Commit b1989cf8 authored by Robert Knight's avatar Robert Knight

Merge pull request #3142 from hypothesis/csp-violation-admin-confirm-users-delete

CSP violation: admin confirm users delete
parents e7e47d79 fb3b1586
'use strict';
// configure error reporting
var settings = require('./settings')(document);
if (settings.raven) {
require('./raven').init(settings.raven);
}
window.$ = window.jQuery = require('jquery'); window.$ = window.jQuery = require('jquery');
require('bootstrap'); require('bootstrap');
var page = require('page');
var AdminUsersController = require('./admin-users');
page('/admin/users', function() {
new AdminUsersController(document.body, window);
});
document.addEventListener('DOMContentLoaded', function () {
page.start();
});
'use strict';
function AdminUsersController(element, window_) {
this._form = element.querySelector('#js-users-delete-form');
function confirmFormSubmit() {
return window_.confirm('This will permanently delete all the user\'s data. Are you sure?');
}
if (this._form) {
this._form.addEventListener('submit', function (event) {
if (!confirmFormSubmit()) {
event.preventDefault();
}
});
}
}
module.exports = AdminUsersController;
'use strict';
var AdminUsersController = require('../admin-users');
// helper to dispatch a native event to an element
function sendEvent(element, eventType) {
// createEvent() used instead of Event constructor
// for PhantomJS compatibility
var event = document.createEvent('Event');
event.initEvent(eventType, true /* bubbles */, true /* cancelable */);
element.dispatchEvent(event);
return event;
}
describe('AdminUsersController', function () {
var root;
var form;
beforeEach(function () {
root = document.createElement('div');
root.innerHTML = '<form id="js-users-delete-form">' +
'<input type="submit" id="submit-btn">';
form = root.querySelector('form');
document.body.appendChild(root);
});
afterEach(function () {
root.parentNode.removeChild(root);
});
it('it submits the form when confirm returns true', function () {
var fakeWindow = {confirm: sinon.stub().returns(true)};
new AdminUsersController(root, fakeWindow);
var event = sendEvent(form, 'submit');
assert.isFalse(event.defaultPrevented);
});
it('it cancels the form submission when confirm returns false', function () {
var fakeWindow = {confirm: sinon.stub().returns(false)};
new AdminUsersController(root, fakeWindow);
var event = sendEvent(form, 'submit');
assert.isTrue(event.defaultPrevented);
});
});
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment