async-navigator-clipboard-read-sanitize.https.html (1566B)
1 <!doctype html> 2 <meta charset="utf-8"> 3 <title>Async Clipboard.read() should sanitize text/html</title> 4 <link rel="help" href="https://w3c.github.io/clipboard-apis/#dom-clipboard-read"> 5 <link rel="help" href="https://bugs.chromium.org/p/chromium/issues/detail?id=1315563"> 6 <script src="/resources/testharness.js"></script> 7 <script src="/resources/testharnessreport.js"></script> 8 <script src="/resources/testdriver.js"></script> 9 <script src="/resources/testdriver-vendor.js"></script> 10 <script src="resources/user-activation.js"></script> 11 12 <body>Body needed for test_driver.click() 13 <p><button id="button">Put payload in the clipboard</button></p> 14 <div id="output"></div> 15 16 <script> 17 let testFailed = false; 18 function fail() { 19 testFailed = true; 20 } 21 22 button.onclick = () => document.execCommand('copy'); 23 document.oncopy = ev => { 24 ev.preventDefault(); 25 ev.clipboardData.setData( 26 'text/html', 27 `<form><math><mtext></form><form><mglyph><xmp></math><img src=invalid onerror=fail()></xmp>`); 28 }; 29 30 promise_test(async test => { 31 await tryGrantReadPermission(); 32 await test_driver.click(button); 33 34 await waitForUserActivation(); 35 const items = await navigator.clipboard.read(); 36 const htmlBlob = await items[0].getType("text/html"); 37 const html = await htmlBlob.text(); 38 39 // This inserts an image with `onerror` handler if `html` is not properly sanitized 40 output.innerHTML = html; 41 42 // Allow the 'error' event to be dispatched asynchronously 43 await new Promise(resolve => test.step_timeout(resolve, 100)); 44 45 assert_false(testFailed); 46 }); 47 </script> 48 </body>