| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="support/testcases.sub.js"></script> |
| </head> |
| |
| <body> |
| <script> |
| function getString(fragment) { |
| d = document.createElement("div"); |
| d.replaceChildren(...fragment.cloneNode(true).childNodes); |
| return d.innerHTML; |
| } |
| |
| function getFragment(markup) { |
| const d = document.createElement("div"); |
| d.innerHTML = markup; |
| let f = document.createDocumentFragment(); |
| f.replaceChildren(...d.childNodes); |
| return f; |
| } |
| function getDoc(markup) { |
| return new DOMParser().parseFromString(markup, "text/html"); |
| } |
| function assert_node_equals(node1, node2) { |
| assert_true(node1 instanceof Node && node1.isEqualNode(node2), |
| `Node[${getString(node1)}] == Node[${getString(node2)}]`); |
| } |
| |
| test(t => { |
| let s = new Sanitizer(); |
| assert_throws_js(TypeError, _ => s.sanitize()); |
| }, "Sanitizer.sanitize() should throw an error."); |
| |
| test(t => { |
| let s = new Sanitizer(); |
| assert_throws_js(TypeError, _ => s.sanitize(null)); |
| }, "Sanitizer.sanitize(null)."); |
| |
| const probe_string = `<a href="about:blank">hello</a><script>cons` + |
| `ole.log("world!");<` + `/script>`; |
| test(t => { |
| const sanitized = new Sanitizer().sanitize(getFragment(probe_string)); |
| const expected = getFragment(probe_string.substr(0, 31)); |
| assert_node_equals(expected, sanitized); |
| }, "Sanitizer.sanitze(DocumentFragment)"); |
| |
| test(t => { |
| const sanitized = new Sanitizer().sanitize(getDoc(probe_string)); |
| const expected = getFragment(probe_string.substr(0, 31)); |
| assert_node_equals(expected, sanitized); |
| }, "Sanitizer.sanitze(Document)"); |
| |
| testcases.forEach(c => test(t => { |
| let s = new Sanitizer(c.config_input); |
| var dom = new DOMParser().parseFromString("<!DOCTYPE html><body>" + c.value, "text/html"); |
| fragment = s.sanitize(dom); |
| assert_true(fragment instanceof DocumentFragment); |
| |
| let result = getString(fragment); |
| assert_equals(result, c.result); |
| }, "SanitizerAPI with config: " + c.message + ", sanitize from document function for <body>")); |
| |
| testcases.forEach(c => test(t => { |
| let s = new Sanitizer(c.config_input); |
| let tpl = document.createElement("template"); |
| tpl.innerHTML = c.value; |
| fragment = s.sanitize(tpl.content); |
| assert_true(fragment instanceof DocumentFragment); |
| assert_equals(getString(fragment), c.result); |
| }, "SanitizerAPI with config: " + c.message + ", sanitize from document fragment function for <template>")); |
| </script> |
| </body> |
| </html> |