| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="support/testcases.sub.js"></script> |
| </head> |
| <body> |
| <script> |
| function buildNode(element_name, markup) { |
| const e = document.createElement(element_name); |
| e.innerHTML = markup; |
| return e; |
| } |
| |
| function assert_node_equals(node1, node2) { |
| assert_equals(node2.innerHTML, node1.innerHTML); |
| assert_true(node1.isEqualNode(node2), |
| `Node[${node1.innerHTML}] == Node[${node2.innerHTML}]`); |
| // TODO(https://github.com/WICG/sanitizer-api/issues/202) |
| /* |
| if (node1 instanceof HTMLTemplateElement) { |
| assert_true(node1.content.isEqualNode(node2.content), "<template> content is equal"); |
| } |
| */ |
| } |
| |
| for (const context of ["script", "iframe", "object", "div"]) { |
| const should_fail = context != "div"; |
| test(t => { |
| let elem = document.createElement(context); |
| let probe_fn = _ => elem.setHTML("<div>Hello!</div>"); |
| if (should_fail) { |
| assert_throws_js(TypeError, probe_fn); |
| } else { |
| probe_fn(); |
| } |
| assert_equals(should_fail, !elem.firstChild); |
| }, `${context}.setHTML should ${should_fail ? "fail" : "pass"}.`); |
| } |
| |
| for (const context of ["div", "template", "table"]) { |
| const elem1 = document.createElement(context); |
| const elem2 = document.createElement(context); |
| for (const probe of ["<em>Hello</em>", "<td>data</td>"]) { |
| elem1.setHTML(probe, {}); |
| elem2.innerHTML = probe; |
| test(t => { |
| assert_node_equals(elem2, elem1); |
| }, `Sanitizer: <${context}>.setHTML("${probe}", ...) obeys parse context.`); |
| } |
| } |
| |
| for (const testcase of testcases) { |
| const element = document.createElement("template"); |
| test(t => { |
| element.setHTML(testcase.value, {sanitizer: testcase.config_input }); |
| assert_node_equals(buildNode(element.localName, testcase.result), element); |
| }, "Sanitizer: Element.setHTML with config: " + testcase.message); |
| } |
| |
| [ |
| undefined, |
| {}, |
| { sanitizer: {} }, |
| { sanitizer: undefined }, |
| { avocado: {} }, |
| ].forEach((options, index) => { |
| test(t => { |
| const e = document.createElement("div"); |
| e.setHTML("<em>bla</em><script>bla<" + "/script>", options); |
| assert_equals(e.innerHTML, "<em>bla</em>"); |
| }, `Sanitizer: Element.setHTML options dictionary #${index} uses default.`); |
| }); |
| |
| [ |
| "tomato", |
| { sanitizer: false }, |
| { sanitizer: "avocado" }, |
| ].forEach((options, index) => { |
| test(t => { |
| assert_throws_js(TypeError, _ => { |
| document.createElement("div").setHTML("bla", options); |
| }); |
| }, `Sanitizer: Element.setHTML invalid options dictionary #${index}`); |
| }); |
| </script> |
| </body> |
| </html> |