summaryrefslogtreecommitdiffstats
path: root/dom/security/test/general/test_innerhtml_sanitizer.xhtml
blob: 4d938bc23b80fe664df38286eb1cd0cac17dd3c2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>Test for Bug 1667113</title>
  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1667113">Mozilla Bug 1667113</a>
<div></div>
<script><![CDATA[
SimpleTest.waitForExplicitFinish();

// Please note that 'fakeServer' does not exist because the test relies
// on "csp-on-violate-policy" , and "specialpowers-http-notify-request"
// which fire if either the request is blocked or fires. The test does
// not rely on the result of the load.

function fail() {
  ok(false, "Should not call this")
}

function examiner() {
  SpecialPowers.addObserver(this, "csp-on-violate-policy");
  SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
}
examiner.prototype  = {
  observe(subject, topic, data) {
    if (topic === "csp-on-violate-policy") {
      let asciiSpec = SpecialPowers.getPrivilegedProps(
                       SpecialPowers.do_QueryInterface(subject, "nsIURI"),
                       "asciiSpec");
      if (asciiSpec.includes("fakeServer")) {
        ok (false, "Should not attempt fetch, not even blocked by CSP.");
      }
    }

    if (topic === "specialpowers-http-notify-request") {
      if (data.includes("fakeServer")) {
        ok (false, "Should not try fetch");
      }
    }
  },
  remove() {
    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
  }
}

window.examiner = new examiner();

let div = document.getElementsByTagName("div")[0];
div.innerHTML = "<svg xmlns='http://www.w3.org/2000/svg'><style><title><audio xmlns='http://www.w3.org/1999/xhtml' src='fakeServer' onerror='fail()' onload='fail()'></audio></title></style></svg>";

let svg = div.firstChild;
is(svg.nodeName, "svg", "Node name should be svg");

let style = svg.firstChild;
if (style) {
  is(style.firstChild, null, "Style should not have child nodes.");
} else {
  ok(false, "Should have gotten a node.");
}


SimpleTest.executeSoon(function() {
  window.examiner.remove();
  SimpleTest.finish();
});

]]></script>
</body>
</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-17 20:11:41 +0000