LayoutTests/fast/innerHTML/javascript-url.html - Issue 1031783002: Escape '&' in javascript URLs for innerHTML/outerHTML

Side by Side Diff: LayoutTests/fast/innerHTML/javascript-url.html

Issue 1031783002: Escape '&' in javascript URLs for innerHTML/outerHTML (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	1 <!DOCTYPE html>

1 <head>	2 <head>
	fs 2015/03/24 10:20:11 You can drop <head></head> You can drop <head></head> Abhijeet Kandalkar Slow 2015/03/24 14:20:36 Done. Show quoted text On 2015/03/24 10:20:11, fs wrote: > You can drop <head></head> Done.
	3 <script src="../../resources/js-test.js"></script>

	4 </head>

	5 <body>

	6 Test that innerHTML/outerHTML does not mangle javascript: urls.

	7 <div id=console></div>

	8 <div id=jsurltest><a href='javascript:test(&37;3C!--D--&37;3E)'>link</a></div>

2 <script>	9 <script>

3 if (window.testRunner)	10 if (window.testRunner)
	fs 2015/03/24 10:20:11 You can drop this too (js-test.js should do this f You can drop this too (js-test.js should do this for you.) Abhijeet Kandalkar Slow 2015/03/24 14:20:36 Done. Show quoted text On 2015/03/24 10:20:11, fs wrote: > You can drop this too (js-test.js should do this for you.) Done.
4 testRunner.dumpAsText();	11 testRunner.dumpAsText();

5

6 function print(message, color)

7 {

8 var paragraph = document.createElement("div");

9 paragraph.appendChild(document.createTextNode(message));

10 paragraph.style.fontFamily = "monospace";

11 if (color)

12 paragraph.style.color = color;

13 document.getElementById("console").appendChild(paragraph);

14 }

15	12

16 function run(a)	13 var r = document.getElementById('jsurltest');

17 {

18 print(a);

19 try {

20 eval(a);

21 } catch(e) {

22 print(e);

23 }

24 }

25	14

26 function shouldBe(a, b)	15 r.innerHTML = r.innerHTML.replace('&37;3C!--D--&37;3E', 123);

27 {	16 shouldBeEqualToString('r.innerHTML', '<a href="javascript:test(123)">link</a>');

28 var evalA;	17

29 try {	18 r.firstChild.setAttribute('href', 'javascript:test(\"text<\")');

30 evalA = eval(a);	19 shouldBeEqualToString("r.innerHTML", '<a href=\'javascript:test("text<")\'>link< /a>');

31 } catch(e) {	20

32 evalA = e;	21 r.firstChild.setAttribute("href", "javascript:test(\'text>\')");

33 }	22 shouldBeEqualToString("r.innerHTML", '<a href="javascript:test(\'text>\')">link< /a>');

34	23

35 if (evalA == b)

36 print("PASS: " + a + " should be " + b + " and is.", "green");

37 else

38 print("FAIL: " + a + " should be " + b + " but instead is " + evalA + ". ", "red");

39 }

40 </script>

41 </head>

42 <body>

43 Test that innerHTML does not mangle javascript: urls.

44 <div id=console></div>

45 <div id=jsurltest><a href='

46 javascript:test(&37;3C!--D--&37;3E)'>link</a></div>

47 <script>

48 var r = document.getElementById('jsurltest');

49 run("r.innerHTML = r.innerHTML.replace(/&37;3C!--D--&37;3E/g, 123)");

50 shouldBe("r.innerHTML.indexOf('javascript:test(123)') > -1", true);

51 run("r.firstChild.setAttribute('href', 'javascript:test(\"text<\")')");

52 shouldBe("r.innerHTML.indexOf('javascript:test(\"text<\")') > -1", true);

53 run('r.firstChild.setAttribute("href", "javascript:test(\'text>\')")');

54 shouldBe('r.innerHTML.indexOf("javascript:test(\'text>\')") > -1', true);

55 testString = 'javascript:test(\'text&\',"test2&")';	24 testString = 'javascript:test(\'text&\',"test2&")';

56 print("testString = " + testString);	25 r.firstChild.setAttribute("href", testString);

57 run('r.firstChild.setAttribute("href", testString)');	26 shouldBeEqualToString("r.innerHTML", '<a href="javascript:test(\'text&\',&qu ot;test2&")">link</a>');

58 shouldBe('r.innerHTML.indexOf("javascript:test(\'text&\',"test2&")") > 1', true);

59	27

60 run("r.firstChild.setAttribute('href', 'http://www.google.fi/search?q=scarlett j ohansson&meta=&btnG=Google-haku')");	28 r.firstChild.href = "javascript:window.location='?x&y'";

	29 shouldBeEqualToString("r.firstChild.outerHTML", '<a href="javascript:window.loca tion=\'?x&y\'">link</a>');

	30

	31 r.firstChild.setAttribute('href', 'http://www.google.fi/search?q=scarlett johans son&meta=&btnG=Google-haku');

61 print(r.innerHTML);	32 print(r.innerHTML);
	fs 2015/03/24 10:20:11 Convert this to a proper "assertion" too? Convert this to a proper "assertion" too? Abhijeet Kandalkar Slow 2015/03/24 14:20:36 print(r.innerHTML); is not needed, Removed it. Show quoted text On 2015/03/24 10:20:11, fs wrote: > Convert this to a proper "assertion" too? print(r.innerHTML); is not needed, Removed it.
62 </script>	33 </script>

	34 </html>
	fs 2015/03/24 10:20:11 Drop this. Drop this. Abhijeet Kandalkar Slow 2015/03/24 14:20:36 Done. Show quoted text On 2015/03/24 10:20:11, fs wrote: > Drop this. Done.
OLD	NEW

« no previous file with comments | « no previous file | LayoutTests/fast/innerHTML/javascript-url-expected.txt » ('j') | Source/core/editing/MarkupAccumulator.h » ('J')