| <!DOCTYPE html> |
| <script src="../../resources/testharness.js"></script> |
| <script src="../../resources/testharnessreport.js"></script> |
| <script src="../assert_selection.js"></script> |
| <script> |
| // crbug.com/1040755 |
| selection_test( |
| '<div contenteditable>|</div>', |
| selection => { |
| selection.setClipboardData(` |
| <svg> |
| <use href="data:application/xml, |
| <svg id=x> |
| <a href='javascript:alert(1)'> |
| <rect width=100 height=100 fill=blue /> |
| </a> |
| </svg>#x"> |
| </use> |
| </svg>`); |
| selection.document.execCommand('paste'); |
| }, |
| '<div contenteditable>|<svg></svg></div>', |
| 'Paste blocks data URI in SVG use elements'); |
| |
| // crbug.com/1065761 |
| selection_test( |
| '<div contenteditable>|</div>', |
| selection => { |
| selection.setClipboardData(` |
| <noscript><u title="</noscript><div contenteditable=false> |
| <svg> |
| <use href=data:application/xml;base64,PHN2ZyBpZD0neCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJz4KPGEgaHJlZj0namF2YXNjcmlwdDphbGVydCgxMjMpJz4KICAgIDxyZWN0IHdpZHRoPScxMDAlJyBoZWlnaHQ9JzEwMCUnIGZpbGw9J2xpZ2h0Ymx1ZScgLz4KICAgICA8dGV4dCB4PScwJyB5PScwJyBmaWxsPSdibGFjayc+CiAgICAgICA8dHNwYW4geD0nMCcgZHk9JzEuMmVtJz5Pb3BzLCB0aGVyZSdzIHNvbWV0aGluZyB3cm9uZyB3aXRoIHRoZSBwYWdlITwvdHNwYW4+CiAgICAgPHRzcGFuIHg9JzAnIGR5PScxLjJlbSc+UGxlYXNlIGNsaWNrIGhlcmUgdG8gcmVsb2FkLjwvdHNwYW4+Cjwvc3ZnPg==#x>"></noscript>asdasd`); |
| selection.document.execCommand('paste'); |
| }, |
| '<div contenteditable>|<noscript><u title="</noscript><div contenteditable="false"><svg></svg></div></div>', |
| 'Paste blocks data URI in SVG use element injection via <noscript>'); |
| </script> |
