sanitizer-api/sanitizer-sanitizeFor.https.tentative.html

<!DOCTYPE html>
<html>
<head>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script src="support/testcases.sub.js"></script>
</head>

<body>
<script>
    function buildNode(element_name, markup) {
      const e = document.createElement(element_name);
      e.innerHTML = markup;
      return e;
    }

    function toString(node) {
      const e = document.createElement("div");
      e.append(node.cloneNode(true));
      return e.innerHTML;
    }

    function assert_node_equals(node1, node2) {
      assert_equals(node1 instanceof Node, node2 instanceof Node);
      if (!(node1 instanceof Node)) return;

      node1.normalize();
      node2.normalize();
      assert_true(node1.isEqualNode(node2),
          `Node[${toString(node1)}] == Node[${toString(node2)}]`);
      if (node1 instanceof HTMLTemplateElement) {
        assert_node_equals(node1.content, node2.content);
      }
    }

    test(t => {
      let s = new Sanitizer();
      assert_throws_js(TypeError, _ => s.sanitizeFor());
      assert_throws_js(TypeError, _ => s.sanitizeFor(null));
    }, "Sanitizer.sanitizeFor() should throw.");

    test(t => {
      let s = new Sanitizer();
      assert_throws_js(TypeError, _ => s.sanitizeFor("xxx"));
    }, "Sanitizer.sanitizeFor() with one argument should throw.");

    for (const context of ["script", "iframe", "object", "div"]) {
      const should_fail = context != "div";
      test(t => {
        let result = new Sanitizer().sanitizeFor(context, "<div>Hello!</div>");
        if (should_fail) {
          assert_equals(null, result);
        } else {
          assert_true(result instanceof HTMLElement);
        }
      }, `Sanitizer.sanitizeFor("${context}", ...) should ${should_fail ? "fail" : "pass"}.`);
    }

    async_test(t => {
      let s = new Sanitizer();
      s.sanitizeFor("div", "<img src='https://bla/'>");
      t.step_timeout(_ => {
        assert_equals(performance.getEntriesByName("https://bla/").length, 0);
        t.done();
      }, 1000);
    }, "Sanitizer.sanitizeFor function shouldn't load the image.");

    test(t => {
      const probe = `<a href="about:blank">hello</a><script>con` +
          `sole.log("world!");<` + `/script>`;
      const expected = `<a href="about:blank">hello</a>`;
      for (const element of ["div", "template", "span", "table", "td",
                             "pumuckl", "custom-element", "linearGradient",
                             "svg", "svg:img", "svg:linearGradient"]) {
        assert_node_equals(
            buildNode(element, expected),
            new Sanitizer().sanitizeFor(element, probe));
      }
    }, `Sanitizer.sanitizeFor(element, ..)`);

    for (const context of ["div", "template", "table"]) {
      for (const probe of ["<em>Hello</em>", "<td>data</td>"]) {
        test(t => {
          assert_node_equals(
              buildNode(context, probe),
              new Sanitizer().sanitizeFor(context, probe));
        }, `Sanitizer.sanitizeFor("${context}", "${probe}") obeys parse context.`);
      }
    }

    for (const testcase of testcases) {
      test(t => {
        let s = new Sanitizer(testcase.config_input);
        assert_node_equals(
            buildNode("template", testcase.result),
            s.sanitizeFor("template", testcase.value));
      }, "Sanitizer.sanitizeFor with config: " + testcase.message);
    }
</script>
</body>
</html>