tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_fragment_sanitization.xhtml (2966B)

      1 <?xml version="1.0"?>
      2 <?xml-stylesheet type="text/css" href="chrome://global/skin"?>
      3 <?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
      4 <!--
      5 https://bugzilla.mozilla.org/show_bug.cgi?id=1432966
      6 -->
      7 <window title="Mozilla Bug 1432966"
      8        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
      9  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
     10 
     11  <script type="application/javascript"><![CDATA[
     12 
     13 const NS_HTML = "http://www.w3.org/1999/xhtml";
     14 
     15 function awaitLoad(frame) {
     16  return new Promise(resolve => {
     17    frame.addEventListener("load", resolve, {once: true});
     18  });
     19 }
     20 
     21 async function testFrame(frame, html, expected = html) {
     22  document.querySelector("body").appendChild(frame);
     23  await awaitLoad(frame);
     24 
     25  // Remove the xmlns attributes that will be automatically added when we're
     26  // in an XML document, and break the comparison.
     27  function unNS(text) {
     28    return text.replace(RegExp(` xmlns="${NS_HTML}"`, "g"), "");
     29  }
     30 
     31  let doc = frame.contentDocument;
     32  let body = doc.body || doc.documentElement;
     33 
     34  let div = doc.createElementNS(NS_HTML, "div");
     35  body.appendChild(div);
     36 
     37  div.innerHTML = html;
     38  is(unNS(div.innerHTML), expected, "innerHTML value");
     39 
     40  div.innerHTML = "<div></div>";
     41  div.firstChild.outerHTML = html;
     42  is(unNS(div.innerHTML), expected, "outerHTML value");
     43 
     44  div.textContent = "";
     45  div.insertAdjacentHTML("beforeend", html);
     46  is(unNS(div.innerHTML), expected, "insertAdjacentHTML('beforeend') value");
     47 
     48  div.innerHTML = "<a>foo</a>";
     49  div.firstChild.insertAdjacentHTML("afterend", html);
     50  is(unNS(div.innerHTML), "<a>foo</a>" + expected, "insertAdjacentHTML('afterend') value");
     51 
     52  frame.remove();
     53 }
     54 
     55 add_task(async function test_fragment_sanitization() {
     56  const XUL_URL = "chrome://global/content/win.xhtml";
     57  const HTML_URL = "chrome://mochitests/content/chrome/dom/base/test/file_empty.html";
     58 
     59  const HTML = '<a onclick="foo()" href="javascript:foo"><script>bar()<\/script>Meh.</a><a href="http://foo/"></a>';
     60  const SANITIZED = '<a>Meh.</a><a href="http://foo/"></a>';
     61 
     62  info("Test content HTML document");
     63  {
     64    let frame = document.createElementNS(NS_HTML, "iframe");
     65    frame.src = "http://example.com/";
     66 
     67    await testFrame(frame, HTML);
     68  }
     69 
     70  info("Test chrome HTML document");
     71  {
     72    let frame = document.createElementNS(NS_HTML, "iframe");
     73    frame.src = HTML_URL;
     74 
     75    await testFrame(frame, HTML, SANITIZED);
     76  }
     77 
     78  info("Test chrome XUL document");
     79  {
     80    let frame = document.createElementNS(NS_HTML, "iframe");
     81    frame.src = XUL_URL;
     82 
     83    await testFrame(frame, HTML, SANITIZED);
     84  }
     85 });
     86 
     87  ]]></script>
     88 
     89  <description style="-moz-user-focus: normal; user-select: text;"><![CDATA[
     90    hello
     91    world
     92  ]]></description>
     93 
     94  <body xmlns="http://www.w3.org/1999/xhtml">
     95    <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1432966"
     96       target="_blank">Mozilla Bug 1432966</a>
     97  </body>
     98 </window>