29 lines
1.1 KiB
TypeScript
29 lines
1.1 KiB
TypeScript
|
import { test, expect } from '@playwright/test';
|
||
|
|
|
||
|
|
// 对已部署 H5:匿名、伪造 unionid、page_path 净化(与 huike-front main.ts 一致)
|
||
|
|
test.describe('music-room shell', () => {
|
||
|
|
test('根路径挂载 Vue 根节点', async ({ page }) => {
|
||
|
|
await page.goto('/');
|
||
|
|
await expect(page.locator('#app')).toBeVisible();
|
||
|
|
});
|
||
|
|
|
||
|
|
test('带伪造 unionid/status 的入口不应导致白屏', async ({ page }) => {
|
||
|
|
await page.goto('/?unionid=fake-wx-unionid-e2e&status=2', {
|
||
|
|
waitUntil: 'domcontentloaded',
|
||
|
|
timeout: 30_000,
|
||
|
|
});
|
||
|
|
await expect(page.locator('#app')).toBeVisible({ timeout: 30_000 });
|
||
|
|
});
|
||
|
|
|
||
|
|
test('page_path 内嵌他人 unionid 时应被剥离(最终 URL 不含该串)', async ({ page }) => {
|
||
|
|
const poison = 'attacker-unionid-e2e-marker';
|
||
|
|
const pagePath = encodeURIComponent(`/?unionid=${poison}&status=2`);
|
||
|
|
await page.goto(`/?page_path=${pagePath}`, {
|
||
|
|
waitUntil: 'domcontentloaded',
|
||
|
|
timeout: 30_000,
|
||
|
|
});
|
||
|
|
await page.waitForURL((u) => !u.toString().includes(poison), { timeout: 30_000 });
|
||
|
|
await expect(page.locator('#app')).toBeVisible();
|
||
|
|
});
|
||
|
|
});
|