level: 'warn' | ||
}) | ||
]) | ||
); | ||
|
||
await host.done(); | ||
})().catch(async err => { | ||
console.error(err); | ||
|
||
await host.error(err); | ||
}); | ||
</script> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
/** | ||
* @jest-environment ./__tests__/html/__jest__/WebChatEnvironment.js | ||
*/ | ||
|
||
describe('"openUrl" action on hero card', () => { | ||
test('with a disallowed scheme should not open', () => runHTMLTest('cardAction.heroCard.disallowedScheme.html')); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters