| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| </head> |
| |
| <body> |
| <script> |
| test(t => { |
| let s = new Sanitizer(); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator without config."); |
| |
| test(t => { |
| let s = new Sanitizer({}); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator with empty config."); |
| |
| test(t => { |
| let s = new Sanitizer(null); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator with null as config."); |
| |
| test(t => { |
| let s = new Sanitizer(undefined); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator with undefined as config."); |
| |
| test(t => { |
| let s = new Sanitizer({testConfig: [1,2,3], attr: ["test", "i", "am"]}); |
| assert_true(s instanceof Sanitizer); |
| }, "SanitizerAPI creator with config ignore unknown values."); |
| |
| test(t => { |
| let options = {allowElements: ["div"]}; |
| |
| let s = new Sanitizer(options); |
| assert_true(s instanceof Sanitizer); |
| assert_equals(s.sanitizeToString("<div>balabala</div><p>test</p>"), "<div>balabala</div>test"); |
| |
| options.allowElements.push("p"); |
| assert_equals(s.sanitizeToString("<div>balabala</div><p>test</p>"), "<div>balabala</div>test"); |
| }, "SanitizerAPI config allowElements is not editable."); |
| |
| test(t => { |
| let options = {blockElements: ["div"]}; |
| |
| let s = new Sanitizer(options); |
| assert_true(s instanceof Sanitizer); |
| assert_equals(s.sanitizeToString("<div>balabala</div><p>test</p>"), "balabala<p>test</p>"); |
| |
| options.blockElements.push("p"); |
| assert_equals(s.sanitizeToString("<div>balabala</div><p>test</p>"), "balabala<p>test</p>"); |
| }, "SanitizerAPI config blockElements is not editable."); |
| |
| test(t => { |
| let options = {dropElements: ["div"]}; |
| |
| let s = new Sanitizer(options); |
| assert_true(s instanceof Sanitizer); |
| assert_equals(s.sanitizeToString("<div>balabala</div><p>test</p>"), "<p>test</p>"); |
| |
| options.dropElements.push("p"); |
| assert_equals(s.sanitizeToString("<div>balabala</div><p>test</p>"), "<p>test</p>"); |
| }, "SanitizerAPI config dropElements is not editable."); |
| |
| test(t => { |
| let options = {allowAttributes: {"id": ["*"]}}; |
| |
| let s = new Sanitizer(options); |
| assert_true(s instanceof Sanitizer); |
| assert_equals(s.sanitizeToString("<button id='btn' style='color: black'>balabala</button>"), "<button id=\"btn\">balabala</button>"); |
| |
| options.allowAttributes["style"] = ["*"]; |
| assert_equals(s.sanitizeToString("<button id='btn' style='color: black'>balabala</button>"), "<button id=\"btn\">balabala</button>"); |
| }, "SanitizerAPI config allowAttributes is not editable."); |
| |
| test(t => { |
| let options = {dropAttributes: {"id": ["*"]}}; |
| |
| let s = new Sanitizer(options); |
| assert_true(s instanceof Sanitizer); |
| assert_equals(s.sanitizeToString("<button id='btn' style='color: black'>balabala</button>"), "<button style=\"color: black\">balabala</button>"); |
| |
| options.dropAttributes["style"] = ["*"]; |
| assert_equals(s.sanitizeToString("<button id='btn' style='color: black'>balabala</button>"), "<button style=\"color: black\">balabala</button>"); |
| }, "SanitizerAPI config dropAttributes is not editable."); |
| |
| const config_names = ["dropElements", "blockElements", "allowElements", "dropAttributes", "allowAttributes"]; |
| config_names.forEach(cname => { |
| let options = {}; |
| options[cname] = cname.endsWith("Elements") ? [] : {}; |
| test(t => { |
| let s = new Sanitizer(options); |
| assert_true(s instanceof Sanitizer) |
| |
| if (cname == "allowElements") { |
| assert_equals(s.sanitizeToString("<div id='div'>balabala<i>test</i></div>"), "balabalatest"); |
| } else if (cname == "allowAttributes") { |
| assert_equals(s.sanitizeToString("<div id='div'>balabala<i>test</i></div>"), "<div>balabala<i>test</i></div>"); |
| } else { |
| assert_equals(s.sanitizeToString("<div id='div'>balabala<i>test</i></div>"), "<div id=\"div\">balabala<i>test</i></div>"); |
| } |
| }, "SanitizerAPI creator with config " + JSON.stringify(options) + "."); |
| |
| options = {}; |
| options[cname] = undefined; |
| test(t => { |
| let s = new Sanitizer(options); |
| assert_true(s instanceof Sanitizer) |
| assert_equals(s.sanitizeToString("<div>balabala<i>test</i></div>"), "<div>balabala<i>test</i></div>"); |
| }, "SanitizerAPI creator with config " + JSON.stringify(options, function(k,v){return v===undefined?"::undefined::":v}).replace(new RegExp("\"::undefined::\"", 'g'), "undefined") + "."); |
| |
| let testcases = [null, 123, "div"]; |
| testcases.forEach(c => { |
| options = {}; |
| options[cname] = c; |
| test(t => { |
| assert_throws_js(TypeError, _ => {let s = new Sanitizer(options)}); |
| }, "SanitizerAPI creator with config " + JSON.stringify(options) + "."); |
| }); |
| }); |
| |
| </script> |
| </body> |
| </html> |