101 lines
3.4 KiB
HTML
101 lines
3.4 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<script src="support/testcases.sub.js"></script>
|
|
</head>
|
|
|
|
<body>
|
|
<script>
|
|
function buildNode(element_name, markup) {
|
|
const e = document.createElement(element_name);
|
|
e.innerHTML = markup;
|
|
return e;
|
|
}
|
|
|
|
function toString(node) {
|
|
const e = document.createElement("div");
|
|
e.append(node.cloneNode(true));
|
|
return e.innerHTML;
|
|
}
|
|
|
|
function assert_node_equals(node1, node2) {
|
|
assert_equals(node1 instanceof Node, node2 instanceof Node);
|
|
if (!(node1 instanceof Node)) return;
|
|
|
|
node1.normalize();
|
|
node2.normalize();
|
|
assert_true(node1.isEqualNode(node2),
|
|
`Node[${toString(node1)}] == Node[${toString(node2)}]`);
|
|
if (node1 instanceof HTMLTemplateElement) {
|
|
assert_node_equals(node1.content, node2.content);
|
|
}
|
|
}
|
|
|
|
test(t => {
|
|
let s = new Sanitizer();
|
|
assert_throws_js(TypeError, _ => s.sanitizeFor());
|
|
assert_throws_js(TypeError, _ => s.sanitizeFor(null));
|
|
}, "Sanitizer.sanitizeFor() should throw.");
|
|
|
|
test(t => {
|
|
let s = new Sanitizer();
|
|
assert_throws_js(TypeError, _ => s.sanitizeFor("xxx"));
|
|
}, "Sanitizer.sanitizeFor() with one argument should throw.");
|
|
|
|
for (const context of ["script", "iframe", "object", "div"]) {
|
|
const should_fail = context != "div";
|
|
test(t => {
|
|
let result = new Sanitizer().sanitizeFor(context, "<div>Hello!</div>");
|
|
if (should_fail) {
|
|
assert_equals(null, result);
|
|
} else {
|
|
assert_true(result instanceof HTMLElement);
|
|
}
|
|
}, `Sanitizer.sanitizeFor("${context}", ...) should ${should_fail ? "fail" : "pass"}.`);
|
|
}
|
|
|
|
async_test(t => {
|
|
let s = new Sanitizer();
|
|
s.sanitizeFor("div", "<img src='https://bla/'>");
|
|
t.step_timeout(_ => {
|
|
assert_equals(performance.getEntriesByName("https://bla/").length, 0);
|
|
t.done();
|
|
}, 1000);
|
|
}, "Sanitizer.sanitizeFor function shouldn't load the image.");
|
|
|
|
test(t => {
|
|
const probe = `<a href="about:blank">hello</a><script>con` +
|
|
`sole.log("world!");<` + `/script>`;
|
|
const expected = `<a href="about:blank">hello</a>`;
|
|
for (const element of ["div", "template", "span", "table", "td",
|
|
"pumuckl", "custom-element", "linearGradient",
|
|
"svg", "svg:img", "svg:linearGradient"]) {
|
|
assert_node_equals(
|
|
buildNode(element, expected),
|
|
new Sanitizer().sanitizeFor(element, probe));
|
|
}
|
|
}, `Sanitizer.sanitizeFor(element, ..)`);
|
|
|
|
for (const context of ["div", "template", "table"]) {
|
|
for (const probe of ["<em>Hello</em>", "<td>data</td>"]) {
|
|
test(t => {
|
|
assert_node_equals(
|
|
buildNode(context, probe),
|
|
new Sanitizer().sanitizeFor(context, probe));
|
|
}, `Sanitizer.sanitizeFor("${context}", "${probe}") obeys parse context.`);
|
|
}
|
|
}
|
|
|
|
for (const testcase of testcases) {
|
|
test(t => {
|
|
let s = new Sanitizer(testcase.config_input);
|
|
assert_node_equals(
|
|
buildNode("template", testcase.result),
|
|
s.sanitizeFor("template", testcase.value));
|
|
}, "Sanitizer.sanitizeFor with config: " + testcase.message);
|
|
}
|
|
</script>
|
|
</body>
|
|
</html>
|