test_sanitize_xhr.html (1139B)
1 <!DOCTYPE html> 2 <!-- 3 https://bugzilla.mozilla.org/show_bug.cgi?id=1673164 4 --> 5 <html> 6 <head> 7 <title>Test for sanitizing with XHR-loaded owner doc</title> 8 <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script> 9 <link rel="stylesheet" 10 type="text/css" 11 href="chrome://mochikit/content/tests/SimpleTest/test.css"> 12 <script type="text/javascript" src="manifest.js"></script> 13 </head> 14 <body> 15 <pre id="test"> 16 <script class="testbody" type="text/javascript"> 17 18 var url = "http://mochi.test:8888/chrome/dom/base/test/file_empty.html" 19 var req = new XMLHttpRequest(); 20 req.open("GET", url, false); 21 req.overrideMimeType("text/xml"); 22 req.send(null); 23 var doc = req.responseXML; 24 var pu = Cc["@mozilla.org/parserutils;1"].createInstance(Ci.nsIParserUtils); 25 var flags = pu.SanitizerDropForms | pu.SanitizerDropMedia; 26 var uri = SpecialPowers.Services.io.newURI(url); 27 var context = doc.createElement("div"); 28 var fragment = pu.parseFragment("<form><img onerror=alert(1)><p></p></form>", flags, false, uri, context); 29 30 is(fragment.firstChild.localName, "p", "Should have only p."); 31 32 </script> 33 </pre> 34 </body> 35 </html>