sanitizer-unknown.tentative.html (1158B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 </head> 7 <body> 8 <script> 9 test(t => { 10 d = document.createElement("div") 11 d.setHTML("<hello><world>", 12 { sanitizer: { elements: ["b", "em"] } }); 13 assert_equals(d.innerHTML, ""); 14 }, "Unknown element names get blocked without being allowed."); 15 16 test(t => { 17 d = document.createElement("div") 18 d.setHTML("<hello><world>", 19 { sanitizer: { elements: ["hello", "world"] } }); 20 assert_equals(d.innerHTML, "<hello><world></world></hello>"); 21 }, "Unknown element names pass when allowed."); 22 23 test(t => { 24 d = document.createElement("div") 25 d.setHTML("<b hello='1' world>", 26 { sanitizer: { attributes: ["name", "href"] } }); 27 assert_equals(d.innerHTML, "<b></b>"); 28 }, "Unknown attributes names get blocked without being allowed."); 29 30 test(t => { 31 d = document.createElement("div") 32 d.setHTML("<b hello='1' world>", 33 { sanitizer: { attributes: ["hello", "world"] } }); 34 assert_equals(d.innerHTML, `<b hello="1" world=""></b>`); 35 }, "Unknown attribute names pass when allowed."); 36 </script> 37 </body> 38 </html>