tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

async-html-script-removal.https.html (2562B)

      1 <!doctype html>
      2 <meta charset="utf-8">
      3 <title>
      4  Async Clipboard write ([text/html ClipboardItem]) -> readHtml (and remove scripts) tests
      5 </title>
      6 <link rel="help" href="https://w3c.github.io/clipboard-apis/#async-clipboard-api">
      7 <body>Body needed for test_driver.click()</body>
      8 <script src="/resources/testharness.js"></script>
      9 <script src="/resources/testharnessreport.js"></script>
     10 <script src="/resources/testdriver.js"></script>
     11 <script src="/resources/testdriver-vendor.js"></script>
     12 <script src="resources/user-activation.js"></script>
     13 <script>
     14 'use strict';
     15 // This function removes extra spaces between tags in html. For example, the
     16 // following html: "<p> Hello </p>   <body> World </body>" would turn into this
     17 //           html: "<p> Hello </p> <body> World </body>"
     18 // We remove the extra spaces because in html they are considered equivalent,
     19 // but when we are comparing for equality the spaces make a difference.
     20 function reformatHtml(html) {
     21  const parser = new DOMParser();
     22  const htmlString =
     23    parser.parseFromString(html, 'text/html').documentElement.innerHTML;
     24  const reformattedString = htmlString.replace(/\>\s*\</g, '> <');
     25  return reformattedString;
     26 }
     27 
     28 // The string must be concatenated in this way because the html parser
     29 // will recognize a script tag even in quotes as a real script tag. By
     30 // splitting it up in this way we avoid that error.
     31 const html_with_script =
     32  '<title>Title of the document</title> <script>const a = 5;</scr'
     33  + 'ipt> <p>Hello World</p>';
     34 const html_script =
     35  '<script>const a = 5;</scr'
     36  + 'ipt>';
     37 promise_test(async t => {
     38  await tryGrantReadPermission();
     39  await tryGrantWritePermission();
     40  const blobInput = new Blob([html_with_script], {type: 'text/html'});
     41  const clipboardItem = new ClipboardItem({'text/html': blobInput});
     42  await waitForUserActivation();
     43  await navigator.clipboard.write([clipboardItem]);
     44  await waitForUserActivation();
     45  const clipboardItems = await navigator.clipboard.read();
     46 
     47  const html = clipboardItems[0];
     48  assert_equals(html.types.length, 1);
     49  assert_equals(html.types[0], 'text/html');
     50 
     51  const blobOutput = await html.getType('text/html');
     52  assert_equals(blobOutput.type, 'text/html');
     53 
     54  const blobText = await (new Response(blobOutput)).text();
     55 
     56  const outputHtml = reformatHtml(blobText);
     57  const html_script_no_spaces = reformatHtml(html_script);
     58  assert_true(!outputHtml.includes(html_script_no_spaces));
     59 }, 'Verify write and read clipboard with scripts removed given text/html. The string "' + html_script + '" has been removed.');
     60 </script>