summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/meta/sanitizer-api
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/meta/sanitizer-api
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--testing/web-platform/meta/sanitizer-api/__dir__.ini1
-rw-r--r--testing/web-platform/meta/sanitizer-api/sanitizer-config.https.html.ini3
-rw-r--r--testing/web-platform/meta/sanitizer-api/sanitizer-insecure-context.html.ini4
-rw-r--r--testing/web-platform/meta/sanitizer-api/sanitizer-names.https.html.ini17
-rw-r--r--testing/web-platform/meta/sanitizer-api/sanitizer-query-config.https.html.ini11
-rw-r--r--testing/web-platform/meta/sanitizer-api/sanitizer-sanitize.https.tentative.html.ini15
-rw-r--r--testing/web-platform/meta/sanitizer-api/sanitizer-sanitizeFor.https.tentative.html.ini279
-rw-r--r--testing/web-platform/meta/sanitizer-api/sanitizer-secure-context.https.html.ini3
-rw-r--r--testing/web-platform/meta/sanitizer-api/sanitizer-unknown.https.html.ini5
9 files changed, 338 insertions, 0 deletions
diff --git a/testing/web-platform/meta/sanitizer-api/__dir__.ini b/testing/web-platform/meta/sanitizer-api/__dir__.ini
new file mode 100644
index 0000000000..fb4d1e09bf
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/__dir__.ini
@@ -0,0 +1 @@
+prefs: [dom.security.sanitizer.enabled:true, dom.security.setHTML.enabled:true]
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-config.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-config.https.html.ini
new file mode 100644
index 0000000000..1ebd6b2251
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-config.https.html.ini
@@ -0,0 +1,3 @@
+[sanitizer-config.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-insecure-context.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-insecure-context.html.ini
new file mode 100644
index 0000000000..fb3a525b1e
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-insecure-context.html.ini
@@ -0,0 +1,4 @@
+[sanitizer-insecure-context.html]
+ expected:
+ if (os == "android") and debug and not fission: [OK, TIMEOUT]
+ if (os == "android") and debug and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-names.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-names.https.html.ini
new file mode 100644
index 0000000000..9709146fe9
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-names.https.html.ini
@@ -0,0 +1,17 @@
+[sanitizer-names.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Element names in config item: allowElements]
+ expected: FAIL
+
+ [Element names in config item: dropElements]
+ expected: FAIL
+
+ [Element names in config item: blockElements]
+ expected: FAIL
+
+ [Attribute names in config item: allowAttributes]
+ expected: FAIL
+
+ [Attribute names in config item: dropAttributes]
+ expected: FAIL
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-query-config.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-query-config.https.html.ini
new file mode 100644
index 0000000000..f0670dff94
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-query-config.https.html.ini
@@ -0,0 +1,11 @@
+[sanitizer-query-config.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [SanitizerAPI getDefaultConfiguration()]
+ expected: FAIL
+
+ [SanitizerAPI getConfiguration() on default created Sanitizer]
+ expected: FAIL
+
+ [SanitizerAPI getConfiguration() reflects creation config.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-sanitize.https.tentative.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-sanitize.https.tentative.html.ini
new file mode 100644
index 0000000000..ffb0fb0b92
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-sanitize.https.tentative.html.ini
@@ -0,0 +1,15 @@
+[sanitizer-sanitize.https.tentative.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ max-asserts: 120
+ [SanitizerAPI with config: plaintext, sanitize from document function for <body>]
+ expected: FAIL
+
+ [SanitizerAPI with config: allowAttributes unknown attributes and with allowUnknownMarkup, sanitize from document function for <body>]
+ expected: FAIL
+
+ [SanitizerAPI with config: plaintext, sanitize from document fragment function for <template>]
+ expected: FAIL
+
+ [SanitizerAPI with config: allowAttributes unknown attributes and with allowUnknownMarkup, sanitize from document fragment function for <template>]
+ expected: FAIL
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-sanitizeFor.https.tentative.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-sanitizeFor.https.tentative.html.ini
new file mode 100644
index 0000000000..ec3c6e65b6
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-sanitizeFor.https.tentative.html.ini
@@ -0,0 +1,279 @@
+[sanitizer-sanitizeFor.https.tentative.html]
+ expected:
+ if (os == "android") and debug and fission: [OK, TIMEOUT]
+ if (os == "android") and debug and not fission: [OK, TIMEOUT]
+ [Sanitizer.sanitizeFor(element, ..)]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("template", "<em>Hello</em>") obeys parse context.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("template", "<td>data</td>") obeys parse context.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: string]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: html fragment]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: empty object]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: number]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: zeros]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: arithmetic]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: undefined]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: document]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: html without close tag]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: onclick scripts]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: plaintext]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: xmp]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: invalid config_input]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: empty dropElements list]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: test html without close tag with dropElements list ['div'\]]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: default behavior for custom elements]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allow custom elements]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allow custom elements with allow elements]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: disallow custom elements]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allow custom elements with drop list contains ["custom-element"\]]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropElements list ["test-element", "i"\]}]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropElements list ["I", "DL"\]}]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropElements list ["dl", "p"\]}]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowElements list ["p"\]]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowElements list has no influence to dropElements]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropAttributes list {"style": ["p"\]} with style attribute]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropAttributes list {"*": ["a"\]} with style attribute]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: empty dropAttributes list with id attribute]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropAttributes list {"id": ["*"\]} with id attribute]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropAttributes list {"ID": ["*"\]} with id attribute]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowAttributes list {"id": ["div"\]} with id attribute]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowAttributes list {"id": ["*"\]} with id attribute and onclick scripts]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowAttributes list {"*": ["a"\]} with style attribute]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowAttributes list has no influence to dropAttributes]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: Template element]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLAnchorElement with javascript protocal]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLAnchorElement with javascript protocal start with space]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLAnchorElement]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLAreaElement with javascript protocal]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLAreaElement with javascript protocal start with space]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLAreaElement]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLFormElement with javascript action]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLFormElement with javascript action start with space]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLFormElement]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLInputElement with javascript formaction]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLInputElement with javascript formaction start with space]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLInputElement]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLButtonElement with javascript formaction]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLButtonElement with javascript formaction start with space]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTMLButtonElement]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: malformed HTML]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTML with comments; comments not allowed]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTML with comments; allowComments]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTML with comments; !allowComments]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTML with comments deeper in the tree]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTML with comments deeper in the tree, allowComments]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: HTML with comments deeper in the tree, !allowComments]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("script", ...) should fail.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("object", ...) should fail.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("iframe", ...) should fail.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: script not as root]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: script deeper in the tree]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces when nested.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("div", ...) should pass.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor function shouldn't load the image.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("div", "<em>Hello</em>") obeys parse context.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("div", "<td>data</td>") obeys parse context.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("table", "<em>Hello</em>") obeys parse context.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor("table", "<td>data</td>") obeys parse context.]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: broken html]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: empty string]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: scripts for default configs]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: test script with ["script"\] as dropElements list]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropElements list ["i", "dl"\]}]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropElements list ["i", "dl"\]} with uppercase HTML]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropAttributes list {"ID": ["*"\]} with ID attribute]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropAttributes list {"id": ["*"\]} with ID attribute]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropElements with unknown elements and without allowUnknownMarkup]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: blockElements with unknown elements and without allowUnknownMarkup]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowElements with unknown elements and without allowUnknownMarkup]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropElements with unknown elements and with allowUnknownMarkup]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: blockElements with unknown elements and with allowUnknownMarkup]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowElements with unknown elements and with allowUnknownMarkup]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowAttributes unknown attributes and without allowUnknownMarkup]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: allowAttributes unknown attributes and with allowUnknownMarkup]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropAttributes unknown attributes and without allowUnknownMarkup]
+ expected: FAIL
+
+ [Sanitizer.sanitizeFor with config: dropAttributes unknown attributes and with allowUnknownMarkup]
+ expected: FAIL
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-secure-context.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-secure-context.https.html.ini
new file mode 100644
index 0000000000..4f9618f8a7
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-secure-context.https.html.ini
@@ -0,0 +1,3 @@
+[sanitizer-secure-context.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-unknown.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-unknown.https.html.ini
new file mode 100644
index 0000000000..34f6797131
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-unknown.https.html.ini
@@ -0,0 +1,5 @@
+[sanitizer-unknown.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Unknown attribute names pass with allowUnknownMarkup.]
+ expected: FAIL