test_input_typing_sanitization.html (4786B)
1 <!DOCTYPE HTML> 2 <html> 3 <!-- 4 https://bugzilla.mozilla.org/show_bug.cgi?id=765772 5 --> 6 <head> 7 <title>Test for Bug 765772</title> 8 <script src="/tests/SimpleTest/SimpleTest.js"></script> 9 <script src="/tests/SimpleTest/EventUtils.js"></script> 10 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> 11 </head> 12 <body> 13 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=">Mozilla Bug 765772</a> 14 <p id="display"></p> 15 <iframe name="submit_frame" style="visibility: hidden;"></iframe> 16 <div id="content"> 17 <form id='f' target="submit_frame" action="foo"> 18 <input name=i id="i" step='any' > 19 </form> 20 </div> 21 <pre id="test"> 22 <script> 23 24 /* 25 * This test checks that when a user types in some input types, it will not be 26 * in a state where the value will be un-sanitized and usable (by a script). 27 */ 28 29 var input = document.getElementById('i'); 30 var form = document.getElementById('f'); 31 var submitFrame = document.getElementsByTagName('iframe')[0]; 32 var testData = []; 33 var gCurrentTest = null; 34 var gValidData = []; 35 var gInvalidData = []; 36 37 function submitForm() { 38 form.submit(); 39 } 40 41 function sendKeyEventToSubmitForm() { 42 sendKey("return"); 43 } 44 45 function urlify(aStr) { 46 return aStr.replace(/:/g, '%3A'); 47 } 48 49 function runTestsForNextInputType() 50 { 51 let {done} = testRunner.next(); 52 if (done) { 53 SimpleTest.finish(); 54 } 55 } 56 57 function checkValueSubmittedIsValid() 58 { 59 is(frames.submit_frame.location.href, 60 `${location.origin}/tests/dom/html/test/forms/foo?i=${urlify(gValidData[valueIndex++])}`, 61 "The submitted value should not have been sanitized"); 62 63 input.value = ""; 64 65 if (valueIndex >= gValidData.length) { 66 if (gCurrentTest.canHaveBadInputValidityState) { 67 // Don't run the submission tests on the invalid input if submission 68 // will be blocked by invalid input. 69 runTestsForNextInputType(); 70 return; 71 } 72 valueIndex = 0; 73 submitFrame.onload = checkValueSubmittedIsInvalid; 74 testData = gInvalidData; 75 } 76 testSubmissions(); 77 } 78 79 function checkValueSubmittedIsInvalid() 80 { 81 is(frames.submit_frame.location.href, 82 `${location.origin}/tests/dom/html/test/forms/foo?i=`, 83 "The submitted value should have been sanitized"); 84 85 valueIndex++; 86 input.value = ""; 87 88 if (valueIndex >= gInvalidData.length) { 89 if (submitMethod == sendKeyEventToSubmitForm) { 90 runTestsForNextInputType(); 91 return; 92 } 93 valueIndex = 0; 94 submitMethod = sendKeyEventToSubmitForm; 95 submitFrame.onload = checkValueSubmittedIsValid; 96 testData = gValidData; 97 } 98 testSubmissions(); 99 } 100 101 function testSubmissions() { 102 input.focus(); 103 sendString(testData[valueIndex]); 104 submitMethod(); 105 } 106 107 var valueIndex = 0; 108 var submitMethod = submitForm; 109 110 SimpleTest.waitForExplicitFinish(); 111 112 function* runTest() 113 { 114 SimpleTest.requestLongerTimeout(4); 115 116 var data = [ 117 { 118 type: 'number', 119 canHaveBadInputValidityState: true, 120 validData: [ 121 "42", 122 "-42", // should work for negative values 123 "42.1234", 124 "123.123456789123", // double precision 125 "1e2", // e should be usable 126 "2e1", 127 "1e-1", // value after e can be negative 128 "1E2", // E can be used instead of e 129 ], 130 invalidData: [ 131 "e", 132 "e2", 133 "1e0.1", 134 "foo", 135 "42,13", // comma can't be used as a decimal separator 136 ] 137 }, 138 { 139 type: 'month', 140 validData: [ 141 '0001-01', 142 '2012-12', 143 '100000-01', 144 ], 145 invalidData: [ 146 '1-01', 147 '-', 148 'december', 149 '2012-dec', 150 '2012/12', 151 '2012-99', 152 '2012-1', 153 ] 154 }, 155 { 156 type: 'week', 157 validData: [ 158 '0001-W01', 159 '1970-W53', 160 '100000-W52', 161 '2016-W30', 162 ], 163 invalidData: [ 164 '1-W01', 165 'week', 166 '2016-30', 167 '2010-W80', 168 '2000/W30', 169 '1985-W00', 170 '1000-W' 171 ] 172 }, 173 ]; 174 175 for (test of data) { 176 gCurrentTest = test; 177 178 input.type = test.type; 179 gValidData = test.validData; 180 gInvalidData = test.invalidData; 181 182 for (data of gValidData) { 183 input.value = ""; 184 input.focus(); 185 sendString(data); 186 input.blur(); 187 is(input.value, data, "valid user input should not be sanitized"); 188 } 189 190 for (data of gInvalidData) { 191 input.value = ""; 192 input.focus(); 193 sendString(data); 194 input.blur(); 195 is(input.value, "", "invalid user input should be sanitized"); 196 } 197 198 input.value = ''; 199 200 testData = gValidData; 201 valueIndex = 0; 202 submitFrame.onload = checkValueSubmittedIsValid; 203 testSubmissions(); 204 yield undefined; 205 } 206 } 207 208 var testRunner = runTest(); 209 210 addLoadEvent(function () { 211 testRunner.next(); 212 }); 213 214 </script> 215 </pre> 216 </body> 217 </html>