Skip to content

[test] Add e2e tests for JS in st.html #12919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sfc-gh-bnisco merged 1 commit into from
Nov 6, 2025
Merged

[test] Add e2e tests for JS in st.html #12919

sfc-gh-bnisco merged 1 commit into from
Nov 6, 2025
+30 −3

Conversation

@sfc-gh-bnisco
Copy link
Collaborator

@sfc-gh-bnisco sfc-gh-bnisco commented Nov 3, 2025
edited
Loading

Describe your changes

Adds e2e tests for st.html with unsafe_allow_javascript.

GitHub Issue Link (if applicable)

Testing Plan

  • E2E Tests: Added a test case in st_html.py that includes JavaScript code with the new parameter, and updated st_html_test.py to verify that:
    1. The JavaScript code executes correctly when allowed
    2. The DOM is updated as expected by the script
    3. The global variable set by the script is accessible

Contribution License Agreement

By submitting this pull request you agree that all contributions to this project are made under the Apache 2.0 license.

@snyk-io
Copy link
Contributor

snyk-io bot commented Nov 3, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Licenses 0 0 0 0 0 issues
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

This was referenced Nov 3, 2025
Merged
Merged
@sfc-gh-bnisco Graphite App
Copy link
Collaborator Author

sfc-gh-bnisco commented Nov 3, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@sfc-gh-bnisco sfc-gh-bnisco mentioned this pull request Nov 3, 2025
Merged
@github-actions
Copy link
Contributor

github-actions bot commented Nov 3, 2025
edited
Loading

✅ PR preview is ready!

Name Link
📦 Wheel file https://core-previews.s3-us-west-2.amazonaws.com/pr-12919/streamlit-1.51.0-py3-none-any.whl
📦 @streamlit/component-v2-lib Download from artifacts
🕹️ Preview app pr-12919.streamlit.app (☁️ Deploy here if not accessible)

@sfc-gh-bnisco sfc-gh-bnisco added change:feature PR contains new feature or enhancement implementation impact:users PR changes affect end users security-assessment-completed Security assessment has been completed for PR labels Nov 3, 2025 — with Graphite App
@sfc-gh-bnisco sfc-gh-bnisco removed the impact:users PR changes affect end users label Nov 3, 2025
@sfc-gh-bnisco sfc-gh-bnisco added the impact:internal PR changes only affect internal code label Nov 3, 2025 — with Graphite App
@sfc-gh-bnisco sfc-gh-bnisco removed the change:feature PR contains new feature or enhancement implementation label Nov 3, 2025
@sfc-gh-bnisco sfc-gh-bnisco added the change:chore PR contains maintenance or housekeeping change label Nov 3, 2025 — with Graphite App
@sfc-gh-bnisco sfc-gh-bnisco requested a review from Copilot November 3, 2025 21:47
Copilot AI reviewed Nov 3, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds E2E testing for JavaScript execution in st.html when the unsafe_allow_javascript=True parameter is enabled. This verifies the functionality of a security-sensitive feature that allows explicit JavaScript execution within HTML content.

  • Adds a new test case to verify JavaScript executes when unsafe_allow_javascript=True is set
  • Adds a new st.html call in the test app with JavaScript that modifies DOM and sets a global flag
  • Updates element count constants to reflect the additional HTML element

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
e2e_playwright/st_html.py Adds a new st.html call with unsafe_allow_javascript=True containing JavaScript that modifies a div's text and sets a window variable
e2e_playwright/st_html_test.py Adds test function to verify JavaScript execution, updates ST_HTML_ELEMENTS count from 10 to 11, and updates related assertions from 8 to 9

@sfc-gh-bnisco sfc-gh-bnisco force-pushed the html-js-e2e branch 2 times, most recently from 009f855 to 836c521 Compare November 4, 2025 00:15
@sfc-gh-bnisco sfc-gh-bnisco marked this pull request as ready for review November 4, 2025 21:06
@sfc-gh-bnisco Graphite App
Copy link
Collaborator Author

sfc-gh-bnisco commented Nov 6, 2025
edited
Loading

Merge activity

  • Nov 6, 5:33 PM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Nov 6, 6:43 PM UTC: Graphite rebased this pull request as part of a merge.
  • Nov 6, 7:08 PM UTC: @sfc-gh-bnisco merged this pull request with Graphite.

@sfc-gh-bnisco sfc-gh-bnisco changed the base branch from html-js-frontend to graphite-base/12919 November 6, 2025 18:15
@sfc-gh-bnisco sfc-gh-bnisco changed the base branch from graphite-base/12919 to develop November 6, 2025 18:41
@sfc-gh-bnisco sfc-gh-bnisco requested a review from a team as a code owner November 6, 2025 18:41
@sfc-gh-bnisco sfc-gh-bnisco merged commit 95fd7d2 into develop Nov 6, 2025
38 checks passed
@sfc-gh-bnisco sfc-gh-bnisco deleted the html-js-e2e branch November 6, 2025 19:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sfc-gh-lwilby sfc-gh-lwilby sfc-gh-lwilby approved these changes

Assignees

No one assigned

Labels

change:chore PR contains maintenance or housekeeping change impact:internal PR changes only affect internal code security-assessment-completed Security assessment has been completed for PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sfc-gh-bnisco @sfc-gh-lwilby