OLD | NEW |
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 /// This tests HTML validation and sanitization, which is very important | 5 /// This tests HTML validation and sanitization, which is very important |
6 /// for prevent XSS or other attacks. If you suppress this, or parts of it | 6 /// for prevent XSS or other attacks. If you suppress this, or parts of it |
7 /// please make it a critical bug and bring it to the attention of the | 7 /// please make it a critical bug and bring it to the attention of the |
8 /// dart:html maintainers. | 8 /// dart:html maintainers. |
9 library node_validator_test; | 9 library node_validator_test; |
10 | 10 |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
130 | 130 |
131 var fragment = document.body.createFragment(html, validator: validator); | 131 var fragment = document.body.createFragment(html, validator: validator); |
132 var template = fragment.nodes.single; | 132 var template = fragment.nodes.single; |
133 | 133 |
134 var expectedContent = document.body.createFragment( | 134 var expectedContent = document.body.createFragment( |
135 '<div></div>' | 135 '<div></div>' |
136 '<img/>'); | 136 '<img/>'); |
137 | 137 |
138 validateNodeTree(template.content, expectedContent); | 138 validateNodeTree(template.content, expectedContent); |
139 }); | 139 }); |
| 140 |
| 141 test("appendHtml is sanitized", () { |
| 142 var html = '<body background="s"></body><div></div>'; |
| 143 document.body.appendHtml('<div id="stuff"></div>'); |
| 144 var stuff = document.querySelector("#stuff"); |
| 145 stuff.appendHtml(html); |
| 146 expect(stuff.childNodes.length, 1); |
| 147 stuff.remove(); |
| 148 }); |
| 149 |
| 150 test("documentFragment.appendHtml is sanitized", () { |
| 151 var html = '<div id="things></div>'; |
| 152 var fragment = new DocumentFragment.html(html); |
| 153 fragment.appendHtml('<div id="bad"><script></script></div>'); |
| 154 expect(fragment.childNodes.length, 1); |
| 155 expect(fragment.childNodes[0].id, "bad"); |
| 156 expect(fragment.childNodes[0].childNodes.length, 0); |
| 157 }); |
140 }); | 158 }); |
141 | 159 |
142 group('URI_sanitization', () { | 160 group('URI_sanitization', () { |
143 var recorder = new RecordingUriValidator(); | 161 var recorder = new RecordingUriValidator(); |
144 var validator = new NodeValidatorBuilder()..allowHtml5(uriPolicy: recorder); | 162 var validator = new NodeValidatorBuilder()..allowHtml5(uriPolicy: recorder); |
145 | 163 |
146 checkUriPolicyCalls(String name, String html, String reference, | 164 checkUriPolicyCalls(String name, String html, String reference, |
147 List<String> expectedCalls) { | 165 List<String> expectedCalls) { |
148 | 166 |
149 test(name, () { | 167 test(name, () { |
(...skipping 360 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
510 validator, | 528 validator, |
511 "<form onmouseover='alert(2)'><input name='tagName'>", | 529 "<form onmouseover='alert(2)'><input name='tagName'>", |
512 ""); | 530 ""); |
513 | 531 |
514 testHtml('tagName without mouseover', | 532 testHtml('tagName without mouseover', |
515 validator, | 533 validator, |
516 "<form><input name='tagName'>", | 534 "<form><input name='tagName'>", |
517 ""); | 535 ""); |
518 }); | 536 }); |
519 } | 537 } |
OLD | NEW |