From 7efcb2f12a16ae01958ccbeb7654387ed1ba713f Mon Sep 17 00:00:00 2001 From: Zach Bloomquist Date: Tue, 17 Sep 2019 11:58:58 -0400 Subject: [PATCH 1/2] base64 encode the config so it can't be escaped --- packages/runner/src/main.jsx | 4 +++- packages/runner/static/index.html | 2 +- packages/server/lib/controllers/runner.coffee | 6 +++++- packages/server/test/e2e/2_config_spec.coffee | 5 +++++ .../e2e/cypress/integration/config_passing_spec.coffee | 7 ++++++- 5 files changed, 20 insertions(+), 4 deletions(-) diff --git a/packages/runner/src/main.jsx b/packages/runner/src/main.jsx index 169ac89f7e65..1cc73f4c7f76 100644 --- a/packages/runner/src/main.jsx +++ b/packages/runner/src/main.jsx @@ -8,8 +8,10 @@ import Container from './app/container' configure({ enforceActions: 'strict' }) const Runner = { - start (el, config) { + start (el, base64Config) { action('started', () => { + const config = JSON.parse(atob(base64Config)) + const state = new State((config.state || {}).reporterWidth) Runner.state = state diff --git a/packages/runner/static/index.html b/packages/runner/static/index.html index df0fcdc5efda..c6948debb63a 100644 --- a/packages/runner/static/index.html +++ b/packages/runner/static/index.html @@ -17,7 +17,7 @@ window.__Cypress__ = true setTimeout(function(){ - Runner.start(document.getElementById('app'), {{{config}}}) + Runner.start(document.getElementById('app'), "{{{base64Config}}}") }, 0) diff --git a/packages/server/lib/controllers/runner.coffee b/packages/server/lib/controllers/runner.coffee index 4460e184f9e6..40bc3598e255 100644 --- a/packages/server/lib/controllers/runner.coffee +++ b/packages/server/lib/controllers/runner.coffee @@ -23,8 +23,12 @@ module.exports = { _.pick(config, "version", "platform", "arch", "projectName") ) + ## base64 before embedding so user-supplied contents can't break out of " + } + } }) it "fails", -> diff --git a/packages/server/test/support/fixtures/projects/e2e/cypress/integration/config_passing_spec.coffee b/packages/server/test/support/fixtures/projects/e2e/cypress/integration/config_passing_spec.coffee index 7974d5dab75d..17e9e8e9ead3 100644 --- a/packages/server/test/support/fixtures/projects/e2e/cypress/integration/config_passing_spec.coffee +++ b/packages/server/test/support/fixtures/projects/e2e/cypress/integration/config_passing_spec.coffee @@ -18,7 +18,7 @@ describe "Cypress static methods + props", -> expect(browser.version).to.be.a("string") expect(browser.majorVersion).to.be.a("string") expect(browser.path).to.be.a("string") - + switch browser.isHeadless when true expect(browser.isHeaded).to.be.false @@ -34,3 +34,8 @@ describe "Cypress static methods + props", -> expect(spec.name).to.eq("config_passing_spec.coffee") expect(spec.relative).to.eq("cypress/integration/config_passing_spec.coffee") expect(spec.absolute.indexOf("cypress/integration/config_passing_spec.coffee")).to.be.gt(0) + + context ".env", -> + ## https://github.com/cypress-io/cypress/issues/4952 + it "doesn't die on ") From 9a17ac217518634cfd2a583292b09e70c0947425 Mon Sep 17 00:00:00 2001 From: Zach Bloomquist Date: Tue, 17 Sep 2019 12:17:38 -0400 Subject: [PATCH 2/2] update tests --- .../server/__snapshots__/2_config_spec.coffee.js | 12 +++++++----- .../test/integration/http_requests_spec.coffee | 8 ++++++-- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/packages/server/__snapshots__/2_config_spec.coffee.js b/packages/server/__snapshots__/2_config_spec.coffee.js index 4fa3114c5629..3f3b3f017474 100644 --- a/packages/server/__snapshots__/2_config_spec.coffee.js +++ b/packages/server/__snapshots__/2_config_spec.coffee.js @@ -23,16 +23,18 @@ exports['e2e config passes 1'] = ` ✓ .arch ✓ .browser ✓ .spec + .env + ✓ doesn't die on