| OLD | NEW |
|---|
| 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 /// This tests HTML validation and sanitization, which is very important | 5 /// This tests HTML validation and sanitization, which is very important |
| 6 /// for prevent XSS or other attacks. If you suppress this, or parts of it | 6 /// for prevent XSS or other attacks. If you suppress this, or parts of it |
| 7 /// please make it a critical bug and bring it to the attention of the | 7 /// please make it a critical bug and bring it to the attention of the |
| 8 /// dart:html maintainers. | 8 /// dart:html maintainers. |
| 9 library node_validator_test; | 9 library node_validator_test; |
| 10 | 10 |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 130 | 130 |
| 131 var fragment = document.body.createFragment(html, validator: validator); | 131 var fragment = document.body.createFragment(html, validator: validator); |
| 132 var template = fragment.nodes.single; | 132 var template = fragment.nodes.single; |
| 133 | 133 |
| 134 var expectedContent = document.body.createFragment( | 134 var expectedContent = document.body.createFragment( |
| 135 '<div></div>' | 135 '<div></div>' |
| 136 '<img/>'); | 136 '<img/>'); |
| 137 | 137 |
| 138 validateNodeTree(template.content, expectedContent); | 138 validateNodeTree(template.content, expectedContent); |
| 139 }); | 139 }); |
| 140 | |
| 141 test("appendHtml is sanitized", () { | |
| 142 var html = '<body background="s"></body><div></div>'; | |
| 143 document.body.appendHtml('<div id="stuff"></div>'); | |
| 144 var stuff = document.querySelector("#stuff"); | |
| 145 stuff.appendHtml(html); | |
| 146 expect(stuff.childNodes.length, 1); | |
| 147 stuff.remove(); | |
| 148 }); | |
| 149 | |
| 150 test("documentFragment.appendHtml is sanitized", () { | |
| 151 var html = '<div id="things></div>'; | |
| 152 var fragment = new DocumentFragment.html(html); | |
| 153 fragment.appendHtml('<div id="bad"><script></script></div>'); | |
| 154 expect(fragment.childNodes.length, 1); | |
| 155 expect(fragment.childNodes[0].id, "bad"); | |
| 156 expect(fragment.childNodes[0].childNodes.length, 0); | |
| 157 }); | |
| 158 }); | 140 }); |
| 159 | 141 |
| 160 group('URI_sanitization', () { | 142 group('URI_sanitization', () { |
| 161 var recorder = new RecordingUriValidator(); | 143 var recorder = new RecordingUriValidator(); |
| 162 var validator = new NodeValidatorBuilder()..allowHtml5(uriPolicy: recorder); | 144 var validator = new NodeValidatorBuilder()..allowHtml5(uriPolicy: recorder); |
| 163 | 145 |
| 164 checkUriPolicyCalls(String name, String html, String reference, | 146 checkUriPolicyCalls(String name, String html, String reference, |
| 165 List<String> expectedCalls) { | 147 List<String> expectedCalls) { |
| 166 | 148 |
| 167 test(name, () { | 149 test(name, () { |
| (...skipping 360 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 528 validator, | 510 validator, |
| 529 "<form onmouseover='alert(2)'><input name='tagName'>", | 511 "<form onmouseover='alert(2)'><input name='tagName'>", |
| 530 ""); | 512 ""); |
| 531 | 513 |
| 532 testHtml('tagName without mouseover', | 514 testHtml('tagName without mouseover', |
| 533 validator, | 515 validator, |
| 534 "<form><input name='tagName'>", | 516 "<form><input name='tagName'>", |
| 535 ""); | 517 ""); |
| 536 }); | 518 }); |
| 537 } | 519 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1097053006:
"Reverting 45351" (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart