sanitizer-boolean-defaults.tentative.html (3565B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Test boolean defaults in config per PR #254</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 </head> 8 <body> 9 <script> 10 // Test cases extracted from : https://github.com/WICG/sanitizer-api/pull/254 11 // 12 // These are somewhat redundant with tests in sanitizer-config.tentative.html, 13 // so maybe we can long-term merge them together. 14 15 // Comments. 16 test(t => { 17 function try_unsafe(config) { 18 const div = document.createElement("div"); 19 div.setHTMLUnsafe("<!--bla-->", config) 20 return div.innerHTML.includes("<!--"); 21 } 22 function try_safe(config) { 23 const div = document.createElement("div"); 24 div.setHTML("<!--bla-->", config) 25 return div.innerHTML.includes("<!--"); 26 } 27 28 // Parameter-less constructor. 29 assert_false(new Sanitizer().get().comments); 30 assert_true(try_unsafe()); 31 assert_false(try_safe()); 32 33 // Constructed from empty dictionary. 34 assert_true(new Sanitizer({}).get().comments); 35 assert_true(try_unsafe({sanitizer:{}})); 36 assert_false(try_safe({sanitizer:{}})); 37 38 // Explicitly set to true. 39 assert_true(new Sanitizer({comments: true}).get().comments); 40 assert_true(try_unsafe({sanitizer:{comments:true}})); 41 assert_true(try_safe({sanitizer:{comments:true}})); 42 43 // Explicitly set to false. 44 assert_false(new Sanitizer({comments: false}).get().comments); 45 assert_false(try_unsafe({sanitizer:{comments:false}})); 46 assert_false(try_safe({sanitizer:{comments:false}})); 47 }, "comments"); 48 49 // Data Attributes: 50 test(t => { 51 function try_unsafe(config) { 52 const div = document.createElement("div"); 53 div.setHTMLUnsafe("<div data-foo='bar'>", config) 54 return div.innerHTML.includes("data-foo"); 55 } 56 function try_safe(config) { 57 const div = document.createElement("div"); 58 div.setHTML("<div data-foo='bar'>", config) 59 return div.innerHTML.includes("data-foo"); 60 } 61 62 // Parameter-less constructor. 63 assert_false(new Sanitizer().get().dataAttributes); 64 assert_true(try_unsafe()); 65 assert_false(try_safe()); 66 67 // Constructed from empty dictionary: Canonicalization removes dataAttributes. 68 assert_equals(undefined, new Sanitizer({}).get().dataAttributes); 69 assert_true(try_unsafe({sanitizer:{}})); 70 assert_true(try_safe({sanitizer:{}})); 71 72 // Explicitly set to true. 73 const dataAttributes_is_true = {attributes:[], dataAttributes: true}; 74 assert_true(new Sanitizer(dataAttributes_is_true).get().dataAttributes); 75 assert_true(try_unsafe({sanitizer:dataAttributes_is_true})); 76 assert_true(try_safe({sanitizer:dataAttributes_is_true})); 77 78 // Explicitly set to false. 79 const dataAttributes_is_false = {attributes:[], dataAttributes: false}; 80 assert_false(new Sanitizer(dataAttributes_is_false).get().dataAttributes); 81 assert_false(try_unsafe({sanitizer:dataAttributes_is_false})); 82 assert_false(try_safe({sanitizer:dataAttributes_is_false})); 83 84 // dataAttributes not set. 85 // (This case is different from the "empty dictionary" case above, because 86 // constructing from an empty dictionary adds a removeAttributes key and thus 87 // dataAttributes is removed, too. But this case has an explicit attributes 88 // key and thus dataAttributes should be added by the canonicalization.) 89 const dataAttributes_is_not_set = {attributes:[]}; 90 assert_true(new Sanitizer(dataAttributes_is_not_set).get().dataAttributes); 91 assert_true(try_unsafe({sanitizer:dataAttributes_is_not_set})); 92 assert_false(try_safe({sanitizer:dataAttributes_is_not_set})); 93 }, "data attributes"); 94 95 </script> 96 </body> 97 </html>