You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cordova.apache.org by "Vladimir Kotikov (Akvelon)" <v-...@microsoft.com> on 2014/08/29 23:27:54 UTC

New-style tests issues

We've found issue in manual tests for camera plugin, that crashes an application on windows platform.
Issue is that code for manual tests is generated at runtime and injected to DOM using innerHtml property, which is considered as unsafe in windows runtime apps. In other words, if HTML, you are injecting is invalid or contains unsafe elements, this will cause a runtime exception (more details of security model of Windows apps here [1] (section 'Dynamically adding HTML')

In this case <select> element and its 'name' attribute are considered unsafe. (List of safe/unsafe elements and attributes [2])

I see the following possible workarounds:


1.       Replace innterHtml with DOM manuipulation so construct <select> elements manually using appendChildNode, etc; but this will produces big amount of additional code.

2.       Another workaround - wrap DOM manipulations into execUnsafeLocalFunction call (special method, which disables security check for inner function on Windows, see [3])

3.       Use https://github.com/MSOpenTech/winstore-jscompat polyfill


In a mean time I propose to just wrap current logic into execUnsafeLocalFunction  on Windows (since this is just a test app) and see if we should proceed with different, more general approach if there are more such places found. Thoughts?

Issue: https://issues.apache.org/jira/browse/CB-7433
PR: https://github.com/apache/cordova-plugin-camera/pull/46


[1] http://msdn.microsoft.com/en-us/library/windows/apps/hh465380.aspx#differences
[2] http://msdn.microsoft.com/en-us/library/windows/apps/hh465388.aspx
[3] http://msdn.microsoft.com/en-us/library/windows/apps/hh767331.aspx
---------------
Best regards, Vladimir

Re: New-style tests issues

Posted by Martin Gonzalez <ma...@gmail.com>.

Hmmm, that's a problem, well create the whole document dynamically, it is
possible, but it would require a lot of change son the code.
Using appendChild as is at file manual tests, battery-status, media.
https://github.com/apache/cordova-plugin-file/blob/master/tests/tests.js
https://github.com/apache/cordova-plugin-file/blob/master/tests/tests.js

Creating dynamic tables and objects to set them in place. But as you have
pointed out, it would require a changes.



2014-08-29 16:27 GMT-05:00 Vladimir Kotikov (Akvelon) <
v-vlkoti@microsoft.com>:

> We've found issue in manual tests for camera plugin, that crashes an
> application on windows platform.
> Issue is that code for manual tests is generated at runtime and injected
> to DOM using innerHtml property, which is considered as unsafe in windows
> runtime apps. In other words, if HTML, you are injecting is invalid or
> contains unsafe elements, this will cause a runtime exception (more details
> of security model of Windows apps here [1] (section 'Dynamically adding
> HTML')
>
> In this case <select> element and its 'name' attribute are considered
> unsafe. (List of safe/unsafe elements and attributes [2])
>
> I see the following possible workarounds:
>
>
> 1.       Replace innterHtml with DOM manuipulation so construct <select>
> elements manually using appendChildNode, etc; but this will produces big
> amount of additional code.
>
> 2.       Another workaround - wrap DOM manipulations into
> execUnsafeLocalFunction call (special method, which disables security check
> for inner function on Windows, see [3])
>
> 3.       Use https://github.com/MSOpenTech/winstore-jscompat polyfill
>
>
> In a mean time I propose to just wrap current logic into
> execUnsafeLocalFunction  on Windows (since this is just a test app) and see
> if we should proceed with different, more general approach if there are
> more such places found. Thoughts?
>
> Issue: https://issues.apache.org/jira/browse/CB-7433
> PR: https://github.com/apache/cordova-plugin-camera/pull/46
>
>
> [1]
> http://msdn.microsoft.com/en-us/library/windows/apps/hh465380.aspx#differences
> [2] http://msdn.microsoft.com/en-us/library/windows/apps/hh465388.aspx
> [3] http://msdn.microsoft.com/en-us/library/windows/apps/hh767331.aspx
> ---------------
> Best regards, Vladimir
>
>


-- 
Regards,
Martin Gonzalez