/// <summary> /// Initializes a new instance of the <see cref="XXssProtectionAttribute"/> class /// </summary> public XXssProtectionAttribute() { _config = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterEnabled, BlockMode = true }; _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); }
public void GetXXssProtectionConfiguration_NoOwinContext_ReturnsSystemWebConfig() { var config = new XXssProtectionConfiguration(); _systemWebContext.XXssProtection = config; var result = _contextHelper.GetXXssProtectionConfiguration(_mockContext); Assert.Same(config, result); }
public void GetXXssProtectionConfiguration_ReturnsContextConfig() { var config = new XXssProtectionConfiguration(); _nwContext.XXssProtection = config; var result = _contextHelper.GetXXssProtectionConfiguration(_mockContext); Assert.Same(config, result); }
public void CreateXXssProtectionResult_Disabled_ReturnsNull() { var xssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.Disabled }; var result = _generator.CreateXXssProtectionResult(xssProtection); Assert.Null(result); }
public void GetXXssProtectionWithOverride_ConfigOverriden_ReturnsOverrideElement() { var configOverride = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterEnabled }; _headerConfigurationOverrideHelper.SetXXssProtectionOverride(_mockContext, configOverride); Assert.AreSame(configOverride, _headerConfigurationOverrideHelper.GetXXssProtectionWithOverride(_mockContext)); }
public void GetXXssProtectionConfiguration_HasOwinConfig_ReturnsOwinConfig() { SetupOwinContext(); var config = new XXssProtectionConfiguration(); _owinContext.XXssProtection = config; var result = _contextHelper.GetXXssProtectionConfiguration(_mockContext); Assert.Same(config, result); }
public void GetXXssProtectionConfiguration_OwinContextWithoutConfig_ReturnsSystemWebConfig() { SetupOwinContext(); var config = new XXssProtectionConfiguration(); _systemWebContext.XXssProtection = config; var result = _contextHelper.GetXXssProtectionConfiguration(_mockContext); Assert.AreSame(config, result); }
public void SetXXssProtectionHeader_NoOverride_DoesNothing() { var contextConfig = new XXssProtectionConfiguration(); _contextHelper.Setup(h => h.GetXXssProtectionConfiguration(It.IsAny <HttpContextBase>())).Returns(contextConfig); _configurationOverrideHelper.Setup(h => h.GetXXssProtectionWithOverride(It.IsAny <HttpContextBase>())).Returns((XXssProtectionConfiguration)null); _overrideHelper.SetXXssProtectionHeader(_mockContext); _headerGenerator.Verify(g => g.CreateXXssProtectionResult(It.IsAny <XXssProtectionConfiguration>(), It.IsAny <XXssProtectionConfiguration>()), Times.Never); _headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny <HttpResponseBase>(), It.IsAny <HeaderResult>()), Times.Never); }
public void SetXXssProtectionHeader_Override_CreatesAndHandlesHeaderResult() { var contextConfig = new XXssProtectionConfiguration(); var overrideConfig = new XXssProtectionConfiguration(); _contextHelper.Setup(h => h.GetXXssProtectionConfiguration(It.IsAny <HttpContextBase>())).Returns(contextConfig); _configurationOverrideHelper.Setup(h => h.GetXXssProtectionWithOverride(It.IsAny <HttpContextBase>())).Returns(overrideConfig); _headerGenerator.Setup(g => g.CreateXXssProtectionResult(overrideConfig, contextConfig)).Returns(_expectedHeaderResult); _overrideHelper.SetXXssProtectionHeader(_mockContext); _headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny <HttpResponseBase>(), _expectedHeaderResult), Times.Once); }
public void CreateXXssProtectionResult_FilterEnabledPolicyWithBlockmode_ReturnsSetXssProtectionEnabledWithBlockModeResult() { var xssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterEnabled, BlockMode = true }; var result = _generator.CreateXXssProtectionResult(xssProtection); Assert.NotNull(result); Assert.Equal(HeaderResult.ResponseAction.Set, result.Action); Assert.Equal("X-XSS-Protection", result.Name); Assert.Equal("1; mode=block", result.Value); }
public void CreateXXssProtectionResult_FilterDisabledPolicy_ReturnsSetXXssProtectionDisabledResult() { var xssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterDisabled }; var result = _generator.CreateXXssProtectionResult(xssProtection); Assert.NotNull(result); Assert.Equal(HeaderResult.ResponseAction.Set, result.Action); Assert.Equal("X-XSS-Protection", result.Name); Assert.Equal("0", result.Value); }
public void CreateXXssProtectionResult_DisabledWithFilterEnabledinOldconfig_ReturnsRemoveXXssProtectionResult() { var oldXssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterDisabled }; var xssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.Disabled }; var result = _generator.CreateXXssProtectionResult(xssProtection, oldXssProtection); Assert.NotNull(result); Assert.Equal("X-XSS-Protection", result.Name); Assert.Equal(HeaderResult.ResponseAction.Remove, result.Action); }
public void CreateXXssProtectionResult_FilterEnabledPolicyWithFilterEnabledinOldconfig_ReturnsSetXXssProtectionEnabledResult() { var oldXssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterEnabled }; var xssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterEnabled }; var result = _generator.CreateXXssProtectionResult(xssProtection, oldXssProtection); Assert.IsNotNull(result); Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action); Assert.AreEqual("X-XSS-Protection", result.Name); Assert.AreEqual("1", result.Value); }