Closed vodlogic closed 1 year ago
Manually replacing all &
with &
in packages/runner/dist/injection.js
makes the tests execute again against XHTML pages.
It seems that we would need to generate an XML escaped version of this Javascript in the dist folder aswell and use that as the content variable in packages/proxy/lib/http/util/inject.ts
when visiting XHTML pages.
Would be good if you could advise if there is a better way of fixing this problem and any thoughts on what changes in 7.0 have contributed to this problem so that it can be better understood.
@vodlogic can you create a tiny repo (maybe by cloning the cypress-test-tiny) to show the problem?
Sure i have setup a test here https://github.com/vodlogic/cypress-test-tiny/tree/xhtml-test
To run it, just do
npm install
npm run serve
npm run cypress:open
If port 5000 is already used then sirv will start the webserver on a new random port, so just replace that in the test spec file
Firefox shows the error in detail as described above. Chrome and Electron obfuscate the error a little and complain about iframe cross origin problem, but the underlying error is the fact that the test runner embedded JS code isnt XML escaped.
great!
Internal Jira issue: TR-761
You guys probably already have a handle on this but for my own curiosity I found that injection of code Into the AUT test runner is new functionality introduced in 7.0.0.
The injected code begins here packages/runner/injection/index.js and it’s tripping up on the JS code in packages/runner/injection/timers.js
As this code is injected into the AUT we need to ensure that when the test runner loads XHTML sites it injects XML escaped versions of the minified dist/injection.js
To make script safe in XHTML use a CDATA escape as follows.
<script>/*<![CDATA[*/
if (true && true) {
console.log("Very true");
}
/*]]>*/</script>
Further info: https://www.w3.org/TR/html-polyglot/#safe-CDATA-content
So my untested assumption is that changing https://github.com/cypress-io/cypress/blob/develop/packages/proxy/lib/http/util/inject.ts to the following will solve the problem
import { oneLine } from 'common-tags'
import { getRunnerInjectionContents } from '@packages/resolve-dist'
export function partial (domain) {
return oneLine`
<script type='text/javascript'>/*<![CDATA[*/
document.domain = '${domain}';
/*]]>*/</script>
`
}
export function full (domain) {
return getRunnerInjectionContents().then((contents) => {
return oneLine`
<script type='text/javascript'>/*<![CDATA[*/
document.domain = '${domain}';
${contents}
/*]]>*/</script>
`
})
}
This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided.
This issue has been closed due to inactivity.
Current behaviour
As of version 7.x, it is no longer possible to test web apps that use XHTML (support added in #15741). It seems that the browser is now trying to parse the parent cypress window for valid XHTML in addition to the app itself and falls over as it contains Javascript code that is not escaped e.g.
&&
is not&&
The testing works fine in 6.8.0 with PR #15741 merged in. I'm not sure if the problem is a fundamental change in how the test runner now works in cypress 7.0 or whether the Javascript that its now tripping up on is a new feature added in that release.
The "prettified" version of the code where it falls over is as follows
Versions
Affects 7.x