29 lines
1.2 KiB
TypeScript
29 lines
1.2 KiB
TypeScript
import { expect, test } from './fixtures';
|
|
|
|
// 对已部署 H5:匿名、伪造 unionid、page_path 净化(与 huike-front main.ts 一致)
|
|
test.describe('music-room shell', () => {
|
|
test('根路径挂载 Vue 根节点', async ({ page }) => {
|
|
await page.goto('/', { waitUntil: 'domcontentloaded', timeout: 60_000 });
|
|
await expect(page.locator('#app')).toBeVisible({ timeout: 60_000 });
|
|
});
|
|
|
|
test('带伪造 unionid/status 的入口不应导致白屏', async ({ page }) => {
|
|
await page.goto('/?unionid=fake-wx-unionid-e2e&status=2', {
|
|
waitUntil: 'domcontentloaded',
|
|
timeout: 60_000,
|
|
});
|
|
await expect(page.locator('#app')).toBeVisible({ timeout: 60_000 });
|
|
});
|
|
|
|
test('page_path 内嵌他人 unionid 时应被剥离(最终 URL 不含该串)', async ({ page }) => {
|
|
const poison = 'attacker-unionid-e2e-marker';
|
|
const pagePath = encodeURIComponent(`/?unionid=${poison}&status=2`);
|
|
await page.goto(`/?page_path=${pagePath}`, {
|
|
waitUntil: 'domcontentloaded',
|
|
timeout: 60_000,
|
|
});
|
|
await page.waitForURL((u) => !u.toString().includes(poison), { timeout: 60_000 });
|
|
await expect(page.locator('#app')).toBeVisible();
|
|
});
|
|
});
|