XSS casper test

IPython/html/tests/casperjs/test_cases/inject_js.js

@@ -0,0 +1,23 @@
+//
+// Test robustness about JS injection in different place
+//
+// This assume malicious document arrive to the frontend.
+//
+
+casper.notebook_test(function () {
+    var messages = [];
+    this.on('remote.alert', function (msg) {
+        messages.push(msg);
+    });
+    
+    this.evaluate(function () {
+        var cell = IPython.notebook.get_cell(0);
+        var json = cell.toJSON()
+        json.prompt_number = "<script> alert('hello from input prompts !')</script>"
+        cell.fromJSON(j)
+    });
+
+    this.then(function () {
+        this.test.assert(messages.length == 0, "Captured log message from script tag injection !");
+    });
+});