93 lines
3.1 KiB
HTML
93 lines
3.1 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
</head>
|
|
|
|
<body>
|
|
<script>
|
|
test(t => {
|
|
let s = new Sanitizer();
|
|
assert_true(s instanceof Sanitizer);
|
|
}, "SanitizerAPI creator without config.");
|
|
|
|
test(t => {
|
|
let s = new Sanitizer({});
|
|
assert_true(s instanceof Sanitizer);
|
|
}, "SanitizerAPI creator with empty config.");
|
|
|
|
test(t => {
|
|
let s = new Sanitizer(null);
|
|
assert_true(s instanceof Sanitizer);
|
|
}, "SanitizerAPI creator with null as config.");
|
|
|
|
test(t => {
|
|
let s = new Sanitizer(undefined);
|
|
assert_true(s instanceof Sanitizer);
|
|
}, "SanitizerAPI creator with undefined as config.");
|
|
|
|
test(t => {
|
|
let s = new Sanitizer({testConfig: [1,2,3], attr: ["test", "i", "am"]});
|
|
assert_true(s instanceof Sanitizer);
|
|
}, "SanitizerAPI creator with config ignore unknown values.");
|
|
|
|
// In-depth testing of sanitization is handled in other tests. Here we
|
|
// do presence testing for each of the config options and test 3 things:
|
|
// - One case where our test string is modified,
|
|
// - one where it's unaffected,
|
|
// - that a config can't be changed afterwards.
|
|
// (I.e., that the Sanitizer won't hold on to a reference of the options.)
|
|
|
|
// The probe determines whether the Sanitizer modifies the probe string.
|
|
const probe_string = "<div id=\"i\">balabala</div><p>test</p>";
|
|
const probe = sanitizer => {
|
|
let template = document.createElement("template");
|
|
template.innerHTML = probe_string;
|
|
let fragment = sanitizer.sanitize(template.content);
|
|
let div = document.createElement("div");
|
|
div.append(fragment);
|
|
return probe_string == div.innerHTML;
|
|
};
|
|
|
|
const should_stay_the_same = {
|
|
elements: [ "div", "p" ],
|
|
replaceWithChildrenElements: [ "test" ],
|
|
removeElements: [ "test" ],
|
|
attributes: ["id"],
|
|
removeAttributes: ["bla"],
|
|
};
|
|
const should_modify = {
|
|
elements: [ "div", "span" ],
|
|
replaceWithChildrenElements: [ "div" ],
|
|
removeElements: [ "p" ],
|
|
attributes: ["test"],
|
|
removeAttributes: ["id"],
|
|
};
|
|
|
|
assert_array_equals(Object.keys(should_stay_the_same), Object.keys(should_modify));
|
|
Object.keys(should_stay_the_same).forEach(option_key => {
|
|
test(t => {
|
|
const options = {};
|
|
options[option_key] = should_stay_the_same[option_key];
|
|
const s = new Sanitizer(options);
|
|
assert_true(s instanceof Sanitizer);
|
|
assert_true(probe(s));
|
|
}, `SanitizerAPI: ${option_key} stays is okay.`);
|
|
|
|
const options = {};
|
|
options[option_key] = should_modify[option_key];
|
|
const s = new Sanitizer(options);
|
|
test(t => {
|
|
assert_true(s instanceof Sanitizer);
|
|
assert_false(probe(s));
|
|
}, `SanitizerAPI: ${option_key} modify is okay.`);
|
|
|
|
options[option_key] = should_stay_the_same[option_key];
|
|
test(t => {
|
|
assert_false(probe(s));
|
|
}, `SanitizerAPI: ${option_key} config is not kept as reference.`);
|
|
});
|
|
</script>
|
|
</body>
|
|
</html>
|