f59d2e0faa
Automatic update from web-platform-tests [Sanitizer] Implement allowUnknownMarkup configuration option. Previously, "unknown" HTML elements and attributes were allow-able by default, that is, one could just add them to the allow lists. This now requires an explicit flag, just like custom elements. Spec Ref: https://github.com/WICG/sanitizer-api/issues/145 Spec Ref: https://github.com/WICG/sanitizer-api/pull/159 Bug: 1326827 Change-Id: I17db04b4fca3ebbdb345b8815fd99f5f0e5b3e5b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3721621 Reviewed-by: Yifan Luo <lyf@chromium.org> Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/main@{#1022110} -- wpt-commits: aebb3ba9a53b33531974a397bec29bcc7612bcea wpt-pr: 34602
80 lines
2.9 KiB
HTML
80 lines
2.9 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
</head>
|
|
<body>
|
|
<script>
|
|
function assert_deep_equals(obj1, obj2) {
|
|
assert_equals(typeof obj1, typeof obj2);
|
|
if (typeof obj1 == "string") {
|
|
assert_equals(obj1, obj2);
|
|
} else if (typeof obj1 == "boolean") {
|
|
assert_true(obj1 == obj2);
|
|
} else if (Array.isArray(obj1)) {
|
|
assert_equals(obj1.length, obj2.length);
|
|
assert_array_equals(obj1.sort(), obj2.sort());
|
|
} else if (typeof obj1 == "object") {
|
|
assert_array_equals(Object.keys(obj1).sort(), Object.keys(obj2).sort());
|
|
for (const k of Object.keys(obj1))
|
|
assert_deep_equals(obj1[k], obj2[k]);
|
|
}
|
|
}
|
|
|
|
test(t => {
|
|
// Quick sanity test: Test a few default values.
|
|
assert_in_array("div", Sanitizer.getDefaultConfiguration().allowElements);
|
|
assert_false(Sanitizer.getDefaultConfiguration().allowElements.includes("script"));
|
|
assert_false(Sanitizer.getDefaultConfiguration().allowElements.includes("noscript"));
|
|
|
|
assert_true("span" in Sanitizer.getDefaultConfiguration().allowAttributes);
|
|
assert_false("onclick" in Sanitizer.getDefaultConfiguration().allowAttributes);
|
|
|
|
assert_false("dropElements" in Sanitizer.getDefaultConfiguration());
|
|
assert_false("blockElements" in Sanitizer.getDefaultConfiguration());
|
|
assert_false("dropAttributes" in Sanitizer.getDefaultConfiguration());
|
|
assert_false(Sanitizer.getDefaultConfiguration().allowCustomElements);
|
|
assert_false(Sanitizer.getDefaultConfiguration().allowUnknownMarkup);
|
|
}, "SanitizerAPI getDefaultConfiguration()");
|
|
|
|
test(t => {
|
|
assert_deep_equals(Sanitizer.getDefaultConfiguration(),
|
|
new Sanitizer().getConfiguration());
|
|
}, "SanitizerAPI getConfiguration() on default created Sanitizer");
|
|
|
|
test(t => {
|
|
const configs = [{
|
|
allowElements: ["div", "span", "helloworld"],
|
|
dropElements: ["xxx"],
|
|
allowAttributes: { "class": ["*"], "color": ["span", "div"],
|
|
"onclick": ["*"] },
|
|
allowCustomElements: true,
|
|
allowUnknownMarkup: true,
|
|
},{
|
|
blockElements: ["table", "tbody", "th", "td"],
|
|
}, {
|
|
allowCustomElements: false,
|
|
}, {
|
|
allowUnknownMarkup: false,
|
|
}];
|
|
for (const config of configs)
|
|
assert_deep_equals(config, new Sanitizer(config).getConfiguration());
|
|
|
|
// Also test a mixed case variant:
|
|
const config_0_mixed = {
|
|
allowElements: ["div", "sPAn", "HelloWorld"],
|
|
dropElements: ["XXX"],
|
|
allowAttributes: { "class": ["*"], "color": ["sPAn", "div"],
|
|
"onclick": ["*"] },
|
|
allowCustomElements: true,
|
|
allowUnknownMarkup: true,
|
|
};
|
|
assert_deep_equals(config_0_mixed,
|
|
new Sanitizer(config_0_mixed).getConfiguration());
|
|
}, "SanitizerAPI getConfiguration() reflects creation config.");
|
|
|
|
</script>
|
|
</body>
|
|
</html>
|