OLD | NEW |
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 /// This tests HTML validation and sanitization, which is very important | 5 /// This tests HTML validation and sanitization, which is very important |
6 /// for prevent XSS or other attacks. If you suppress this, or parts of it | 6 /// for prevent XSS or other attacks. If you suppress this, or parts of it |
7 /// please make it a critical bug and bring it to the attention of the | 7 /// please make it a critical bug and bring it to the attention of the |
8 /// dart:html maintainers. | 8 /// dart:html maintainers. |
9 library node_validator_test; | 9 library node_validator_test; |
10 | 10 |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
130 | 130 |
131 var fragment = document.body.createFragment(html, validator: validator); | 131 var fragment = document.body.createFragment(html, validator: validator); |
132 var template = fragment.nodes.single; | 132 var template = fragment.nodes.single; |
133 | 133 |
134 var expectedContent = document.body.createFragment( | 134 var expectedContent = document.body.createFragment( |
135 '<div></div>' | 135 '<div></div>' |
136 '<img/>'); | 136 '<img/>'); |
137 | 137 |
138 validateNodeTree(template.content, expectedContent); | 138 validateNodeTree(template.content, expectedContent); |
139 }); | 139 }); |
140 | |
141 test("appendHtml is sanitized", () { | |
142 var html = '<body background="s"></body><div></div>'; | |
143 document.body.appendHtml('<div id="stuff"></div>'); | |
144 var stuff = document.querySelector("#stuff"); | |
145 stuff.appendHtml(html); | |
146 expect(stuff.childNodes.length, 1); | |
147 stuff.remove(); | |
148 }); | |
149 | |
150 test("documentFragment.appendHtml is sanitized", () { | |
151 var html = '<div id="things></div>'; | |
152 var fragment = new DocumentFragment.html(html); | |
153 fragment.appendHtml('<div id="bad"><script></script></div>'); | |
154 expect(fragment.childNodes.length, 1); | |
155 expect(fragment.childNodes[0].id, "bad"); | |
156 expect(fragment.childNodes[0].childNodes.length, 0); | |
157 }); | |
158 }); | 140 }); |
159 | 141 |
160 group('URI_sanitization', () { | 142 group('URI_sanitization', () { |
161 var recorder = new RecordingUriValidator(); | 143 var recorder = new RecordingUriValidator(); |
162 var validator = new NodeValidatorBuilder()..allowHtml5(uriPolicy: recorder); | 144 var validator = new NodeValidatorBuilder()..allowHtml5(uriPolicy: recorder); |
163 | 145 |
164 checkUriPolicyCalls(String name, String html, String reference, | 146 checkUriPolicyCalls(String name, String html, String reference, |
165 List<String> expectedCalls) { | 147 List<String> expectedCalls) { |
166 | 148 |
167 test(name, () { | 149 test(name, () { |
(...skipping 360 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
528 validator, | 510 validator, |
529 "<form onmouseover='alert(2)'><input name='tagName'>", | 511 "<form onmouseover='alert(2)'><input name='tagName'>", |
530 ""); | 512 ""); |
531 | 513 |
532 testHtml('tagName without mouseover', | 514 testHtml('tagName without mouseover', |
533 validator, | 515 validator, |
534 "<form><input name='tagName'>", | 516 "<form><input name='tagName'>", |
535 ""); | 517 ""); |
536 }); | 518 }); |
537 } | 519 } |
OLD | NEW |