Is there a way to send custom malformed/malicious data through a websocket in LiveView? I’m trying to write tests from as close to the user as possible and I’d like to test against a user sending malicious information.
I’m sure you can hack the LV JS client and make it send whatever you want to the LV backend.
But if your question is: “can I do it as part of a ExUnit test?” I don’t think LV provides the tools to do this. What would be the purpose of such a test anyway? LV is already supposed to deal with malformed/malicious messages, so you’d be testing LV itself and not your application.
What would your test look like and what do you hope to achieve with it?
When writing tests, I kept feeling like I was double testing a lot of functionality, since I wrote a test of the function itself with a unit test and then retested it with an end-to-end test. After reading an article (which I cannot find now), I realized that unit testing might be pointless, at least in my use case. So I just started primarily writing end-to-end tests and only writing unit tests when it was absolutely necessary.
So, for example, if a user sends a phx-click event called “delete comment” and the comment id happens to be for a comment the user isn’t allowed to delete, I’d like to assert it is handled correctly from the user perspective, instead of writing a unit test to assert the delete_comment function behaves correctly.
For example, changing the phx-value of a phx-click is trivial
I like this approach, this is also what I usually do
Yes, these tests make a lot of sense. You can use the standard LV test functions, like
render_submit and friends for that.
I was thinking that you wanted to mess with the internals of the LV channel, like format of messages, tokens etc.