Loading lib/galaxy/selenium/has_driver.py +3 −0 Original line number Diff line number Diff line Loading @@ -116,6 +116,9 @@ class HasDriver: def element_absent(self, selector_template: Target) -> bool: return len(self.find_elements(selector_template)) == 0 def switch_to_frame(self, name: str = "frame"): return self._wait_on(ec.frame_to_be_available_and_switch_to_it((By.NAME, name))) def wait_for_xpath(self, xpath: str, **kwds) -> WebElement: element = self._wait_on( ec.presence_of_element_located((By.XPATH, xpath)), f"XPATH selector [{xpath}] to become present", **kwds Loading test/functional/tools/html_output.xml 0 → 100644 +25 −0 Original line number Diff line number Diff line <tool id="html_output" name="html_output" version="1.0.0"> <command><![CDATA[ cp '$html_file' '$output' ]]></command> <configfiles> <configfile name="html_file"><![CDATA[ <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title data-description="hello-world">Hello World</title> </head> <body> <main> <h1>Hello, World!</h1> </main> </body> </html> ]]></configfile> </configfiles> <outputs> <data name="output" format="html" /> </outputs> </tool> test/functional/tools/sample_tool_conf.xml +1 −0 Original line number Diff line number Diff line Loading @@ -243,6 +243,7 @@ <tool file="multiple_versions_changes_v01.xml" /> <tool file="multiple_versions_changes_v02.xml" /> <tool file="html_output.xml" /> <tool file="interactivetool_simple.xml" /> <tool file="interactivetool_two_entry_points.xml" /> Loading test/integration_selenium/test_allowlist_sanitization.py 0 → 100644 +52 −0 Original line number Diff line number Diff line from .framework import ( selenium_test, SeleniumIntegrationTestCase, ) class TestAllowListSanitization(SeleniumIntegrationTestCase): run_as_admin = True axe_skip = True # skip testing iframe contents @classmethod def handle_galaxy_config_kwds(cls, config): super().handle_galaxy_config_kwds(config) config["sanitize_all_html"] = True def run_html_output(self): history_id = self.dataset_populator.new_history() run_response = self.dataset_populator.run_tool("html_output", {}, history_id=history_id) hda_id = run_response["outputs"][0]["id"] self.dataset_populator.wait_for_dataset(history_id, dataset_id=hda_id) return hda_id @selenium_test def test_html_output_sanitized(self): self.login() hda_id = self.run_html_output() self.get(f"datasets/{hda_id}/preview") self.wait_for_selector_visible("[data-description='sanitization warning']") self.assert_selector_absent("[data-description='allowlist link']") self.screenshot("sanitization warning") assert self.switch_to_frame() self.assert_selector_absent("[data-description='hello-world']") @selenium_test def test_html_output_sanitized_admin(self): self.admin_login() hda_id = self.run_html_output() self.get(f"datasets/{hda_id}/preview") self.wait_for_selector_visible("[data-description='sanitization warning']") self.wait_for_selector_visible("[data-description='allowlist link']") self.screenshot("sanitization warning admin") try: self._put( "/api/sanitize_allow?tool_id=html_output", data={"params": {"tool_id": "html_output"}}, admin=True ).raise_for_status() self.driver.refresh() self.assert_selector_absent("[data-description='sanitization warning']") self.assert_selector_absent("[data-description='allowlist link']") assert self.switch_to_frame() self.wait_for_selector("[data-description='hello-world']") finally: self._delete("/api/sanitize_allow?tool_id=html_output", admin=True) Loading
lib/galaxy/selenium/has_driver.py +3 −0 Original line number Diff line number Diff line Loading @@ -116,6 +116,9 @@ class HasDriver: def element_absent(self, selector_template: Target) -> bool: return len(self.find_elements(selector_template)) == 0 def switch_to_frame(self, name: str = "frame"): return self._wait_on(ec.frame_to_be_available_and_switch_to_it((By.NAME, name))) def wait_for_xpath(self, xpath: str, **kwds) -> WebElement: element = self._wait_on( ec.presence_of_element_located((By.XPATH, xpath)), f"XPATH selector [{xpath}] to become present", **kwds Loading
test/functional/tools/html_output.xml 0 → 100644 +25 −0 Original line number Diff line number Diff line <tool id="html_output" name="html_output" version="1.0.0"> <command><![CDATA[ cp '$html_file' '$output' ]]></command> <configfiles> <configfile name="html_file"><![CDATA[ <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title data-description="hello-world">Hello World</title> </head> <body> <main> <h1>Hello, World!</h1> </main> </body> </html> ]]></configfile> </configfiles> <outputs> <data name="output" format="html" /> </outputs> </tool>
test/functional/tools/sample_tool_conf.xml +1 −0 Original line number Diff line number Diff line Loading @@ -243,6 +243,7 @@ <tool file="multiple_versions_changes_v01.xml" /> <tool file="multiple_versions_changes_v02.xml" /> <tool file="html_output.xml" /> <tool file="interactivetool_simple.xml" /> <tool file="interactivetool_two_entry_points.xml" /> Loading
test/integration_selenium/test_allowlist_sanitization.py 0 → 100644 +52 −0 Original line number Diff line number Diff line from .framework import ( selenium_test, SeleniumIntegrationTestCase, ) class TestAllowListSanitization(SeleniumIntegrationTestCase): run_as_admin = True axe_skip = True # skip testing iframe contents @classmethod def handle_galaxy_config_kwds(cls, config): super().handle_galaxy_config_kwds(config) config["sanitize_all_html"] = True def run_html_output(self): history_id = self.dataset_populator.new_history() run_response = self.dataset_populator.run_tool("html_output", {}, history_id=history_id) hda_id = run_response["outputs"][0]["id"] self.dataset_populator.wait_for_dataset(history_id, dataset_id=hda_id) return hda_id @selenium_test def test_html_output_sanitized(self): self.login() hda_id = self.run_html_output() self.get(f"datasets/{hda_id}/preview") self.wait_for_selector_visible("[data-description='sanitization warning']") self.assert_selector_absent("[data-description='allowlist link']") self.screenshot("sanitization warning") assert self.switch_to_frame() self.assert_selector_absent("[data-description='hello-world']") @selenium_test def test_html_output_sanitized_admin(self): self.admin_login() hda_id = self.run_html_output() self.get(f"datasets/{hda_id}/preview") self.wait_for_selector_visible("[data-description='sanitization warning']") self.wait_for_selector_visible("[data-description='allowlist link']") self.screenshot("sanitization warning admin") try: self._put( "/api/sanitize_allow?tool_id=html_output", data={"params": {"tool_id": "html_output"}}, admin=True ).raise_for_status() self.driver.refresh() self.assert_selector_absent("[data-description='sanitization warning']") self.assert_selector_absent("[data-description='allowlist link']") assert self.switch_to_frame() self.wait_for_selector("[data-description='hello-world']") finally: self._delete("/api/sanitize_allow?tool_id=html_output", admin=True)
