sanitizer-api/sanitizer-unknown.https.html - external/w3c/web-platform-tests - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
   <script src="/resources/testharness.js"></script>
   <script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
 test(t => {
   d = document.createElement("div")
   d.setHTML("<hello><world>",
       { sanitizer: new Sanitizer({allowElements: ["hello", "world"]}) });
   assert_equals(d.innerHTML, "");
 }, "Unknown element names get blocked without allowUnknownMarkup.");

 test(t => {
   d = document.createElement("div")
   d.setHTML("<hello><world>",
       { sanitizer: new Sanitizer({allowUnknownMarkup: true,
                                  allowElements: ["hello", "world"]}) });
   assert_equals(d.innerHTML, "<hello><world></world></hello>");
 }, "Unknown element names pass with allowUnknownMarkup.");

 test(t => {
   d = document.createElement("div")
   d.setHTML("<b hello='1' world>", { sanitizer:
       new Sanitizer({allowAttributes: [{name: "hello", elements: "*"},
         {name: "world", elements: "*"}]}) });
   assert_equals(d.innerHTML, "<b></b>");
 }, "Unknown attributes names get blocked without allowUnknownMarkup.");

 test(t => {
   d = document.createElement("div")
   d.setHTML("<b hello='1' world>", { sanitizer:
       new Sanitizer({allowUnknownMarkup: true,
                      allowAttributes: [
                         {name: "hello", elements: "*"},
                         {name: "world", elements: "*"}
                     ]})
     });
   assert_equals(d.innerHTML, `<b hello="1" world=""></b>`);
 }, "Unknown attribute names pass with allowUnknownMarkup.");
 </script>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	</head>
	<body>
	<script>
	test(t => {
	d = document.createElement("div")
	d.setHTML("<hello><world>",
	{ sanitizer: new Sanitizer({allowElements: ["hello", "world"]}) });
	assert_equals(d.innerHTML, "");
	}, "Unknown element names get blocked without allowUnknownMarkup.");

	test(t => {
	d = document.createElement("div")
	d.setHTML("<hello><world>",
	{ sanitizer: new Sanitizer({allowUnknownMarkup: true,
	allowElements: ["hello", "world"]}) });
	assert_equals(d.innerHTML, "<hello><world></world></hello>");
	}, "Unknown element names pass with allowUnknownMarkup.");

	test(t => {
	d = document.createElement("div")
	d.setHTML("<b hello='1' world>", { sanitizer:
	new Sanitizer({allowAttributes: [{name: "hello", elements: "*"},
	{name: "world", elements: "*"}]}) });
	assert_equals(d.innerHTML, "<b></b>");
	}, "Unknown attributes names get blocked without allowUnknownMarkup.");

	test(t => {
	d = document.createElement("div")
	d.setHTML("<b hello='1' world>", { sanitizer:
	new Sanitizer({allowUnknownMarkup: true,
	allowAttributes: [
	{name: "hello", elements: "*"},
	{name: "world", elements: "*"}
	]})
	});
	assert_equals(d.innerHTML, `<b hello="1" world=""></b>`);
	}, "Unknown attribute names pass with allowUnknownMarkup.");
	</script>
	</body>
	</html>