summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html')
-rw-r--r--testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html61
1 files changed, 61 insertions, 0 deletions
diff --git a/testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html b/testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html
new file mode 100644
index 0000000000..292d100b2f
--- /dev/null
+++ b/testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html
@@ -0,0 +1,61 @@
+<!doctype html>
+<meta charset="utf-8">
+<title>
+ Async Clipboard write ([image/svg+xml ClipboardItem]) -> readSvg (and remove scripts) tests
+</title>
+<link rel="help" href="https://w3c.github.io/clipboard-apis/#async-clipboard-api">
+<body>Body needed for test_driver.click()</body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="resources/user-activation.js"></script>
+<script>
+'use strict';
+// This function removes extra spaces between tags in svg. For example, the
+// following svg: "<svg> <g> </g> </svg>" would turn into this
+// svg: "<svg> <g> </g> </svg>"
+// We remove the extra spaces because in svg they are considered equivalent,
+// but when we are comparing for equality the spaces make a difference.
+function reformatSvg(svg) {
+ const parser = new DOMParser();
+ const svgString =
+ parser.parseFromString(svg, 'text/html').documentElement.innerHTML;
+ const reformattedString = svgString.replace(/\>\s*\</g, '> <');
+ return reformattedString;
+}
+
+// The string must be concatenated in this way because the html parser
+// will recognize a script tag even in quotes as a real script tag. By
+// splitting it up in this way we avoid that error.
+const svg_with_script =
+ `<svg> <script>const a = 5;</scr' + 'ipt>
+ <a href="javascript:alert(2)"> test </a> </svg>`;
+const svg_without_script =
+ `<svg> </svg>`;
+promise_test(async t => {
+ await test_driver.set_permission({name: 'clipboard-read'}, 'granted');
+ await test_driver.set_permission({name: 'clipboard-write'}, 'granted');
+ const blobInput = new Blob([svg_with_script], {type: 'image/svg+xml'});
+ const clipboardItem = new ClipboardItem({'image/svg+xml': blobInput});
+ await waitForUserActivation();
+ await navigator.clipboard.write([clipboardItem]);
+ await waitForUserActivation();
+ const clipboardItems =
+ await navigator.clipboard.read({type: 'image/svg+xml'});
+
+ const svg = clipboardItems[0];
+ assert_equals(svg.types.length, 1);
+ assert_equals(svg.types[0], 'image/svg+xml');
+
+ const blobOutput = await svg.getType('image/svg+xml');
+ assert_equals(blobOutput.type, 'image/svg+xml');
+
+ const blobText = await (new Response(blobOutput)).text();
+
+ const outputSvg = reformatSvg(blobText);
+ const inputSvg = reformatSvg(svg_without_script);
+ assert_equals(outputSvg, inputSvg);
+}, 'Verify write and read clipboard with scripts removed given image/svg+xml: '
+ + svg_with_script);
+</script>