You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is impossible to use espresso-web to test properly secured web pages that use CSP to disable the unsafe-eval javascript functionality.
When creating a ui test for an android app that uses espresso-web library a security error is thrown by the webview.
When Javascript interact with the page but the page has the following property:
http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'
but does not have a unsafe-eval CSP policy
More information here: https://stackoverflow.com/questions/61456737/override-security-policy-with-android-espresso-web
Steps to Reproduce
Create an espresso-web test on a page that has the above CSP policy.
Expected Results
Espresso-web should find relevant elements to interact with
Actual Results
The tests will fail with:
java.lang.RuntimeException: java.lang.RuntimeException: Fatal exception checking document state: Evaluation: status: 13 value: {message=Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive:
AndroidX Test and Android OS Versions
Android: 10
AndroidX: 3.2.0
Link to a public git repo demonstrating the problem:
The text was updated successfully, but these errors were encountered:
Description
It is impossible to use espresso-web to test properly secured web pages that use CSP to disable the unsafe-eval javascript functionality.
When creating a ui test for an android app that uses espresso-web library a security error is thrown by the webview.
When Javascript interact with the page but the page has the following property:
http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'
but does not have a unsafe-eval CSP policy
More information here:
https://stackoverflow.com/questions/61456737/override-security-policy-with-android-espresso-web
Steps to Reproduce
Create an espresso-web test on a page that has the above CSP policy.
Expected Results
Espresso-web should find relevant elements to interact with
Actual Results
The tests will fail with:
java.lang.RuntimeException: java.lang.RuntimeException: Fatal exception checking document state: Evaluation: status: 13 value: {message=Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive:
AndroidX Test and Android OS Versions
Android: 10
AndroidX: 3.2.0
Link to a public git repo demonstrating the problem:
The text was updated successfully, but these errors were encountered: