innerhtml-mxss.sub.html (1641B)
1 <!DOCTYPE html> 2 <head> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 </head> 6 <body> 7 <div><a></a></div> 8 <script> 9 var whitespaces = [ 10 "1680", "2000", "2001", "2002", "2003", "2004", "2005", "2006", "2007", 11 "2008", "2009", "200a", "2028", "205f", "3000" 12 ]; 13 14 for (var i = 0; i < whitespaces.length; i++) { 15 var container = document.querySelector('a').parentNode; 16 var entity = `&#x${whitespaces[i]};`; 17 var character = String.fromCharCode(parseInt(whitespaces[i], 16)); 18 var url = encodeURIComponent(character); 19 container.innerHTML = `<a href="${entity}javascript:alert(1)">Link</a>`; 20 21 var a = document.querySelector('a'); 22 23 test(_ => { 24 assert_equals( 25 container.innerHTML, 26 `<a href="${character}javascript:alert(1)">Link</a>`); 27 }, `innerHTML before setter: ${whitespaces[i]}`); 28 test(_ => { 29 assert_equals( 30 a.href, 31 `http://{{host}}:{{ports[http][0]}}/domparsing/${url}javascript:alert(1)`); 32 }, `href before setter: ${whitespaces[i]}`); 33 34 a.parentNode.innerHTML += 'foo'; 35 a = document.querySelector('a'); 36 37 test(_ => { 38 assert_equals( 39 container.innerHTML, 40 `<a href="${character}javascript:alert(1)">Link</a>foo`); 41 }, `innerHTML after setter: ${whitespaces[i]}`); 42 test(_ => { 43 assert_equals( 44 a.href, 45 `http://{{host}}:{{ports[http][0]}}/domparsing/${url}javascript:alert(1)`); 46 }, `href after setter: ${whitespaces[i]}`); 47 } 48 </script> 49 </body>