Filip/playwright
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

docs: use sha256 for exposeFunction everywhere (#6805)

Browse source
This commit is contained in:
Max Schmitt 2021-05-31 15:47:14 -07:00 committed by GitHub
parent 329fdb18ff
commit c8c77e4df0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 41 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
docs/src/api/class-browsercontext.md
View file

@ -624,7 +624,7 @@ If the [`param: callback`] returns a [Promise], it will be awaited.
See [`method: Page.exposeFunction`] for page-only version. See [`method: Page.exposeFunction`] for page-only version.
An example of adding an `md5` function to all pages in the context: An example of adding a `sha256` function to all pages in the context:
```js ```js
const { webkit } = require('playwright'); // Or 'chromium' or 'firefox'. const { webkit } = require('playwright'); // Or 'chromium' or 'firefox'.
@ -633,12 +633,12 @@ const crypto = require('crypto');
(async () => { (async () => {
const browser = await webkit.launch({ headless: false }); const browser = await webkit.launch({ headless: false });
const context = await browser.newContext(); const context = await browser.newContext();
await context.exposeFunction('md5', text => crypto.createHash('md5').update(text).digest('hex')); await context.exposeFunction('sha256', text => crypto.createHash('sha256').update(text).digest('hex'));
const page = await context.newPage(); const page = await context.newPage();
await page.setContent(` await page.setContent(`
<script> <script>
async function onClick() { async function onClick() {
document.querySelector('div').textContent = await window.md5('PLAYWRIGHT'); document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');
} }
</script> </script>
<button onclick="onClick()">Click me</button> <button onclick="onClick()">Click me</button>
@ -661,11 +661,11 @@ public class Example {
try (Playwright playwright = Playwright.create()) { try (Playwright playwright = Playwright.create()) {
BrowserType webkit = playwright.webkit() BrowserType webkit = playwright.webkit()
Browser browser = webkit.launch(new BrowserType.LaunchOptions().setHeadless(false)); Browser browser = webkit.launch(new BrowserType.LaunchOptions().setHeadless(false));
context.exposeFunction("sha1", args -> { context.exposeFunction("sha256", args -> {
String text = (String) args[0]; String text = (String) args[0];
MessageDigest crypto; MessageDigest crypto;
try { try {
crypto = MessageDigest.getInstance("SHA-1"); crypto = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
return null; return null;
} }
@ -675,7 +675,7 @@ public class Example {
Page page = context.newPage(); Page page = context.newPage();
page.setContent("<script>\n" + page.setContent("<script>\n" +
" async function onClick() {\n" + " async function onClick() {\n" +
" document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT');\n" + " document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');\n" +
" }\n" + " }\n" +
"</script>\n" + "</script>\n" +
"<button onclick=\"onClick()\">Click me</button>\n" + "<button onclick=\"onClick()\">Click me</button>\n" +
@ -691,8 +691,8 @@ import asyncio
import hashlib import hashlib
from playwright.async_api import async_playwright from playwright.async_api import async_playwright
async def sha1(text): def sha256(text):
m = hashlib.sha1() m = hashlib.sha256()
m.update(bytes(text, "utf8")) m.update(bytes(text, "utf8"))
return m.hexdigest() return m.hexdigest()
@ -701,12 +701,12 @@ async def run(playwright):
webkit = playwright.webkit webkit = playwright.webkit
browser = await webkit.launch(headless=False) browser = await webkit.launch(headless=False)
context = await browser.new_context() context = await browser.new_context()
await context.expose_function("sha1", sha1) await context.expose_function("sha256", sha256)
page = await context.new_page() page = await context.new_page()
await page.set_content(""" await page.set_content("""
<script> <script>
async function onClick() { async function onClick() {
document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT'); document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');
} }
</script> </script>
<button onclick="onClick()">Click me</button> <button onclick="onClick()">Click me</button>
@ -724,8 +724,8 @@ asyncio.run(main())
import hashlib import hashlib
from playwright.sync_api import sync_playwright from playwright.sync_api import sync_playwright
def sha1(text): def sha256(text):
m = hashlib.sha1() m = hashlib.sha256()
m.update(bytes(text, "utf8")) m.update(bytes(text, "utf8"))
return m.hexdigest() return m.hexdigest()
@ -734,13 +734,12 @@ def run(playwright):
webkit = playwright.webkit webkit = playwright.webkit
browser = webkit.launch(headless=False) browser = webkit.launch(headless=False)
context = browser.new_context() context = browser.new_context()
context.expose_function("sha1", sha1) context.expose_function("sha256", sha256)
page = context.new_page() page = context.new_page()
page.expose_function("sha1", sha1)
page.set_content(""" page.set_content("""
<script> <script>
async function onClick() { async function onClick() {
document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT'); document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');
} }
</script> </script>
<button onclick="onClick()">Click me</button> <button onclick="onClick()">Click me</button>
@ -760,24 +759,22 @@ using System.Threading.Tasks;
class BrowserContextExamples class BrowserContextExamples
{ {
public static async Task AddMd5FunctionToAllPagesInContext() public static async Task Main()
{ {
using var playwright = await Playwright.CreateAsync(); using var playwright = await Playwright.CreateAsync();
var browser = await playwright.Webkit.LaunchAsync(new BrowserTypeLaunchOptions { Headless = false }); var browser = await playwright.Webkit.LaunchAsync(new BrowserTypeLaunchOptions { Headless = false });
var context = await browser.NewContextAsync(); var context = await browser.NewContextAsync();
// NOTE: md5 is inherently insecure, and we strongly discourage using await context.ExposeFunctionAsync("sha256", (string input) =>
// this in production in any shape or form
await context.ExposeFunctionAsync("sha1", (string input) =>
{ {
return Convert.ToBase64String( return Convert.ToBase64String(
MD5.Create().ComputeHash(System.Text.Encoding.UTF8.GetBytes(input))); SHA256.Create().ComputeHash(System.Text.Encoding.UTF8.GetBytes(input)));
}); });
var page = await context.NewPageAsync(); var page = await context.NewPageAsync();
await page.SetContentAsync("<script>\n" + await page.SetContentAsync("<script>\n" +
" async function onClick() {\n" + " async function onClick() {\n" +
" document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT');\n" + " document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');\n" +
" }\n" + " }\n" +
"</script>\n" + "</script>\n" +
"<button onclick=\"onClick()\">Click me</button>\n" + "<button onclick=\"onClick()\">Click me</button>\n" +

36
docs/src/api/class-page.md
View file

@ -1550,7 +1550,7 @@ See [`method: BrowserContext.exposeFunction`] for context-wide exposed function.
Functions installed via [`method: Page.exposeFunction`] survive navigations. Functions installed via [`method: Page.exposeFunction`] survive navigations.
::: :::
An example of adding an `sha1` function to the page: An example of adding a `sha256` function to the page:
```js ```js
const { webkit } = require('playwright'); // Or 'chromium' or 'firefox'. const { webkit } = require('playwright'); // Or 'chromium' or 'firefox'.
@ -1559,11 +1559,11 @@ const crypto = require('crypto');
(async () => { (async () => {
const browser = await webkit.launch({ headless: false }); const browser = await webkit.launch({ headless: false });
const page = await browser.newPage(); const page = await browser.newPage();
await page.exposeFunction('sha1', text => crypto.createHash('sha1').update(text).digest('hex')); await page.exposeFunction('sha256', text => crypto.createHash('sha256').update(text).digest('hex'));
await page.setContent(` await page.setContent(`
<script> <script>
async function onClick() { async function onClick() {
document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT'); document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');
} }
</script> </script>
<button onclick="onClick()">Click me</button> <button onclick="onClick()">Click me</button>
@ -1587,11 +1587,11 @@ public class Example {
BrowserType webkit = playwright.webkit(); BrowserType webkit = playwright.webkit();
Browser browser = webkit.launch({ headless: false }); Browser browser = webkit.launch({ headless: false });
Page page = browser.newPage(); Page page = browser.newPage();
page.exposeFunction("sha1", args -> { page.exposeFunction("sha256", args -> {
String text = (String) args[0]; String text = (String) args[0];
MessageDigest crypto; MessageDigest crypto;
try { try {
crypto = MessageDigest.getInstance("SHA-1"); crypto = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
return null; return null;
} }
@ -1600,7 +1600,7 @@ public class Example {
}); });
page.setContent("<script>\n" + page.setContent("<script>\n" +
" async function onClick() {\n" + " async function onClick() {\n" +
" document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT');\n" + " document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');\n" +
" }\n" + " }\n" +
"</script>\n" + "</script>\n" +
"<button onclick=\"onClick()\">Click me</button>\n" + "<button onclick=\"onClick()\">Click me</button>\n" +
@ -1616,8 +1616,8 @@ import asyncio
import hashlib import hashlib
from playwright.async_api import async_playwright from playwright.async_api import async_playwright
async def sha1(text): def sha256(text):
m = hashlib.sha1() m = hashlib.sha256()
m.update(bytes(text, "utf8")) m.update(bytes(text, "utf8"))
return m.hexdigest() return m.hexdigest()
@ -1626,11 +1626,11 @@ async def run(playwright):
webkit = playwright.webkit webkit = playwright.webkit
browser = await webkit.launch(headless=False) browser = await webkit.launch(headless=False)
page = await browser.new_page() page = await browser.new_page()
await page.expose_function("sha1", sha1) await page.expose_function("sha256", sha256)
await page.set_content(""" await page.set_content("""
<script> <script>
async function onClick() { async function onClick() {
document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT'); document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');
} }
</script> </script>
<button onclick="onClick()">Click me</button> <button onclick="onClick()">Click me</button>
@ -1648,8 +1648,8 @@ asyncio.run(main())
import hashlib import hashlib
from playwright.sync_api import sync_playwright from playwright.sync_api import sync_playwright
def sha1(text): def sha256(text):
m = hashlib.sha1() m = hashlib.sha256()
m.update(bytes(text, "utf8")) m.update(bytes(text, "utf8"))
return m.hexdigest() return m.hexdigest()
@ -1658,11 +1658,11 @@ def run(playwright):
webkit = playwright.webkit webkit = playwright.webkit
browser = webkit.launch(headless=False) browser = webkit.launch(headless=False)
page = browser.new_page() page = browser.new_page()
page.expose_function("sha1", sha1) page.expose_function("sha256", sha256)
page.set_content(""" page.set_content("""
<script> <script>
async function onClick() { async function onClick() {
document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT'); document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');
} }
</script> </script>
<button onclick="onClick()">Click me</button> <button onclick="onClick()">Click me</button>
@ -1691,17 +1691,15 @@ class PageExamples
}); });
var page = await browser.NewPageAsync(); var page = await browser.NewPageAsync();
// NOTE: md5 is inherently insecure, and we strongly discourage using await page.ExposeFunctionAsync("sha256", (string input) =>
// this in production in any shape or form
await page.ExposeFunctionAsync("sha1", (string input) =>
{ {
return Convert.ToBase64String( return Convert.ToBase64String(
MD5.Create().ComputeHash(System.Text.Encoding.UTF8.GetBytes(input))); SHA256.Create().ComputeHash(System.Text.Encoding.UTF8.GetBytes(input)));
}); });
await page.SetContentAsync("<script>\n" + await page.SetContentAsync("<script>\n" +
" async function onClick() {\n" + " async function onClick() {\n" +
" document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT');\n" + " document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');\n" +
" }\n" + " }\n" +
"</script>\n" + "</script>\n" +
"<button onclick=\"onClick()\">Click me</button>\n" + "<button onclick=\"onClick()\">Click me</button>\n" +

12
types/types.d.ts vendored
View file

@ -1711,7 +1711,7 @@ export interface Page {
* [page.exposeFunction(name, callback)](https://playwright.dev/docs/api/class-page#pageexposefunctionname-callback) * [page.exposeFunction(name, callback)](https://playwright.dev/docs/api/class-page#pageexposefunctionname-callback)
* survive navigations. * survive navigations.
* *
* An example of adding an `sha1` function to the page: * An example of adding a `sha256` function to the page:
* *
* ```js * ```js
* const { webkit } = require('playwright'); // Or 'chromium' or 'firefox'. * const { webkit } = require('playwright'); // Or 'chromium' or 'firefox'.
@ -1720,11 +1720,11 @@ export interface Page {
* (async () => { * (async () => {
* const browser = await webkit.launch({ headless: false }); * const browser = await webkit.launch({ headless: false });
* const page = await browser.newPage(); * const page = await browser.newPage();
* await page.exposeFunction('sha1', text => crypto.createHash('sha1').update(text).digest('hex')); * await page.exposeFunction('sha256', text => crypto.createHash('sha256').update(text).digest('hex'));
* await page.setContent(` * await page.setContent(`
* <script> * <script>
* async function onClick() { * async function onClick() {
* document.querySelector('div').textContent = await window.sha1('PLAYWRIGHT'); * document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');
* } * }
* </script> * </script>
* <button onclick="onClick()">Click me</button> * <button onclick="onClick()">Click me</button>
@ -5330,7 +5330,7 @@ export interface BrowserContext {
* See [page.exposeFunction(name, callback)](https://playwright.dev/docs/api/class-page#pageexposefunctionname-callback) * See [page.exposeFunction(name, callback)](https://playwright.dev/docs/api/class-page#pageexposefunctionname-callback)
* for page-only version. * for page-only version.
* *
* An example of adding an `md5` function to all pages in the context: * An example of adding a `sha256` function to all pages in the context:
* *
* ```js * ```js
* const { webkit } = require('playwright'); // Or 'chromium' or 'firefox'. * const { webkit } = require('playwright'); // Or 'chromium' or 'firefox'.
@ -5339,12 +5339,12 @@ export interface BrowserContext {
* (async () => { * (async () => {
* const browser = await webkit.launch({ headless: false }); * const browser = await webkit.launch({ headless: false });
* const context = await browser.newContext(); * const context = await browser.newContext();
* await context.exposeFunction('md5', text => crypto.createHash('md5').update(text).digest('hex')); * await context.exposeFunction('sha256', text => crypto.createHash('sha256').update(text).digest('hex'));
* const page = await context.newPage(); * const page = await context.newPage();
* await page.setContent(` * await page.setContent(`
* <script> * <script>
* async function onClick() { * async function onClick() {
* document.querySelector('div').textContent = await window.md5('PLAYWRIGHT'); * document.querySelector('div').textContent = await window.sha256('PLAYWRIGHT');
* } * }
* </script> * </script>
* <button onclick="onClick()">Click me</button> * <button onclick="onClick()">Click me</button>