Skip to content

Commit

Permalink
[Sanitizer] Add tests for safe + unsafe cases. (#49761)
Browse files Browse the repository at this point in the history
This tests for differences between setHTML and setHTMLUnsafe.

Since the html5lib testcase format only supports one result per testcase, we use two testcase files with identical inputs,
one each with the expectations for safe and unsafe variants.

Also, a drive-by fix for an issue uncovered by the tests: The
spec demands we block insertion in a <script> element (in safe cases).

Bug: 356601280
Change-Id: I1fb19f60fdcd7262292a983b548baebcaf43a440
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6039899
Commit-Queue: Daniel Vogelheim <[email protected]>
Reviewed-by: Yifan Luo <[email protected]>
Reviewed-by: Joey Arhar <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1397856}

Co-authored-by: Daniel Vogelheim <[email protected]>
  • Loading branch information
chromium-wpt-export-bot and otherdaniel authored Dec 24, 2024
1 parent 91e727c commit 9da4afa
Show file tree
Hide file tree
Showing 3 changed files with 160 additions and 0 deletions.
50 changes: 50 additions & 0 deletions sanitizer-api/sethtml-safety.dat
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
#data
test
#document-fragment
script
#document

#data
<p>Hello</p>
#document-fragment
script
#document

#data
<div>Hello<script>World</script>xxx
#document
| <div>
| "Hello"
| "xxx"

#data
<div>Hello<script>World</script>xxx
#config
{ "elements": ["div", "script"] }
#document
| <div>
| "Hello"
| "xxx"

#data
<svg>Hello<script>World</script>xxx
#document
| <svg svg>
| "Hello"
| "xxx"

#data
<img src="https://bla.com/blubb" onclick="2+2" one="two">
#document
| <img>
| src="https://bla.com/blubb"

#data
<img src="https://bla.com/blubb" onclick="2+2" one="two">
#config
{ "attributes": ["src", "onclick", "one"]}
#document
| <img>
| one="two"
| src="https://bla.com/blubb"

49 changes: 49 additions & 0 deletions sanitizer-api/sethtml-safety.tentative.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<!DOCTYPE html>
<head>
<title>Testcases from the previous Sanitizer API</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/html5lib-testcase-support.js"></script>
<script>
promise_test(async _ => {
const safety = await fetch("sethtml-safety.dat").
then(response => response.text()).
then(parse_html5lib_testcases);
const unsafety = await fetch("sethtml-unsafety.dat").
then(response => response.text()).
then(parse_html5lib_testcases);

// Ensure that the "safe" and "unsafe" testcase inputs are the same and that
// they only differ only in the expected outcome.
assert_equals(safety.length, unsafety.length);
for (let i = 0; i < safety.length; i++) {
assert_equals(safety[i].data, unsafety[i].data);
assert_equals(safety[i].config, unsafety[i].config);
assert_equals(safety[i]["document-fragment"], unsafety[i]["document-fragment"]);
}

// The main tests here are non-async. Let's run them here, to make sure the
// two fetches have completed.
test_each("setHTML", safety);
test_each("setHTMLUnsafe", unsafety);
}, "wrapper");

function test_each(method, testcases) {
testcases.forEach((testcase, index) => {
test(_ => {
const context = document.createElement(testcase["document-fragment"] ?? "div");
let config = undefined;
try {
config = JSON.parse(testcase.config);
} catch { }

context[method].call(context, testcase.data, { sanitizer: config });
assert_testcase(context, testcase);
}, `Testcase #${index}, ${method}("${testcase.data})".`);
});
}
</script>
</head>
<body>
</body>

61 changes: 61 additions & 0 deletions sanitizer-api/sethtml-unsafety.dat
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
#data
test
#document-fragment
script
#document
| "test"

#data
<p>Hello</p>
#document-fragment
script
#document
| "<p>Hello</p>"

#data
<div>Hello<script>World</script>xxx
#document
| <div>
| "Hello"
| <script>
| "World"
| "xxx"

#data
<div>Hello<script>World</script>xxx
#config
{ "elements": ["div", "script"] }
#document
| <div>
| "Hello"
| <script>
| "World"
| "xxx"

#data
<svg>Hello<script>World</script>xxx
#document
| <svg svg>
| "Hello"
| <svg script>
| "World"
| "xxx"

#data
<img src="https://bla.com/blubb" onclick="2+2" one="two">
#document
| <img>
| onclick="2+2"
| one="two"
| src="https://bla.com/blubb"

#data
<img src="https://bla.com/blubb" onclick="2+2" one="two">
#config
{ "attributes": ["src", "onclick", "one"]}
#document
| <img>
| onclick="2+2"
| one="two"
| src="https://bla.com/blubb"

0 comments on commit 9da4afa

Please sign in to comment.