mirror of
https://github.com/dart-lang/sdk
synced 2024-09-20 07:31:33 +00:00
2dcd56ef43
There are far too many files here to review everyone carefully. Spot checking most of the diffs look good as test code is generally written with less care than application code so lots of ugly formatting get through. If people notice files where the automated formatting bothers them feel free to comment indicating file names and I'll move spaces within comments to make the formatting cleaner and use comments to force block formatting as I have done for other case where formatting looked bad. BUG= R=efortuna@google.com Review-Url: https://codereview.chromium.org/2771453003 .
65 lines
2.1 KiB
Dart
65 lines
2.1 KiB
Dart
// Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file
|
|
// for details. All rights reserved. Use of this source code is governed by a
|
|
// BSD-style license that can be found in the LICENSE file.
|
|
|
|
/// This tests HTML validation and sanitization, which is very important
|
|
/// for prevent XSS or other attacks. If you suppress this, or parts of it
|
|
/// please make it a critical bug and bring it to the attention of the
|
|
/// dart:html maintainers.
|
|
library trusted_html_tree_sanitizer_test;
|
|
|
|
import 'dart:html';
|
|
import 'dart:svg' as svg;
|
|
import 'package:unittest/unittest.dart';
|
|
import 'package:unittest/html_individual_config.dart';
|
|
import 'utils.dart';
|
|
import 'dart:js' as js;
|
|
|
|
var oldAdoptNode;
|
|
var jsDocument;
|
|
|
|
/// We want to verify that with the trusted sanitizer we are not
|
|
/// creating a document fragment. So make DocumentFragment operation
|
|
/// throw.
|
|
makeDocumentFragmentAdoptionThrow() {
|
|
var document = js.context['document'];
|
|
jsDocument = new js.JsObject.fromBrowserObject(document);
|
|
oldAdoptNode = jsDocument['adoptNode'];
|
|
jsDocument['adoptNode'] = null;
|
|
}
|
|
|
|
restoreOldAdoptNode() {
|
|
jsDocument['adoptNode'] = oldAdoptNode;
|
|
}
|
|
|
|
main() {
|
|
useHtmlIndividualConfiguration();
|
|
|
|
group('not_create_document_fragment', () {
|
|
setUp(makeDocumentFragmentAdoptionThrow);
|
|
tearDown(restoreOldAdoptNode);
|
|
|
|
test('setInnerHtml', () {
|
|
document.body.setInnerHtml('<div foo="baz">something</div>',
|
|
treeSanitizer: NodeTreeSanitizer.trusted);
|
|
expect(document.body.innerHtml, '<div foo="baz">something</div>');
|
|
});
|
|
|
|
test("appendHtml", () {
|
|
var oldStuff = document.body.innerHtml;
|
|
var newStuff = '<div rumplestiltskin="value">content</div>';
|
|
document.body
|
|
.appendHtml(newStuff, treeSanitizer: NodeTreeSanitizer.trusted);
|
|
expect(document.body.innerHtml, oldStuff + newStuff);
|
|
});
|
|
});
|
|
|
|
group('untrusted', () {
|
|
setUp(makeDocumentFragmentAdoptionThrow);
|
|
tearDown(restoreOldAdoptNode);
|
|
test('untrusted', () {
|
|
expect(() => document.body.innerHtml = "<p>anything</p>", throws);
|
|
});
|
|
});
|
|
}
|