From 999c3b905583a72b2fcf8b75939101cbb2a929a4 Mon Sep 17 00:00:00 2001 From: Matt Carroll Date: Thu, 25 Jan 2024 21:36:37 -0800 Subject: [PATCH 1/4] Convert ReactDOMServerIntegrationUntrustedURL-test.js to createRoot --- ...ctDOMServerIntegrationUntrustedURL-test.js | 44 ++++++++++++++----- 1 file changed, 32 insertions(+), 12 deletions(-) diff --git a/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js b/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js index ef232d76610cd..d450a156570c7 100644 --- a/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js +++ b/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js @@ -16,8 +16,10 @@ const ReactDOMServerIntegrationUtils = require('./utils/ReactDOMServerIntegratio let React; let ReactDOM; +let ReactDOMClient; let ReactDOMServer; let ReactTestUtils; +let act; const EXPECTED_SAFE_URL = "javascript:throw new Error('React has blocked a javascript: URL as a security precaution.')"; @@ -34,8 +36,10 @@ describe('ReactDOMServerIntegration - Untrusted URLs', () => { jest.resetModules(); React = require('react'); ReactDOM = require('react-dom'); + ReactDOMClient = require('react-dom/client'); ReactDOMServer = require('react-dom/server'); ReactTestUtils = require('react-dom/test-utils'); + act = require('internal-test-utils').act; // Make them available to the helpers. return { @@ -167,11 +171,16 @@ describe('ReactDOMServerIntegration - Untrusted URLs', () => { }, ); - it('rejects a javascript protocol href if it is added during an update', () => { + it('rejects a javascript protocol href if it is added during an update', async () => { const container = document.createElement('div'); - ReactDOM.render(click me, container); - expect(() => { - ReactDOM.render(click me, container); + const root = ReactDOMClient.createRoot(container); + await act(async () => { + root.render(click me); + }); + await expect(async () => { + await act(() => { + root.render(click me); + }); }).toErrorDev( 'Warning: A future version of React will block javascript: URLs as a security precaution. ' + 'Use event handlers instead if you can. If you need to generate unsafe HTML try using ' + @@ -195,7 +204,6 @@ describe('ReactDOMServerIntegration - Untrusted URLs - disableJavaScriptURLs', ( ReactFeatureFlags.disableJavaScriptURLs = true; React = require('react'); - ReactDOM = require('react-dom'); ReactDOMServer = require('react-dom/server'); ReactTestUtils = require('react-dom/test-utils'); @@ -325,11 +333,16 @@ describe('ReactDOMServerIntegration - Untrusted URLs - disableJavaScriptURLs', ( }, ); - it('rejects a javascript protocol href if it is added during an update', () => { + it('rejects a javascript protocol href if it is added during an update', async () => { const container = document.createElement('div'); - ReactDOM.render(click me, container); + const root = ReactDOMClient.createRoot(container); + await act(()=>{ + root.render(click me); + }) expect(container.firstChild.href).toBe('http://thisisfine/'); - ReactDOM.render(click me, container); + await act(()=>{ + root.render(click me); + }) expect(container.firstChild.href).toBe(EXPECTED_SAFE_URL); }); @@ -369,15 +382,22 @@ describe('ReactDOMServerIntegration - Untrusted URLs - disableJavaScriptURLs', ( expect(e.href).toBe('https://reactjs.org/'); }); - it('rejects a javascript protocol href if it is added during an update twice', () => { + it('rejects a javascript protocol href if it is added during an update twice', async () => { const container = document.createElement('div'); - ReactDOM.render(click me, container); + const root = ReactDOMClient.createRoot(container); + await act(async () => { + root.render(click me); + }); expect(container.firstChild.href).toBe('http://thisisfine/'); - ReactDOM.render(click me, container); + await act(async () => { + root.render(click me); + }); expect(container.firstChild.href).toBe(EXPECTED_SAFE_URL); // The second update ensures that a global flag hasn't been added to the regex // which would fail to match the second time it is called. - ReactDOM.render(click me, container); + await act(async () => { + root.render(click me); + }); expect(container.firstChild.href).toBe(EXPECTED_SAFE_URL); }); }); From ebf7073cf0ce5e4829a26b2069b2db7539ef1344 Mon Sep 17 00:00:00 2001 From: Matt Carroll Date: Thu, 25 Jan 2024 23:46:44 -0800 Subject: [PATCH 2/4] Fix missing dependency and run prettier --- .../ReactDOMServerIntegrationUntrustedURL-test.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js b/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js index d450a156570c7..3d26c4c3feb10 100644 --- a/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js +++ b/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js @@ -204,6 +204,7 @@ describe('ReactDOMServerIntegration - Untrusted URLs - disableJavaScriptURLs', ( ReactFeatureFlags.disableJavaScriptURLs = true; React = require('react'); + ReactDOM = require('react-dom'); ReactDOMServer = require('react-dom/server'); ReactTestUtils = require('react-dom/test-utils'); @@ -336,13 +337,13 @@ describe('ReactDOMServerIntegration - Untrusted URLs - disableJavaScriptURLs', ( it('rejects a javascript protocol href if it is added during an update', async () => { const container = document.createElement('div'); const root = ReactDOMClient.createRoot(container); - await act(()=>{ + await act(() => { root.render(click me); - }) + }); expect(container.firstChild.href).toBe('http://thisisfine/'); - await act(()=>{ + await act(() => { root.render(click me); - }) + }); expect(container.firstChild.href).toBe(EXPECTED_SAFE_URL); }); From c3798c29a9b4a27d70b5112d6d00431b63cfe3e3 Mon Sep 17 00:00:00 2001 From: Matt Carroll Date: Thu, 25 Jan 2024 23:59:21 -0800 Subject: [PATCH 3/4] Add missing dependency --- .../src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js b/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js index 3d26c4c3feb10..e9b97530e0bd3 100644 --- a/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js +++ b/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js @@ -205,6 +205,7 @@ describe('ReactDOMServerIntegration - Untrusted URLs - disableJavaScriptURLs', ( React = require('react'); ReactDOM = require('react-dom'); + ReactDOMClient = require('react-dom/client'); ReactDOMServer = require('react-dom/server'); ReactTestUtils = require('react-dom/test-utils'); From b601cd11b133ddea47d6fa3870e26f7ed23a0bac Mon Sep 17 00:00:00 2001 From: Matt Carroll Date: Fri, 26 Jan 2024 09:19:54 -0800 Subject: [PATCH 4/4] Add missing dep import (act) --- .../src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js b/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js index e9b97530e0bd3..121ffe93ad25a 100644 --- a/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js +++ b/packages/react-dom/src/__tests__/ReactDOMServerIntegrationUntrustedURL-test.js @@ -208,6 +208,7 @@ describe('ReactDOMServerIntegration - Untrusted URLs - disableJavaScriptURLs', ( ReactDOMClient = require('react-dom/client'); ReactDOMServer = require('react-dom/server'); ReactTestUtils = require('react-dom/test-utils'); + act = require('internal-test-utils').act; // Make them available to the helpers. return {