Annotate script tags that don't require nonces (#1756)

LabKey · Dec 14, 2023 · b3be4e7 · b3be4e7
1 parent 64c63be
commit b3be4e7
Show file tree

Hide file tree

Showing 17 changed files with 18 additions and 250 deletions.
diff --git a/data/api/LuminexGuideSet.html b/data/api/LuminexGuideSet.html
diff --git a/data/api/getDataAggregateTest.html b/data/api/getDataAggregateTest.html
@@ -1,6 +1,7 @@
 <div id="getData-config-form-div"></div>
 <br/>
 <div id="getData-grid-div"></div>
+<!-- Used as HTML wiki source, so nonce is NOT required -->
 <script type="text/javascript">
 
 function init() {

diff --git a/data/api/getDataDateTest.html b/data/api/getDataDateTest.html
@@ -1,6 +1,7 @@
 <div id="getData-config-form-div"></div>
 <br/>
 <div id="getData-grid-div"></div>
+<!-- Used as HTML wiki source, so nonce is NOT required -->
 <script type="text/javascript">
     function getDateOptions(query, dateName)
     {

diff --git a/data/api/getDataErrorsTest.html b/data/api/getDataErrorsTest.html
@@ -1,6 +1,7 @@
 <div id="getData-config-form-div"></div>
 <br/>
 <div id="getData-message-div"></div>
+<!-- Used as HTML wiki source, so nonce is NOT required -->
 <script type="text/javascript">
 
 LABKEY.requiresExt3(function() {

diff --git a/data/api/getDataTest.html b/data/api/getDataTest.html
@@ -3,6 +3,7 @@
  *
  * Licensed under the Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
  */
+<!-- Used as HTML wiki source, so nonce is NOT required -->
 <script type="text/javascript">
 
 var id = 'jsonWrapperTest';

diff --git a/data/api/getDataVisitTest.html b/data/api/getDataVisitTest.html
@@ -1,6 +1,7 @@
 <div id="getData-config-form-div"></div>
 <br/>
 <div id="getData-grid-div"></div>
+<!-- Used as HTML wiki source, so nonce is NOT required -->
 <script type="text/javascript">
     var cd4Measure = {
         "measure":{

diff --git a/data/api/groupSecurityTest.html b/data/api/groupSecurityTest.html
@@ -1,5 +1,6 @@
 <button class="labkey-button" id="start-test">Start Test</button>
 <div id="log-info"></div>
+<!-- Used as HTML wiki source, so nonce is NOT required -->
 <script type="text/javascript">
 
     var logHtml = "";

diff --git a/data/api/jsReportTest.html b/data/api/jsReportTest.html
@@ -1,5 +1,6 @@
 <div id="rreporttest"></div>
 <div id="jsreporttest"></div>
+<!-- Used as HTML wiki source, so nonce is NOT required -->
 <script type="text/javascript">
 
     (function(){

diff --git a/data/api/nabApiTest.html b/data/api/nabApiTest.html
@@ -1,4 +1,5 @@
 <div id="testDiv"></div>
+<!-- Used as HTML wiki source, so nonce is NOT required -->
 <script type="text/javascript">
 (function() {
     var testProjectName = 'Nab Test Verify Project';

diff --git a/modules/crawlerTest/src/org/labkey/crawlertest/CrawlerTestController.java b/modules/crawlerTest/src/org/labkey/crawlertest/CrawlerTestController.java
@@ -70,7 +70,7 @@ public void addNavTrail(NavTree root)
     }
 
     @RequiresPermission(ReadPermission.class)
-    public class ExternalLinkAction extends SimpleViewAction<Object>
+    public static class ExternalLinkAction extends SimpleViewAction<Object>
     {
         @Override
         public ModelAndView getView(Object form, BindException errors)

diff --git a/modules/restrictedModule/resources/views/webpart.html b/modules/restrictedModule/resources/views/webpart.html
@@ -1,7 +1,7 @@
 <p>This is a web part view in the restricted module.</p>
-<a id="testlink" href="<%=contextPath%>/project<%=containerPath%>/begin.view">begin</a>
+<a id="testlink" href="<%=contextPath%><%=containerPath%>/project-begin.view">begin</a>
 <script type="text/javascript" nonce="<%=scriptNonce%>">
-    Ext.onReady(function()
+    LABKEY.Utils.onReady(function()
     {
         var webpart=<%=webpartContext%>;
     });

diff --git a/src/org/labkey/test/LabKeySiteWrapper.java b/src/org/labkey/test/LabKeySiteWrapper.java
@@ -465,7 +465,6 @@ protected void changeUserEmail(String userEmail, String newUserEmail)
         clickButton("Submit");
     }
 
-
     protected void setSystemMaintenance(boolean enable)
     {
         // Not available in production mode

diff --git a/src/org/labkey/test/tests/AbstractKnitrReportTest.java b/src/org/labkey/test/tests/AbstractKnitrReportTest.java
@@ -34,12 +34,9 @@
 import java.util.List;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
 
 /**
- * User: tgaluhn
- * Date: 9/20/2017
- *
  * Split helper methods and tests from KnitrReportTest so a subset of those test cases can be run in RSandboxTest
  */
 public abstract class AbstractKnitrReportTest extends BaseWebDriverTest
@@ -57,7 +54,7 @@ private static String readReport(final Path reportFile)
 
         reportSource = TestFileUtils.getFileContents(reportFile);
 
-        assertTrue("No data in report file [" + reportFile.getFileName() + "]", reportSource.length() > 0);
+        assertFalse("No data in report file [" + reportFile.getFileName() + "]", reportSource.isEmpty());
 
         return reportSource;
     }

diff --git a/src/org/labkey/test/tests/KnitrReportTest.java b/src/org/labkey/test/tests/KnitrReportTest.java
@@ -72,7 +72,7 @@ public void testKnitrHTMLFormat()
     }
 
     @Test
-    public void testKnitrMarkupFormat() throws Exception
+    public void testKnitrMarkupFormat()
     {
         Locator.XPathLocator plotLocator = Locator.xpath("//div[@class='labkey-knitr']//img");
         Locator[] reportContains = {Locator.tag("h1").withText("A Minimal Example for Markdown"),
@@ -128,7 +128,7 @@ public void testAdhocReportDependenciesLib()
     }
 
     @Test
-    public void testRmarkdownV2Support() throws Exception
+    public void testRmarkdownV2Support()
     {
         markdownV2();
     }

diff --git a/src/org/labkey/test/tests/TimeChartAPITest.java b/src/org/labkey/test/tests/TimeChartAPITest.java
@@ -264,8 +264,8 @@ protected void doCreateSteps()
     }
 
     @SafeVarargs
-    private final void testVisApi(File htmlPage, String[] testTitles, @Nullable int[] testRowCounts, @Nullable String[][] testColumnNames,
-                                  @Nullable String[] testOutputTexts, List<Pair<String, List<Object>>>... colsForAllTests)
+    private void testVisApi(File htmlPage, String[] testTitles, @Nullable int[] testRowCounts, @Nullable String[][] testColumnNames,
+                            @Nullable String[] testOutputTexts, List<Pair<String, List<Object>>>... colsForAllTests)
     {
         PortalHelper portalHelper = new PortalHelper(this);
         WikiHelper wikiHelper = new WikiHelper(this);

diff --git a/src/org/labkey/test/tests/viability/AbstractViabilityTest.java b/src/org/labkey/test/tests/viability/AbstractViabilityTest.java
@@ -77,7 +77,6 @@ protected void initializeStudyFolder(String... tabs)
         clickButton("Create Study");
     }
 
-
     protected void importSpecimens()
     {
         importSpecimens(getFolderName(), TestFileUtils.getSampleData("viability/specimens.txt"));

diff --git a/src/org/labkey/test/tests/viability/ViabilityTest.java b/src/org/labkey/test/tests/viability/ViabilityTest.java
@@ -224,7 +224,7 @@ protected void runReRunTest()
     protected void runResultSpecimenLookupTest()
     {
         log("** Checking ResultSpecimens lookups");
-        beginAt("/query/" + getProjectName() + "/" + getFolderName() + "/executeQuery.view?schemaName=assay&query.queryName=" + getAssayName() + " ResultSpecimens");
+        beginAt("/" + getProjectName() + "/" + getFolderName() + "/query-executeQuery.view?schemaName=assay&query.queryName=" + getAssayName() + " ResultSpecimens");
         DataRegionTable table = new DataRegionTable("query", this);
         assertTextPresent(new TextSearcher(table.getComponentElement()::getText), "foobar", "vial1", "xyzzy", "160450533-5", "161400006.11-5");
-Original file line number
+Diff line change
@@ Expand Up @@
             clickButton("Submit");
         }
         protected void setSystemMaintenance(boolean enable)
         {
             // Not available in production mode
@@ Expand Down @@