1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
const { AppConstants } = ChromeUtils.importESModule(
"resource://gre/modules/AppConstants.sys.mjs"
);
if (AppConstants.platform != "android") {
// We load HTML documents, which try to track link state, which requires
// the history service, which requires a profile.
do_get_profile();
}
const kTestCases = [
{
// bug 1602843
data: `@font-face { font-family: 'ab<\\/style><img src onerror=alert(1)>'}`,
sanitized: `@font-face { font-family: 'ab<\\/style><img src onerror=alert(1)>'}`,
},
{
// bug 1680084
data: `<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0mm;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Yu Gothic";}
span.17
{mso-style-type:personal-compose;
font-family:"Yu Gothic";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Yu Gothic";}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:99.25pt 30.0mm 30.0mm 30.0mm;}
div.WordSection1
{page:WordSection1}
-->`,
sanitized: `@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0mm;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Yu Gothic";}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Yu Gothic";}div.WordSection1
{page:WordSection1}`,
},
];
const kConditionalCSSTestCases = [
{
data: `#foo { display: none } @media (min-width: 300px) { #bar { display: none } }`,
sanitized: `#foo { display: none }`,
},
{
data: `@media (min-width: 300px) { #bar { display: none } }`,
sanitized: ``,
},
];
function run_test() {
if (AppConstants.platform != "android") {
// xpcshell tests are weird. They fake shutdown after the test finishes. This upsets this test
// because it will try to create the history service to check for visited state on the links
// we're parsing.
// Creating the history service midway through shutdown breaks.
// We can't catch this in the history component because we're not *actually* shutting down,
// and so the app startup's service's `shuttingDown` bool is false, even though normally that
// is set to true *before* profile-change-teardown notifications are fired.
// To work around this, just force the history service to be created earlier:
let { PlacesUtils } = ChromeUtils.importESModule(
"resource://gre/modules/PlacesUtils.sys.mjs"
);
Assert.ok(
PlacesUtils.history.databaseStatus <= 1,
"ensure places database is successfully initialized."
);
}
var ParserUtils = Cc["@mozilla.org/parserutils;1"].getService(
Ci.nsIParserUtils
);
var sanitizeFlags =
ParserUtils.SanitizerDropForms |
ParserUtils.SanitizerDropNonCSSPresentation |
ParserUtils.SanitizerAllowStyle;
for (let { data, sanitized } of kTestCases) {
let out = ParserUtils.sanitize(`<style>${data}</style>`, sanitizeFlags);
info(out);
Assert.equal(
`<html><head><style>${sanitized}</style></head><body></body></html>`,
out
);
}
for (let { data, sanitized } of kConditionalCSSTestCases) {
let out = ParserUtils.removeConditionalCSS(`<style>${data}</style>`);
info(out);
Assert.equal(
`<html><head><style>${sanitized}</style></head><body></body></html>`,
out
);
}
}
|
