Provide better sandbox error messages, and disallow running from file:// URLs

css/angular-scenario.css

@@ -8,6 +8,11 @@ body {
   font-size: 14px;
 }
 
+#system-error {
+  font-size: 1.5em;
+  text-align: center;
+}
+
 #json, #xml {
   display: none;
 }

src/scenario/Application.js

@@ -79,8 +79,8 @@ angular.scenario.Application.prototype.navigateTo = function(url, loadFn, errorF
   var frame = this.getFrame_();
   //TODO(esprehn): Refactor to use rethrow()
   errorFn = errorFn || function(e) { throw e; };
-  if (/^file:\/\//.test(url)) {
-    errorFn('Sandbox Error: Cannot load file:// URL.');
+  if (url === 'about:blank') {
+    errorFn('Sandbox Error: Navigating to about:blank is not allowed.');
   } else if (url.charAt(0) === '#') {
     url = frame.attr('src').split('#')[0] + url;
     frame.attr('src', url);

src/scenario/Scenario.js

@@ -93,6 +93,7 @@ angular.scenario.matcher = angular.scenario.matcher || function(name, fn) {
  * @param {Object} config Config options
  */
 function angularScenarioInit($scenario, config) {
+  var href = window.location.href;
   var body = _jQuery(document.body);
   var output = [];
 
@@ -108,6 +109,15 @@ function angularScenarioInit($scenario, config) {
     }
   });
 
+  if (!/^http/.test(href) && !/^https/.test(href)) {
+    body.append('<p id="system-error"></p>');
+    body.find('#system-error').text(
+      'Scenario runner must be run using http or https. The protocol ' +
+      href.split(':')[0] + ':// is not supported.'
+    );
+    return;
+  }
+
   var appFrame = body.append('<div id="application"></div>').find('#application');
   var application = new angular.scenario.Application(appFrame);
 

test/scenario/ApplicationSpec.js

@@ -1,4 +1,5 @@
 describe('angular.scenario.Application', function() {
+  var $window;
   var app, frames;
 
   function callLoadHandlers(app) {
@@ -52,53 +53,59 @@ describe('angular.scenario.Application', function() {
   });
 
   it('should use a new iframe each time', function() {
-    app.navigateTo('about:blank');
+    app.navigateTo('http://localhost/');
     var frame = app.getFrame_();
     frame.attr('test', true);
-    app.navigateTo('about:blank');
+    app.navigateTo('http://localhost/');
     expect(app.getFrame_().attr('test')).toBeFalsy();
   });
 
   it('should call error handler if document not accessible', function() {
+    var called;
     app.getWindow_ = function() {
       return {};
     };
-    app.navigateTo('about:blank', angular.noop, function(error) {
+    app.navigateTo('http://localhost/', angular.noop, function(error) {
       expect(error).toMatch(/Sandbox Error/);
+      called = true;
     });
     callLoadHandlers(app);
+    expect(called).toBeTruthy();
   });
 
-  it('should call error handler if using file:// URL', function() {
-    app.navigateTo('file://foo/bar.txt', angular.noop, function(error) {
+  it('should call error handler if navigating to about:blank', function() {
+    var called;
+    app.navigateTo('about:blank', angular.noop, function(error) {
       expect(error).toMatch(/Sandbox Error/);
+      called = true;
     });
+    expect(called).toBeTruthy();
   });
 
   it('should call error handler if status check fails', function() {
     app.checkUrlStatus_ = function(url, callback) {
       callback.call(this, 'Example Error');
     };
-    app.navigateTo('about:blank', angular.noop, function(error) {
+    app.navigateTo('http://localhost/', angular.noop, function(error) {
       expect(error).toEqual('Example Error');
     });
   });
 
   it('should hide old iframes and navigate to about:blank', function() {
-    app.navigateTo('about:blank#foo');
-    app.navigateTo('about:blank#bar');
+    app.navigateTo('http://localhost/#foo');
+    app.navigateTo('http://localhost/#bar');
     var iframes = frames.find('iframe');
     expect(iframes.length).toEqual(2);
     expect(iframes[0].src).toEqual('about:blank');
-    expect(iframes[1].src).toEqual('about:blank#bar');
+    expect(iframes[1].src).toEqual('http://localhost/#bar');
     expect(_jQuery(iframes[0]).css('display')).toEqual('none');
   });
 
   it('should URL update description bar', function() {
-    app.navigateTo('about:blank');
+    app.navigateTo('http://localhost/');
     var anchor = frames.find('> h2 a');
-    expect(anchor.attr('href')).toEqual('about:blank');
-    expect(anchor.text()).toEqual('about:blank');
+    expect(anchor.attr('href')).toEqual('http://localhost/');
+    expect(anchor.text()).toEqual('http://localhost/');
   });
 
   it('should call onload handler when frame loads', function() {
@@ -106,7 +113,7 @@ describe('angular.scenario.Application', function() {
     app.getWindow_ = function() {
       return {document: {}};
     };
-    app.navigateTo('about:blank', function($window, $document) {
+    app.navigateTo('http://localhost/', function($window, $document) {
       called = true;
     });
     callLoadHandlers(app);
@@ -130,7 +137,7 @@ describe('angular.scenario.Application', function() {
         notifyWhenNoOutstandingRequests: function(fn) {
           handlers.push(fn);
         }
-      }
+      };
     };
     app.getWindow_ = function() {
       return testWindow;
@@ -178,7 +185,7 @@ describe('angular.scenario.Application', function() {
       var finished;
       response.status = 199;
       response.statusText = 'Error Message';
-      app.navigateTo('about:blank', angular.noop, function(error) {
+      app.navigateTo('http://localhost/', angular.noop, function(error) {
         expect(error).toEqual('199 Error Message');
         finished = true;
       });
@@ -189,7 +196,7 @@ describe('angular.scenario.Application', function() {
       var finished;
       response.status = 300;
       response.statusText = 'Error';
-      app.navigateTo('about:blank', angular.noop, function(error) {
+      app.navigateTo('http://localhost/', angular.noop, function(error) {
         expect(error).toEqual('300 Error');
         finished = true;
       });
@@ -200,8 +207,8 @@ describe('angular.scenario.Application', function() {
       var finished;
       response.status = 0;
       response.statusText = '';
-      app.navigateTo('about:blank', angular.noop, function(error) {
-        expect(error).toEqual('Sandbox Error: Cannot access about:blank');
+      app.navigateTo('http://localhost/', angular.noop, function(error) {
+        expect(error).toEqual('Sandbox Error: Cannot access http://localhost/');
         finished = true;
       });
       expect(finished).toBeTruthy();