1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/testcases.sub.js"></script>
</head>
<body>
<script>
function getString(fragment) {
d = document.createElement("div");
d.replaceChildren(...fragment.cloneNode(true).childNodes);
return d.innerHTML;
}
function getFragment(markup) {
const d = document.createElement("div");
d.innerHTML = markup;
let f = document.createDocumentFragment();
f.replaceChildren(...d.childNodes);
return f;
}
function getDoc(markup) {
return new DOMParser().parseFromString(markup, "text/html");
}
function assert_node_equals(node1, node2) {
assert_true(node1 instanceof Node && node1.isEqualNode(node2),
`Node[${getString(node1)}] == Node[${getString(node2)}]`);
}
test(t => {
let s = new Sanitizer();
assert_throws_js(TypeError, _ => s.sanitize());
}, "Sanitizer.sanitize() should throw an error.");
test(t => {
let s = new Sanitizer();
assert_throws_js(TypeError, _ => s.sanitize(null));
}, "Sanitizer.sanitize(null).");
const probe_string = `<a href="about:blank">hello</a><script>cons` +
`ole.log("world!");<` + `/script>`;
test(t => {
const sanitized = new Sanitizer().sanitize(getFragment(probe_string));
const expected = getFragment(probe_string.substr(0, 31));
assert_node_equals(expected, sanitized);
}, "Sanitizer.sanitze(DocumentFragment)");
test(t => {
const sanitized = new Sanitizer().sanitize(getDoc(probe_string));
const expected = getFragment(probe_string.substr(0, 31));
assert_node_equals(expected, sanitized);
}, "Sanitizer.sanitze(Document)");
testcases.forEach(c => test(t => {
let s = new Sanitizer(c.config_input);
var dom = new DOMParser().parseFromString("<!DOCTYPE html><body>" + c.value, "text/html");
fragment = s.sanitize(dom);
assert_true(fragment instanceof DocumentFragment);
let result = getString(fragment);
assert_equals(result, c.result);
}, "SanitizerAPI with config: " + c.message + ", sanitize from document function for <body>"));
testcases.forEach(c => test(t => {
let s = new Sanitizer(c.config_input);
let tpl = document.createElement("template");
tpl.innerHTML = c.value;
fragment = s.sanitize(tpl.content);
assert_true(fragment instanceof DocumentFragment);
assert_equals(getString(fragment), c.result);
}, "SanitizerAPI with config: " + c.message + ", sanitize from document fragment function for <template>"));
</script>
</body>
</html>
|