testing/web-platform/tests/sanitizer-api/sanitizer-query-config.https.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

<!DOCTYPE html>
<html>
<head>
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
  function assert_deep_equals(obj1, obj2) {
    assert_equals(typeof obj1, typeof obj2);
    if (typeof obj1 == "string") {
      assert_equals(obj1, obj2);
    } else if (typeof obj1 == "boolean") {
      assert_true(obj1 == obj2);
    } else if (Array.isArray(obj1)) {
      assert_equals(obj1.length, obj2.length);
      assert_array_equals(obj1.sort(), obj2.sort());
    } else if (typeof obj1 == "object") {
      assert_array_equals(Object.keys(obj1).sort(), Object.keys(obj2).sort());
      for (const k of Object.keys(obj1))
        assert_deep_equals(obj1[k], obj2[k]);
    }
  }

  test(t => {
    // Quick sanity test: Test a few default values.
    assert_in_array("div", Sanitizer.getDefaultConfiguration().allowElements);
    assert_false(Sanitizer.getDefaultConfiguration().allowElements.includes("script"));
    assert_false(Sanitizer.getDefaultConfiguration().allowElements.includes("noscript"));

    assert_true("span" in Sanitizer.getDefaultConfiguration().allowAttributes);
    assert_false("onclick" in Sanitizer.getDefaultConfiguration().allowAttributes);

    assert_false("dropElements" in Sanitizer.getDefaultConfiguration());
    assert_false("blockElements" in Sanitizer.getDefaultConfiguration());
    assert_false("dropAttributes" in Sanitizer.getDefaultConfiguration());
    assert_false(Sanitizer.getDefaultConfiguration().allowCustomElements);
    assert_false(Sanitizer.getDefaultConfiguration().allowUnknownMarkup);
  }, "SanitizerAPI getDefaultConfiguration()");

  test(t => {
    assert_deep_equals(Sanitizer.getDefaultConfiguration(),
                       new Sanitizer().getConfiguration());
  }, "SanitizerAPI getConfiguration() on default created Sanitizer");

  test(t => {
    const configs = [{
      allowElements: ["div", "span", "helloworld"],
      dropElements: ["xxx"],
      allowAttributes: { "class": ["*"], "color": ["span", "div"],
                         "onclick": ["*"] },
      allowCustomElements: true,
      allowUnknownMarkup: true,
    },{
      blockElements: ["table", "tbody", "th", "td"],
    }, {
      allowCustomElements: false,
    }, {
      allowUnknownMarkup: false,
    }];
    for (const config of configs)
      assert_deep_equals(config, new Sanitizer(config).getConfiguration());

    // Also test a mixed case variant:
    const config_0_mixed = {
      allowElements: ["div", "sPAn", "HelloWorld"],
      dropElements: ["XXX"],
      allowAttributes: { "class": ["*"], "color": ["sPAn", "div"],
                         "onclick": ["*"] },
      allowCustomElements: true,
      allowUnknownMarkup: true,
    };
    assert_deep_equals(config_0_mixed,
                       new Sanitizer(config_0_mixed).getConfiguration());
  }, "SanitizerAPI getConfiguration() reflects creation config.");

</script>
</body>
</html>