summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/domparsing/innerhtml-mxss.sub.html
blob: 7563d892d9fcc9e8ef111af66a7bdb2ae9e6edf0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<!DOCTYPE html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
  <div><a></a></div>
  <script>
    var whitespaces = [
      "1680", "2000", "2001", "2002", "2003", "2004", "2005", "2006", "2007",
      "2008", "2009", "200a", "2028", "205f", "3000"
    ];

    for (var i = 0; i < whitespaces.length; i++) {
      var container = document.querySelector('a').parentNode;
      var entity = `&#x${whitespaces[i]};`;
      var character = String.fromCharCode(parseInt(whitespaces[i], 16));
      var url = encodeURIComponent(character);
      container.innerHTML = `<a href="${entity}javascript:alert(1)">Link</a>`;

      var a = document.querySelector('a');

      test(_ => {
        assert_equals(
            container.innerHTML,
            `<a href="${character}javascript:alert(1)">Link</a>`);
      }, `innerHTML before setter: ${whitespaces[i]}`);
      test(_ => {
        assert_equals(
            a.href,
            `http://{{host}}:{{ports[http][0]}}/domparsing/${url}javascript:alert(1)`);
      }, `href before setter: ${whitespaces[i]}`);

      a.parentNode.innerHTML += 'foo';
      a = document.querySelector('a');

      test(_ => {
        assert_equals(
            container.innerHTML,
            `<a href="${character}javascript:alert(1)">Link</a>foo`);
      }, `innerHTML after setter: ${whitespaces[i]}`);
      test(_ => {
        assert_equals(
            a.href,
            `http://{{host}}:{{ports[http][0]}}/domparsing/${url}javascript:alert(1)`);
      }, `href after setter: ${whitespaces[i]}`);
    }
  </script>
</body>