Palak Handa / startUpJalsa-Backend

Blame view

node_modules/x-xss-protection/test/index.js 2.08 KB
edit raw normal view history
f7563de62   Palak Handa   first commit 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
  var xssFilter = require('..')
  
  var connect = require('connect')
  var request = require('supertest')
  var rfile = require('rfile')
  var each = require('async').each
  var assert = require('assert')
  
  describe('x-xss-protection', function () {
    function grabList (filename) {
      return rfile(filename)
        .split('
  ')
        .filter(function (line) {
          return line.trim() !== ''
        })
    }
  
    var enabledBrowsers = grabList('./enabled_browser_list.txt')
    var disabledBrowsers = grabList('./disabled_browser_list.txt')
  
    var app
    beforeEach(function () {
      app = connect()
      app.use(xssFilter())
      app.use(function (req, res) {
        res.end('Hello world!')
      })
    })
  
    it('enables it for supported browsers', function (done) {
      each(enabledBrowsers, function (useragent, callback) {
        request(app).get('/').set('User-Agent', useragent)
          .expect('X-XSS-Protection', '1; mode=block', callback)
      }, done)
    })
  
    it('disables it for unsupported browsers', function (done) {
      each(disabledBrowsers, function (useragent, callback) {
        request(app).get('/').set('User-Agent', useragent)
          .expect('X-XSS-Protection', '0', callback)
      }, done)
    })
  
    it('sets header if there is an empty user-agent', function (done) {
      request(app).get('/').set('User-Agent', '')
        .expect('X-XSS-Protection', '1; mode=block', done)
    })
  
    it('sets header if there is no user-agent', function (done) {
      request(app).get('/').unset('User-Agent')
        .expect('X-XSS-Protection', '1; mode=block', done)
    })
  
    it('allows you to force the header for unsupported browsers', function (done) {
      app = connect()
      app.use(xssFilter({ setOnOldIE: true }))
      app.use(function (req, res) {
        res.end('Hello world!')
      })
      each(disabledBrowsers, function (useragent, callback) {
        request(app).get('/').set('User-Agent', useragent)
          .expect('X-XSS-Protection', '1; mode=block', callback)
      }, done)
    })
  
    it('names its function and middleware', function () {
      assert.equal(xssFilter.name, 'xXssProtection')
      assert.equal(xssFilter().name, 'xXssProtection')
    })
  })