-
Notifications
You must be signed in to change notification settings - Fork 3.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Sanitizer] Add tests for safe + unsafe cases. (#49761)
This tests for differences between setHTML and setHTMLUnsafe. Since the html5lib testcase format only supports one result per testcase, we use two testcase files with identical inputs, one each with the expectations for safe and unsafe variants. Also, a drive-by fix for an issue uncovered by the tests: The spec demands we block insertion in a <script> element (in safe cases). Bug: 356601280 Change-Id: I1fb19f60fdcd7262292a983b548baebcaf43a440 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6039899 Commit-Queue: Daniel Vogelheim <[email protected]> Reviewed-by: Yifan Luo <[email protected]> Reviewed-by: Joey Arhar <[email protected]> Cr-Commit-Position: refs/heads/main@{#1397856} Co-authored-by: Daniel Vogelheim <[email protected]>
- Loading branch information
1 parent
91e727c
commit 9da4afa
Showing
3 changed files
with
160 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
#data | ||
test | ||
#document-fragment | ||
script | ||
#document | ||
|
||
#data | ||
<p>Hello</p> | ||
#document-fragment | ||
script | ||
#document | ||
|
||
#data | ||
<div>Hello<script>World</script>xxx | ||
#document | ||
| <div> | ||
| "Hello" | ||
| "xxx" | ||
|
||
#data | ||
<div>Hello<script>World</script>xxx | ||
#config | ||
{ "elements": ["div", "script"] } | ||
#document | ||
| <div> | ||
| "Hello" | ||
| "xxx" | ||
|
||
#data | ||
<svg>Hello<script>World</script>xxx | ||
#document | ||
| <svg svg> | ||
| "Hello" | ||
| "xxx" | ||
|
||
#data | ||
<img src="https://bla.com/blubb" onclick="2+2" one="two"> | ||
#document | ||
| <img> | ||
| src="https://bla.com/blubb" | ||
|
||
#data | ||
<img src="https://bla.com/blubb" onclick="2+2" one="two"> | ||
#config | ||
{ "attributes": ["src", "onclick", "one"]} | ||
#document | ||
| <img> | ||
| one="two" | ||
| src="https://bla.com/blubb" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
<!DOCTYPE html> | ||
<head> | ||
<title>Testcases from the previous Sanitizer API</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="support/html5lib-testcase-support.js"></script> | ||
<script> | ||
promise_test(async _ => { | ||
const safety = await fetch("sethtml-safety.dat"). | ||
then(response => response.text()). | ||
then(parse_html5lib_testcases); | ||
const unsafety = await fetch("sethtml-unsafety.dat"). | ||
then(response => response.text()). | ||
then(parse_html5lib_testcases); | ||
|
||
// Ensure that the "safe" and "unsafe" testcase inputs are the same and that | ||
// they only differ only in the expected outcome. | ||
assert_equals(safety.length, unsafety.length); | ||
for (let i = 0; i < safety.length; i++) { | ||
assert_equals(safety[i].data, unsafety[i].data); | ||
assert_equals(safety[i].config, unsafety[i].config); | ||
assert_equals(safety[i]["document-fragment"], unsafety[i]["document-fragment"]); | ||
} | ||
|
||
// The main tests here are non-async. Let's run them here, to make sure the | ||
// two fetches have completed. | ||
test_each("setHTML", safety); | ||
test_each("setHTMLUnsafe", unsafety); | ||
}, "wrapper"); | ||
|
||
function test_each(method, testcases) { | ||
testcases.forEach((testcase, index) => { | ||
test(_ => { | ||
const context = document.createElement(testcase["document-fragment"] ?? "div"); | ||
let config = undefined; | ||
try { | ||
config = JSON.parse(testcase.config); | ||
} catch { } | ||
|
||
context[method].call(context, testcase.data, { sanitizer: config }); | ||
assert_testcase(context, testcase); | ||
}, `Testcase #${index}, ${method}("${testcase.data})".`); | ||
}); | ||
} | ||
</script> | ||
</head> | ||
<body> | ||
</body> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
#data | ||
test | ||
#document-fragment | ||
script | ||
#document | ||
| "test" | ||
|
||
#data | ||
<p>Hello</p> | ||
#document-fragment | ||
script | ||
#document | ||
| "<p>Hello</p>" | ||
|
||
#data | ||
<div>Hello<script>World</script>xxx | ||
#document | ||
| <div> | ||
| "Hello" | ||
| <script> | ||
| "World" | ||
| "xxx" | ||
|
||
#data | ||
<div>Hello<script>World</script>xxx | ||
#config | ||
{ "elements": ["div", "script"] } | ||
#document | ||
| <div> | ||
| "Hello" | ||
| <script> | ||
| "World" | ||
| "xxx" | ||
|
||
#data | ||
<svg>Hello<script>World</script>xxx | ||
#document | ||
| <svg svg> | ||
| "Hello" | ||
| <svg script> | ||
| "World" | ||
| "xxx" | ||
|
||
#data | ||
<img src="https://bla.com/blubb" onclick="2+2" one="two"> | ||
#document | ||
| <img> | ||
| onclick="2+2" | ||
| one="two" | ||
| src="https://bla.com/blubb" | ||
|
||
#data | ||
<img src="https://bla.com/blubb" onclick="2+2" one="two"> | ||
#config | ||
{ "attributes": ["src", "onclick", "one"]} | ||
#document | ||
| <img> | ||
| onclick="2+2" | ||
| one="two" | ||
| src="https://bla.com/blubb" | ||
|