BotFramework-WebChat/__tests__/html2/cardAction/adaptiveCard.disallowedScheme.html at d4df29c91f892ee9c949ea7ed03426ec0be394f1 · microsoft/BotFramework-WebChat · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<!DOCTYPE html>
<html lang="en-US">
  <head>
    <link href="/assets/index.css" rel="stylesheet" type="text/css" />
    <script crossorigin="anonymous" src="/test-harness.js"></script>
    <script crossorigin="anonymous" src="/test-page-object.js"></script>
    <script crossorigin="anonymous" src="/__dist__/webchat-es5.js"></script>
  </head>
  <body>
    <main id="webchat"></main>
    <script>
      run(async function () {
        const directLine = await testHelpers.createDirectLineWithTranscript([
          {
            type: 'message',
            id: '1',
            channelId: 'directline',
            from: { role: 'bot' },
            locale: 'en-US',
            text: 'Showing card',
            attachmentLayout: 'carousel',
            timestamp: '2019-08-08T16:41:12.9397263Z',
            attachments: [
              {
                contentType: 'application/vnd.microsoft.card.adaptive',
                content: {
                  type: 'AdaptiveCard',
                  body: [
                    {
                      type: 'TextBlock',
                      size: 'Medium',
                      text: 'Tap on this Adaptive Card will open Bing.com.'
                    }
                  ],
                  $schema: 'http://adaptivecards.io/schemas/adaptive-card.json',
                  version: '1.2',
                  selectAction: {
                    type: 'Action.OpenUrl',
                    url: 'javascript:alert(1)'
                  }
                }
              }
            ]
          }
        ]);

        WebChat.renderWebChat(
          {
            directLine,
            store: testHelpers.createStore()
          },
          document.getElementById('webchat')
        );

        await pageConditions.minNumActivitiesShown(1);

        const calls = [];

        window.open = (url, windowName, windowFeatures) => calls.push([url, windowName, windowFeatures]);

        const activities = pageElements.activities();
        const adaptiveCard = activities[activities.length - 1].querySelector('.ac-adaptiveCard');

        adaptiveCard.click();

        expect(calls).toHaveProperty('length', 0);

        // Expect to show a warning.
        await expect(host.getLogs()).resolves.toEqual(
          expect.arrayContaining([
            expect.objectContaining({
              level: expect.objectContaining({ name_: 'WARNING' }),
              message: expect.stringContaining('disallowed scheme')
            })
          ])
        );
      });
    </script>
  </body>
</html>