| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| </head> |
| |
| <body> |
| <script> |
| test(t => { |
| let s = new Sanitizer(); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator without config."); |
| |
| test(t => { |
| let s = new Sanitizer({}); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator with empty config."); |
| |
| test(t => { |
| let s = new Sanitizer(null); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator with null as config."); |
| |
| test(t => { |
| let s = new Sanitizer(undefined); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator with undefined as config."); |
| |
| test(t => { |
| let s = new Sanitizer({testConfig: [1,2,3], attr: ["test", "i", "am"]}); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator with config ignore unknown values."); |
| |
| // In-depth testing of sanitization is handled in other tests. Here we |
| // do presence testing for each of the config options and test 3 things: |
| // - One case where our test string is modified, |
| // - one where it's unaffected, |
| // - that a config can't be changed afterwards. |
| // (I.e., that the Sanitizer won't hold on to a reference of the options.) |
| |
| // The probe determines whether the Sanitizer modifies the probe string. |
| const probe_string = "<div id=\"i\">balabala</div><p>test</p>"; |
| const probe = sanitizer => { |
| let template = document.createElement("template"); |
| template.innerHTML = probe_string; |
| let fragment = sanitizer.sanitize(template.content); |
| let div = document.createElement("div"); |
| div.append(fragment); |
| return probe_string == div.innerHTML; |
| }; |
| |
| const should_stay_the_same = { |
| elements: [ "div", "p" ], |
| replaceWithChildrenElements: [ "test" ], |
| removeElements: [ "test" ], |
| attributes: ["id"], |
| removeAttributes: ["bla"], |
| }; |
| const should_modify = { |
| elements: [ "div", "span" ], |
| replaceWithChildrenElements: [ "div" ], |
| removeElements: [ "p" ], |
| attributes: ["test"], |
| removeAttributes: ["id"], |
| }; |
| |
| assert_array_equals(Object.keys(should_stay_the_same), Object.keys(should_modify)); |
| Object.keys(should_stay_the_same).forEach(option_key => { |
| test(t => { |
| const options = {}; |
| options[option_key] = should_stay_the_same[option_key]; |
| const s = new Sanitizer(options); |
| assert_true(s instanceof Sanitizer); |
| assert_true(probe(s)); |
| }, `SanitizerAPI: ${option_key} stays is okay.`); |
| |
| const options = {}; |
| options[option_key] = should_modify[option_key]; |
| const s = new Sanitizer(options); |
| test(t => { |
| assert_true(s instanceof Sanitizer); |
| assert_false(probe(s)); |
| }, `SanitizerAPI: ${option_key} modify is okay.`); |
| |
| options[option_key] = should_stay_the_same[option_key]; |
| test(t => { |
| assert_false(probe(s)); |
| }, `SanitizerAPI: ${option_key} config is not kept as reference.`); |
| }); |
| </script> |
| </body> |
| </html> |