| OLD | NEW |
|---|
| 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 /// This tests HTML validation and sanitization, which is very important | 5 /// This tests HTML validation and sanitization, which is very important |
| 6 /// for prevent XSS or other attacks. If you suppress this, or parts of it | 6 /// for prevent XSS or other attacks. If you suppress this, or parts of it |
| 7 /// please make it a critical bug and bring it to the attention of the | 7 /// please make it a critical bug and bring it to the attention of the |
| 8 /// dart:html maintainers. | 8 /// dart:html maintainers. |
| 9 library node_validator_test; | 9 library node_validator_test; |
| 10 | 10 |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 130 | 130 |
| 131 var fragment = document.body.createFragment(html, validator: validator); | 131 var fragment = document.body.createFragment(html, validator: validator); |
| 132 var template = fragment.nodes.single; | 132 var template = fragment.nodes.single; |
| 133 | 133 |
| 134 var expectedContent = document.body.createFragment( | 134 var expectedContent = document.body.createFragment( |
| 135 '<div></div>' | 135 '<div></div>' |
| 136 '<img/>'); | 136 '<img/>'); |
| 137 | 137 |
| 138 validateNodeTree(template.content, expectedContent); | 138 validateNodeTree(template.content, expectedContent); |
| 139 }); | 139 }); |
| 140 |
| 141 test("appendHtml is sanitized", () { |
| 142 var html = '<body background="s"></body><div></div>'; |
| 143 document.body.appendHtml('<div id="stuff"></div>'); |
| 144 var stuff = document.querySelector("#stuff"); |
| 145 stuff.appendHtml(html); |
| 146 expect(stuff.childNodes.length, 1); |
| 147 stuff.remove(); |
| 148 }); |
| 149 |
| 150 test("documentFragment.appendHtml is sanitized", () { |
| 151 var html = '<div id="things></div>'; |
| 152 var fragment = new DocumentFragment.html(html); |
| 153 fragment.appendHtml('<div id="bad"><script></script></div>'); |
| 154 expect(fragment.childNodes.length, 1); |
| 155 expect(fragment.childNodes[0].id, "bad"); |
| 156 expect(fragment.childNodes[0].childNodes.length, 0); |
| 157 }); |
| 140 }); | 158 }); |
| 141 | 159 |
| 142 group('URI_sanitization', () { | 160 group('URI_sanitization', () { |
| 143 var recorder = new RecordingUriValidator(); | 161 var recorder = new RecordingUriValidator(); |
| 144 var validator = new NodeValidatorBuilder()..allowHtml5(uriPolicy: recorder); | 162 var validator = new NodeValidatorBuilder()..allowHtml5(uriPolicy: recorder); |
| 145 | 163 |
| 146 checkUriPolicyCalls(String name, String html, String reference, | 164 checkUriPolicyCalls(String name, String html, String reference, |
| 147 List<String> expectedCalls) { | 165 List<String> expectedCalls) { |
| 148 | 166 |
| 149 test(name, () { | 167 test(name, () { |
| (...skipping 360 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 510 validator, | 528 validator, |
| 511 "<form onmouseover='alert(2)'><input name='tagName'>", | 529 "<form onmouseover='alert(2)'><input name='tagName'>", |
| 512 ""); | 530 ""); |
| 513 | 531 |
| 514 testHtml('tagName without mouseover', | 532 testHtml('tagName without mouseover', |
| 515 validator, | 533 validator, |
| 516 "<form><input name='tagName'>", | 534 "<form><input name='tagName'>", |
| 517 ""); | 535 ""); |
| 518 }); | 536 }); |
| 519 } | 537 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1123173003:
Another try at appendHtml and insertAdjacentHtml should be consistently sanitized (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart