Remove attributes that contain javascript from MHTML

third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp

Index: third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp
diff --git a/third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp b/third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp
index 9e1caf5b6438832051464a5d05e4d8ee9a5d22ff..7deef082cf2ce50932ec0f1589161bd613b4e87c 100644
--- a/third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp
+++ b/third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp
@@ -61,6 +61,20 @@ class SimpleWebFrameSerializerClient final : public WebFrameSerializerClient {
   StringBuilder m_builder;
 };
 
+class SimpleMHTMLPartsGenerationDelegate
+    : public WebFrameSerializer::MHTMLPartsGenerationDelegate {
+ private:
+  bool shouldSkipResource(const WebURL&) final { return false; }
+
+  WebString getContentID(WebFrame*) final { return WebString(); }
+
+  WebFrameSerializerCacheControlPolicy cacheControlPolicy() final {
+    return WebFrameSerializerCacheControlPolicy::None;
+  }
+
+  bool useBinaryEncoding() final { return false; }
+};
+
 }  // namespace
 
 class WebFrameSerializerTest : public testing::Test {
@@ -164,4 +178,35 @@ TEST_F(WebFrameSerializerTest, FromUrlWithMinusMinus) {
             actualHTML.substring(1, 60));
 }
 
+class WebFrameSerializerSanitizationTest : public WebFrameSerializerTest {
+ protected:
+  WebFrameSerializerSanitizationTest() {}
+
+  ~WebFrameSerializerSanitizationTest() override {}
+
+  String generateMHTMLParts(const String& url, const String& fileName) {
+    KURL parsedURL(ParsedURLString, url);
+    URLTestHelpers::registerMockedURLLoad(parsedURL, fileName,
+                                          "frameserialization/", "text/html");
+    FrameTestHelpers::loadFrame(mainFrameImpl(), url.utf8().data());
+    WebThreadSafeData result = WebFrameSerializer::generateMHTMLParts(
+        WebString("boundary"), mainFrameImpl(), &m_mhtmlDelegate);
+    return String(result.data(), result.size());
+  }
+
+ private:
+  SimpleMHTMLPartsGenerationDelegate m_mhtmlDelegate;
+};
+
+TEST_F(WebFrameSerializerSanitizationTest, RemoveInlineScriptInAttributes) {
+  String mhtml =
+      generateMHTMLParts("http://www.test.com", "script_in_attributes.html");
+  EXPECT_EQ(std::string::npos, mhtml.find("onload="));
+  EXPECT_EQ(std::string::npos, mhtml.find("onclick="));
+  EXPECT_EQ(std::string::npos, mhtml.find("href="));
+  EXPECT_EQ(std::string::npos, mhtml.find("from="));
+  EXPECT_EQ(std::string::npos, mhtml.find("to="));
+  EXPECT_EQ(std::string::npos, mhtml.find("javascript:"));

[carlosk, 2016/11/30 01:03:16]

I think you should also test a few positive cases here, where attributes are
expected to not be removed. There might be some "edgy" cases you are aware of?

Currently if SimpleMHTMLPartsGenerationDelegate should override
shouldIgnoreAttribute to always return |false| this test would succeed.

[jianli, 2016/11/30 01:35:37]

Done.

+}
+
 }  // namespace blink