summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/sanitizer-api/sanitizer-unknown.https.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/sanitizer-api/sanitizer-unknown.https.html')
-rw-r--r--testing/web-platform/tests/sanitizer-api/sanitizer-unknown.https.html45
1 files changed, 45 insertions, 0 deletions
diff --git a/testing/web-platform/tests/sanitizer-api/sanitizer-unknown.https.html b/testing/web-platform/tests/sanitizer-api/sanitizer-unknown.https.html
new file mode 100644
index 0000000000..03d7c6966d
--- /dev/null
+++ b/testing/web-platform/tests/sanitizer-api/sanitizer-unknown.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<script>
+test(t => {
+ d = document.createElement("div")
+ d.setHTML("<hello><world>",
+ { sanitizer: new Sanitizer({allowElements: ["hello", "world"]}) });
+ assert_equals(d.innerHTML, "");
+}, "Unknown element names get blocked without allowUnknownMarkup.");
+
+test(t => {
+ d = document.createElement("div")
+ d.setHTML("<hello><world>",
+ { sanitizer: new Sanitizer({allowUnknownMarkup: true,
+ allowElements: ["hello", "world"]}) });
+ assert_equals(d.innerHTML, "<hello><world></world></hello>");
+}, "Unknown element names pass with allowUnknownMarkup.");
+
+test(t => {
+ d = document.createElement("div")
+ d.setHTML("<b hello='1' world>", { sanitizer:
+ new Sanitizer({allowAttributes: [{name: "hello", elements: "*"},
+ {name: "world", elements: "*"}]}) });
+ assert_equals(d.innerHTML, "<b></b>");
+}, "Unknown attributes names get blocked without allowUnknownMarkup.");
+
+test(t => {
+ d = document.createElement("div")
+ d.setHTML("<b hello='1' world>", { sanitizer:
+ new Sanitizer({allowUnknownMarkup: true,
+ allowAttributes: [
+ {name: "hello", elements: "*"},
+ {name: "world", elements: "*"}
+ ]})
+ });
+ assert_equals(d.innerHTML, `<b hello="1" world=""></b>`);
+}, "Unknown attribute names pass with allowUnknownMarkup.");
+</script>
+</body>
+</html>