Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(16)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/editing/pasteboard/paste-noscript.html

Issue 14297020: Merge 147281 "Cross-Origin copy&paste / drag&drop allowing XSS v..." (Closed) Base URL: svn://svn.chromium.org/blink/branches/chromium/1453/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/ChangeLog ('k') | LayoutTests/editing/pasteboard/paste-noscript-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <script> 1 <script>
2 function sayHello() 2 function sayHello()
3 { 3 {
4 alert("Hello"); 4 alert("Hello");
5 } 5 }
6 if (window.testRunner) 6 if (window.testRunner)
7 testRunner.dumpAsText(); 7 testRunner.dumpAsText();
8 </script> 8 </script>
9 <div id="description"> 9 <div id="description">
10 This test copies all the elements containing event handlers and javascript urls, pastes them 10 This test copies all the elements containing event handlers and javascript urls, pastes them
11 in an editable area and verifies that no script, handlers or javascript urls are copied. 11 in an editable area and verifies that no script, handlers or javascript urls are copied.
12 </div> 12 </div>
13 <div id="test" > 13 <div id="test" >
14 <button id="button1" onclick="sayHello()" ondblclick="sayHello()" style="width: 100px;">Hello</button> 14 <button id="button1" onclick="sayHello()" ondblclick="sayHello()" style="width: 100px;">Hello</button>
15 <br> 15 <br>
16 <a id="anchor1" href="http://www.cnn.com/">CNN</a> 16 <a id="anchor1" href="http://www.cnn.com/">CNN</a>
17 <a id="anchor2" href="javascript:sayHello()">Hello</a> 17 <a id="anchor2" href="javascript:sayHello()">Hello</a>
18 <iframe id="iframe1" src="javascript:var x = 1;" style="width: 200px; height: 10 0px; background-color:#cee;"></iframe> 18 <iframe id="iframe1" src="javascript:var x = 1;" style="width: 200px; height: 10 0px; background-color:#cee;"></iframe>
19 <iframe id="iframe2" srcdoc="<script>var x = 1;</script>" style="width: 200px; h eight: 100px; background-color:#cee;"></iframe>
19 <form id="form1" action="javascript:sayHello()" formaction="javascript:sayHello( )" style="width: 200px; height: 150px; background-color:#cee;">This is a form<br ><img src="../resources/abe.png"></img><button formaction="javascript:sayHello() ">Submit.</button></form> 20 <form id="form1" action="javascript:sayHello()" formaction="javascript:sayHello( )" style="width: 200px; height: 150px; background-color:#cee;">This is a form<br ><img src="../resources/abe.png"></img><button formaction="javascript:sayHello() ">Submit.</button></form>
20 </div> 21 </div>
21 <div id="pastehere" contenteditable="true"> 22 <div id="pastehere" contenteditable="true">
22 </div> 23 </div>
23 <ul id="console"></ul> 24 <ul id="console"></ul>
24 <script> 25 <script>
25 var s = window.getSelection(); 26 var s = window.getSelection();
26 var p1 = document.getElementById("test"); 27 var p1 = document.getElementById("test");
27 s.setPosition(p1, 0); 28 s.setPosition(p1, 0);
28 s.setBaseAndExtent(p1, 0, p1, 12); 29 s.setBaseAndExtent(p1, 0, p1, 14);
29 document.execCommand("Copy"); 30 document.execCommand("Copy");
30 p1 = document.getElementById("pastehere"); 31 p1 = document.getElementById("pastehere");
31 s.setPosition(p1, 0); 32 s.setPosition(p1, 0);
32 document.execCommand("Paste"); 33 document.execCommand("Paste");
33 34
34 log(document.getElementById("button1").outerHTML); 35 log(document.getElementById("button1").outerHTML);
35 log(document.getElementById("pastehere").childNodes[0].outerHTML); 36 log(document.getElementById("pastehere").childNodes[0].outerHTML);
36 37
37 log(document.getElementById("anchor1").outerHTML); 38 log(document.getElementById("anchor1").outerHTML);
38 log(document.getElementById("pastehere").childNodes[3].outerHTML); 39 log(document.getElementById("pastehere").childNodes[3].outerHTML);
39 40
40 log(document.getElementById("anchor2").outerHTML); 41 log(document.getElementById("anchor2").outerHTML);
41 log(document.getElementById("pastehere").childNodes[5].outerHTML); 42 log(document.getElementById("pastehere").childNodes[5].outerHTML);
42 43
43 log(document.getElementById("iframe1").outerHTML); 44 log(document.getElementById("iframe1").outerHTML);
44 log(document.getElementById("pastehere").childNodes[7].outerHTML); 45 log(document.getElementById("pastehere").childNodes[7].outerHTML);
45 46
47 log(document.getElementById("iframe2").outerHTML);
48 log(document.getElementById("pastehere").childNodes[9].outerHTML);
49
46 log(document.getElementById("form1").outerHTML); 50 log(document.getElementById("form1").outerHTML);
47 log(document.getElementById("pastehere").childNodes[8].outerHTML); 51 log(document.getElementById("pastehere").childNodes[10].outerHTML);
48 52
49 function log(str) { 53 function log(str) {
50 var li = document.createElement("li"); 54 var li = document.createElement("li");
51 li.appendChild(document.createTextNode(str)); 55 li.appendChild(document.createTextNode(str));
52 var console = document.getElementById("console"); 56 var console = document.getElementById("console");
53 console.appendChild(li); 57 console.appendChild(li);
54 } 58 }
55 </script> 59 </script>
OLDNEW
« no previous file with comments | « LayoutTests/ChangeLog ('k') | LayoutTests/editing/pasteboard/paste-noscript-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698