Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The value of window.__karma__.files is not properly escaped #1876

Open
Joris-van-der-Wel opened this issue Feb 6, 2016 · 5 comments
Open

Comments

@Joris-van-der-Wel
Copy link

One of the files being served in my project has a single quote in its name. Karma is unable to run any tests because of this.

This is the culprit:

mappings = 'window.__karma__.files = {\n' + mappings.join(',\n') + '\n};\n'

Why not use JSON.stringify()?

@Joris-van-der-Wel Joris-van-der-Wel changed the title window.__karma__.files should escape file names The value of window.__karma__.files is not properly escaped Feb 6, 2016
Moumi added a commit to delftswa2016/karma that referenced this issue Feb 24, 2016
Moumi added a commit to delftswa2016/karma that referenced this issue Feb 27, 2016
Moumi added a commit to delftswa2016/karma that referenced this issue Feb 27, 2016
@Moumi
Copy link
Contributor

Moumi commented Feb 28, 2016

It seems that this issue can be solved for single quotes, but for double quotes... Well, you should never create double quotes in a filename. So, I worked on a fix and test for this and will provide a PR this evening for it.

@Joris-van-der-Wel
Copy link
Author

Would it not be easier to use:

return util.format("  %s: '%s'", JSON.stringify(filePath), file.sha)

This way you can not make any mistake in the escaping.

console.log(JSON.stringify('foo\n"bar"')) // "foo\n\"bar\""

@Moumi
Copy link
Contributor

Moumi commented Feb 28, 2016

There are some cases that when a character is escaped the loading of the file would go wrong. The most safe way would be to find the cases that are 'common' and escape only those characters.

@Joris-van-der-Wel
Copy link
Author

How so?

All that we are doing is passing a JavaScript variable from one context (node) to another (the browser), JSON.stringify should take care of that. If something starts failing with that, you probably discovered a different issue.

Moumi added a commit to delftswa2016/karma that referenced this issue Feb 28, 2016
@alancutter
Copy link

alancutter commented May 17, 2016

I'm still hitting this problem in the latest release: https://github.com/karma-runner/karma/releases/tag/v0.13.22
The merged change doesn't seem to be included for some reason.
https://github.com/karma-runner/karma/blob/v0.13.22/lib/middleware/karma.js#L139

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants