From b22c1eb2aab896ea2dfab44fb8d7751352e80a86 Mon Sep 17 00:00:00 2001
From: Yuya Ochiai <yuya0321@gmail.com>
Date: Sat, 25 Jun 2016 17:53:02 +0900
Subject: [PATCH] Add test to confirm Node.js API is disabled in webview

---
 test/specs/security_test.js | 42 +++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 test/specs/security_test.js

diff --git a/test/specs/security_test.js b/test/specs/security_test.js
new file mode 100644
index 00000000..5888b283
--- /dev/null
+++ b/test/specs/security_test.js
@@ -0,0 +1,42 @@
+'use strict';
+
+const path = require('path');
+const fs = require('fs');
+
+const env = require('../modules/environment');
+
+describe('application', function() {
+  const config = {
+    version: 1,
+    teams: [{
+      name: 'example_1',
+      url: env.mattermostURL
+    }, {
+      name: 'example_2',
+      url: env.mattermostURL
+    }]
+  };
+
+  beforeEach(function() {
+    fs.writeFileSync(env.configFilePath, JSON.stringify(config));
+    this.app = env.getSpectronApp();
+    return this.app.start();
+  });
+
+  afterEach(function() {
+    if (this.app && this.app.isRunning()) {
+      return this.app.stop()
+    }
+  });
+
+  it('should NOT be able to call Node.js API in webview', function() {
+    return this.app.client
+      // Ideally, need to confirm actual behavior in webview by executing require('electron');
+      .getAttribute('webview', 'nodeintegration').then((nodeintegration) => {
+        // nodeintegration is an array of string
+        nodeintegration.forEach((n) => {
+          n.should.equal('false');
+        });
+      });
+  });
+});