1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/testcases.sub.js"></script>
</head>
<body>
<script>
function buildNode(element_name, markup) {
const e = document.createElement(element_name);
e.innerHTML = markup;
return e;
}
function toString(node) {
const e = document.createElement("div");
e.append(node.cloneNode(true));
return e.innerHTML;
}
function assert_node_equals(node1, node2) {
assert_equals(node1 instanceof Node, node2 instanceof Node);
if (!(node1 instanceof Node)) return;
node1.normalize();
node2.normalize();
assert_true(node1.isEqualNode(node2),
`Node[${toString(node1)}] == Node[${toString(node2)}]`);
if (node1 instanceof HTMLTemplateElement) {
assert_node_equals(node1.content, node2.content);
}
}
test(t => {
let s = new Sanitizer();
assert_throws_js(TypeError, _ => s.sanitizeFor());
assert_throws_js(TypeError, _ => s.sanitizeFor(null));
}, "Sanitizer.sanitizeFor() should throw.");
test(t => {
let s = new Sanitizer();
assert_throws_js(TypeError, _ => s.sanitizeFor("xxx"));
}, "Sanitizer.sanitizeFor() with one argument should throw.");
for (const context of ["script", "iframe", "object", "div"]) {
const should_fail = context != "div";
test(t => {
let result = new Sanitizer().sanitizeFor(context, "<div>Hello!</div>");
if (should_fail) {
assert_equals(null, result);
} else {
assert_true(result instanceof HTMLElement);
}
}, `Sanitizer.sanitizeFor("${context}", ...) should ${should_fail ? "fail" : "pass"}.`);
}
async_test(t => {
let s = new Sanitizer();
s.sanitizeFor("div", "<img src='https://bla/'>");
t.step_timeout(_ => {
assert_equals(performance.getEntriesByName("https://bla/").length, 0);
t.done();
}, 1000);
}, "Sanitizer.sanitizeFor function shouldn't load the image.");
test(t => {
const probe = `<a href="about:blank">hello</a><script>con` +
`sole.log("world!");<` + `/script>`;
const expected = `<a href="about:blank">hello</a>`;
for (const element of ["div", "template", "span", "table", "td",
"pumuckl", "custom-element", "linearGradient",
"svg", "svg:img", "svg:linearGradient"]) {
assert_node_equals(
buildNode(element, expected),
new Sanitizer().sanitizeFor(element, probe));
}
}, `Sanitizer.sanitizeFor(element, ..)`);
for (const context of ["div", "template", "table"]) {
for (const probe of ["<em>Hello</em>", "<td>data</td>"]) {
test(t => {
assert_node_equals(
buildNode(context, probe),
new Sanitizer().sanitizeFor(context, probe));
}, `Sanitizer.sanitizeFor("${context}", "${probe}") obeys parse context.`);
}
}
for (const testcase of testcases) {
test(t => {
let s = new Sanitizer(testcase.config_input);
assert_node_equals(
buildNode("template", testcase.result),
s.sanitizeFor("template", testcase.value));
}, "Sanitizer.sanitizeFor with config: " + testcase.message);
}
</script>
</body>
</html>
|
