diff options
Diffstat (limited to 'testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html')
-rw-r--r-- | testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html b/testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html new file mode 100644 index 0000000000..292d100b2f --- /dev/null +++ b/testing/web-platform/tests/clipboard-apis/async-svg-script-removal.https.html @@ -0,0 +1,61 @@ +<!doctype html> +<meta charset="utf-8"> +<title> + Async Clipboard write ([image/svg+xml ClipboardItem]) -> readSvg (and remove scripts) tests +</title> +<link rel="help" href="https://w3c.github.io/clipboard-apis/#async-clipboard-api"> +<body>Body needed for test_driver.click()</body> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> +<script src="resources/user-activation.js"></script> +<script> +'use strict'; +// This function removes extra spaces between tags in svg. For example, the +// following svg: "<svg> <g> </g> </svg>" would turn into this +// svg: "<svg> <g> </g> </svg>" +// We remove the extra spaces because in svg they are considered equivalent, +// but when we are comparing for equality the spaces make a difference. +function reformatSvg(svg) { + const parser = new DOMParser(); + const svgString = + parser.parseFromString(svg, 'text/html').documentElement.innerHTML; + const reformattedString = svgString.replace(/\>\s*\</g, '> <'); + return reformattedString; +} + +// The string must be concatenated in this way because the html parser +// will recognize a script tag even in quotes as a real script tag. By +// splitting it up in this way we avoid that error. +const svg_with_script = + `<svg> <script>const a = 5;</scr' + 'ipt> + <a href="javascript:alert(2)"> test </a> </svg>`; +const svg_without_script = + `<svg> </svg>`; +promise_test(async t => { + await test_driver.set_permission({name: 'clipboard-read'}, 'granted'); + await test_driver.set_permission({name: 'clipboard-write'}, 'granted'); + const blobInput = new Blob([svg_with_script], {type: 'image/svg+xml'}); + const clipboardItem = new ClipboardItem({'image/svg+xml': blobInput}); + await waitForUserActivation(); + await navigator.clipboard.write([clipboardItem]); + await waitForUserActivation(); + const clipboardItems = + await navigator.clipboard.read({type: 'image/svg+xml'}); + + const svg = clipboardItems[0]; + assert_equals(svg.types.length, 1); + assert_equals(svg.types[0], 'image/svg+xml'); + + const blobOutput = await svg.getType('image/svg+xml'); + assert_equals(blobOutput.type, 'image/svg+xml'); + + const blobText = await (new Response(blobOutput)).text(); + + const outputSvg = reformatSvg(blobText); + const inputSvg = reformatSvg(svg_without_script); + assert_equals(outputSvg, inputSvg); +}, 'Verify write and read clipboard with scripts removed given image/svg+xml: ' + + svg_with_script); +</script> |