mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 07:15:46 +00:00
Bug 1658564 - Sanitizer API parse options - r=hsivonen
Differential Revision: https://phabricator.services.mozilla.com/D113663
This commit is contained in:
Frederik Braun
parent
d94292fc70
commit
527db54989
@ -11,13 +11,19 @@
|
||||
#include "mozilla/BindingStyleRule.h"
|
||||
#include "mozilla/DeclarationBlock.h"
|
||||
#include "mozilla/StyleSheetInlines.h"
|
||||
#include "mozilla/UniquePtr.h"
|
||||
#include "mozilla/css/Rule.h"
|
||||
#include "mozilla/dom/SanitizerBinding.h"
|
||||
#include "mozilla/dom/CSSRuleList.h"
|
||||
#include "mozilla/dom/DocumentFragment.h"
|
||||
#include "mozilla/dom/HTMLTemplateElement.h"
|
||||
#include "mozilla/dom/SRIMetadata.h"
|
||||
#include "mozilla/NullPrincipal.h"
|
||||
#include "nsAtom.h"
|
||||
#include "nsCSSPropertyID.h"
|
||||
#include "nsHashtablesFwd.h"
|
||||
#include "nsString.h"
|
||||
#include "nsTHashtable.h"
|
||||
#include "nsUnicharInputStream.h"
|
||||
#include "nsAttrName.h"
|
||||
#include "nsIScriptError.h"
|
||||
@ -986,6 +992,10 @@ nsTreeSanitizer::nsTreeSanitizer(uint32_t aFlags)
|
||||
// Sanitizing styles for external references is not supported.
|
||||
mAllowStyles = false;
|
||||
}
|
||||
|
||||
mAllowedElements = nullptr;
|
||||
mBlockedElements = nullptr;
|
||||
|
||||
if (!sElementsHTML) {
|
||||
// Initialize lazily to avoid having to initialize at all if the user
|
||||
// doesn't paste HTML or load feeds.
|
||||
@ -1001,6 +1011,12 @@ nsTreeSanitizer::nsTreeSanitizer(uint32_t aFlags)
|
||||
|
||||
bool nsTreeSanitizer::MustFlatten(int32_t aNamespace, nsAtom* aLocal) {
|
||||
if (aNamespace == kNameSpaceID_XHTML) {
|
||||
if (mIsCustomized) {
|
||||
// TODO(freddy): Make it work for other namespaces.
|
||||
// See https://github.com/WICG/sanitizer-api/issues/72
|
||||
return ((mAllowedElements && !mAllowedElements->Contains(aLocal)) ||
|
||||
((mBlockedElements && mBlockedElements->Contains(aLocal))));
|
||||
}
|
||||
if (mDropNonCSSPresentation &&
|
||||
(nsGkAtoms::font == aLocal || nsGkAtoms::center == aLocal)) {
|
||||
return true;
|
||||
@ -1089,11 +1105,8 @@ bool nsTreeSanitizer::MustPrune(int32_t aNamespace, nsAtom* aLocal,
|
||||
}
|
||||
}
|
||||
if (mAllowStyles) {
|
||||
if (nsGkAtoms::style == aLocal &&
|
||||
!(aNamespace == kNameSpaceID_XHTML || aNamespace == kNameSpaceID_SVG)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
return nsGkAtoms::style == aLocal && !(aNamespace == kNameSpaceID_XHTML ||
|
||||
aNamespace == kNameSpaceID_SVG);
|
||||
}
|
||||
if (nsGkAtoms::style == aLocal) {
|
||||
return true;
|
||||
@ -1152,13 +1165,48 @@ static bool UTF16StringStartsWith(const char16_t* aStr, uint32_t aLength,
|
||||
|
||||
void nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
|
||||
AllowedAttributes aAllowed) {
|
||||
uint32_t ac = aElement->GetAttrCount();
|
||||
int32_t ac = (int)aElement->GetAttrCount();
|
||||
|
||||
for (int32_t i = ac - 1; i >= 0; --i) {
|
||||
const nsAttrName* attrName = aElement->GetAttrNameAt(i);
|
||||
int32_t attrNs = attrName->NamespaceID();
|
||||
RefPtr<nsAtom> attrLocal = attrName->LocalName();
|
||||
|
||||
if (mIsCustomized) {
|
||||
bool shouldRemove = true;
|
||||
RefPtr<nsAtom> elemName = aElement->NodeInfo()->NameAtom();
|
||||
|
||||
// check allow list
|
||||
if (mAllowedAttributes) {
|
||||
auto allowedElements = mAllowedAttributes->Lookup(attrLocal);
|
||||
if (allowedElements) {
|
||||
if (allowedElements.Data()->Contains(elemName) ||
|
||||
allowedElements.Data()->Contains(nsGkAtoms::_asterisk)) {
|
||||
shouldRemove = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
// checking drop list last
|
||||
// i.e., if listd as both allowed and dropped, it will still be dropped
|
||||
if (mDroppedAttributes) {
|
||||
auto dropElements = mDroppedAttributes->Lookup(attrLocal);
|
||||
if (dropElements) {
|
||||
if (dropElements.Data()->Contains(elemName) ||
|
||||
dropElements.Data()->Contains(nsGkAtoms::_asterisk)) {
|
||||
shouldRemove = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (shouldRemove) {
|
||||
aElement->UnsetAttr(kNameSpaceID_None, attrLocal, false);
|
||||
// in case the attribute removal shuffled the attribute order, start
|
||||
// the loop again.
|
||||
--ac;
|
||||
i = ac; // i will be decremented immediately thanks to the for loop
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
if (kNameSpaceID_None == attrNs) {
|
||||
if (aAllowed.mStyle && nsGkAtoms::style == attrLocal) {
|
||||
continue;
|
||||
@ -1554,3 +1602,85 @@ void nsTreeSanitizer::ReleaseStatics() {
|
||||
|
||||
NS_IF_RELEASE(sNullPrincipal);
|
||||
}
|
||||
|
||||
void nsTreeSanitizer::WithWebSanitizerOptions(
|
||||
const mozilla::dom::SanitizerConfig& aOptions) {
|
||||
if (!aOptions.IsAnyMemberPresent()) {
|
||||
return;
|
||||
}
|
||||
if (aOptions.mAllowElements.WasPassed()) {
|
||||
mIsCustomized = true;
|
||||
const Sequence<nsString>& allowedElements = aOptions.mAllowElements.Value();
|
||||
mAllowedElements = MakeUnique<DynamicAtomsTable>(allowedElements.Length());
|
||||
for (const nsString& elem : allowedElements) {
|
||||
nsAutoString lowercaseElem;
|
||||
nsContentUtils::ASCIIToLower(elem, lowercaseElem);
|
||||
RefPtr<nsAtom> elAsAtom = NS_Atomize(lowercaseElem);
|
||||
mAllowedElements->Insert(elAsAtom);
|
||||
}
|
||||
} else {
|
||||
mAllowedElements = nullptr;
|
||||
}
|
||||
if (aOptions.mBlockElements.WasPassed()) {
|
||||
mIsCustomized = true;
|
||||
const Sequence<nsString>& blockedElements = aOptions.mBlockElements.Value();
|
||||
mBlockedElements = MakeUnique<DynamicAtomsTable>(blockedElements.Length());
|
||||
for (const nsString& elem : blockedElements) {
|
||||
nsAutoString lowercaseElem;
|
||||
nsContentUtils::ASCIIToLower(elem, lowercaseElem);
|
||||
RefPtr<nsAtom> elAsAtom = NS_Atomize(lowercaseElem);
|
||||
mBlockedElements->Insert(elAsAtom);
|
||||
}
|
||||
} else {
|
||||
mBlockedElements = nullptr;
|
||||
}
|
||||
if (aOptions.mAllowAttributes.WasPassed()) {
|
||||
mIsCustomized = true;
|
||||
const Record<nsString, Sequence<nsString>>& allowedAttributes =
|
||||
aOptions.mAllowAttributes.Value();
|
||||
mAllowedAttributes = MakeUnique<
|
||||
nsTHashMap<RefPtr<nsAtom>, mozilla::UniquePtr<DynamicAtomsTable>>>();
|
||||
nsAutoString name;
|
||||
for (const auto& entries : allowedAttributes.Entries()) {
|
||||
UniquePtr<DynamicAtomsTable> elems =
|
||||
MakeUnique<DynamicAtomsTable>(allowedAttributes.Entries().Length());
|
||||
for (const auto& elem : entries.mValue) {
|
||||
nsAutoString lowercaseElem;
|
||||
nsContentUtils::ASCIIToLower(elem, lowercaseElem);
|
||||
RefPtr<nsAtom> elAsAtom = NS_Atomize(lowercaseElem);
|
||||
elems->Insert(elAsAtom);
|
||||
}
|
||||
nsAutoString attrName;
|
||||
nsContentUtils::ASCIIToLower(entries.mKey, attrName);
|
||||
RefPtr<nsAtom> attrAtom = NS_Atomize(attrName);
|
||||
mAllowedAttributes->InsertOrUpdate(attrAtom, std::move(elems));
|
||||
}
|
||||
} else {
|
||||
mAllowedAttributes = nullptr;
|
||||
}
|
||||
if (aOptions.mDropAttributes.WasPassed()) {
|
||||
mIsCustomized = true;
|
||||
const Record<nsString, Sequence<nsString>>& droppedAttributes =
|
||||
aOptions.mDropAttributes.Value();
|
||||
mDroppedAttributes = MakeUnique<
|
||||
nsTHashMap<RefPtr<nsAtom>, mozilla::UniquePtr<DynamicAtomsTable>>>();
|
||||
nsAutoString name;
|
||||
for (const auto& entries : droppedAttributes.Entries()) {
|
||||
UniquePtr<DynamicAtomsTable> elems =
|
||||
MakeUnique<DynamicAtomsTable>(droppedAttributes.Entries().Length());
|
||||
for (const auto& elem : entries.mValue) {
|
||||
nsAutoString lowercaseElem;
|
||||
nsContentUtils::ASCIIToLower(elem, lowercaseElem);
|
||||
RefPtr<nsAtom> elAsAtom = NS_Atomize(lowercaseElem);
|
||||
elems->Insert(elAsAtom);
|
||||
}
|
||||
nsAutoString attrName;
|
||||
nsContentUtils::ASCIIToLower(entries.mKey, attrName);
|
||||
RefPtr<nsAtom> attrAtom = NS_Atomize(attrName);
|
||||
mDroppedAttributes->InsertOrUpdate(attrAtom, std::move(elems));
|
||||
}
|
||||
} else {
|
||||
mDroppedAttributes = nullptr;
|
||||
}
|
||||
// TODO(freddy) Add handling of other keys in SanitizerConfig
|
||||
}
|
||||
|
||||
@ -7,8 +7,12 @@
|
||||
|
||||
#include "nsAtom.h"
|
||||
#include "nsHashKeys.h"
|
||||
#include "nsHashtablesFwd.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsTArray.h"
|
||||
#include "nsTHashSet.h"
|
||||
#include "mozilla/UniquePtr.h"
|
||||
#include "mozilla/dom/SanitizerBinding.h"
|
||||
|
||||
class nsIContent;
|
||||
class nsINode;
|
||||
@ -26,7 +30,7 @@ class Element;
|
||||
* See the documentation of nsIParserUtils::sanitize for documentation
|
||||
* about the default behavior and the configuration options of this sanitizer.
|
||||
*/
|
||||
class MOZ_STACK_CLASS nsTreeSanitizer {
|
||||
class nsTreeSanitizer {
|
||||
public:
|
||||
/**
|
||||
* The constructor.
|
||||
@ -53,6 +57,12 @@ class MOZ_STACK_CLASS nsTreeSanitizer {
|
||||
*/
|
||||
void Sanitize(mozilla::dom::Document* aDocument);
|
||||
|
||||
/**
|
||||
* Provides additional options for usage from the Web Sanitizer API
|
||||
* which allows modifying the allow-list from above
|
||||
*/
|
||||
void WithWebSanitizerOptions(const mozilla::dom::SanitizerConfig& aOptions);
|
||||
|
||||
private:
|
||||
/**
|
||||
* Whether <style> and style="" are allowed.
|
||||
@ -113,6 +123,14 @@ class MOZ_STACK_CLASS nsTreeSanitizer {
|
||||
return aAtom->IsStatic() && GetEntry(aAtom->AsStatic());
|
||||
}
|
||||
};
|
||||
// Use this table for user-defined lists
|
||||
class DynamicAtomsTable : public nsTHashSet<RefPtr<nsAtom>> {
|
||||
public:
|
||||
explicit DynamicAtomsTable(uint32_t aLength)
|
||||
: nsTHashSet<RefPtr<nsAtom>>(aLength) {}
|
||||
|
||||
bool Contains(nsAtom* aAtom) { return GetEntry(aAtom); }
|
||||
};
|
||||
|
||||
void SanitizeChildren(nsINode* aRoot);
|
||||
|
||||
@ -271,6 +289,25 @@ class MOZ_STACK_CLASS nsTreeSanitizer {
|
||||
* Reusable null principal for URL checks.
|
||||
*/
|
||||
static nsIPrincipal* sNullPrincipal;
|
||||
|
||||
// Short-hand to determine whether this is a customized Sanitizer.
|
||||
bool mIsCustomized = false;
|
||||
|
||||
// An allow-list of elements to keep.
|
||||
mozilla::UniquePtr<DynamicAtomsTable> mAllowedElements;
|
||||
|
||||
// A deny-list of elements to block.
|
||||
mozilla::UniquePtr<DynamicAtomsTable> mBlockedElements;
|
||||
|
||||
// An allow-list of attributes to keep.
|
||||
mozilla::UniquePtr<
|
||||
nsTHashMap<RefPtr<nsAtom>, mozilla::UniquePtr<DynamicAtomsTable>>>
|
||||
mAllowedAttributes;
|
||||
|
||||
// A deny-list of attributes to drop.
|
||||
mozilla::UniquePtr<
|
||||
nsTHashMap<RefPtr<nsAtom>, mozilla::UniquePtr<DynamicAtomsTable>>>
|
||||
mDroppedAttributes;
|
||||
};
|
||||
|
||||
#endif // nsTreeSanitizer_h_
|
||||
|
||||
@ -13,8 +13,7 @@
|
||||
#include "nsTreeSanitizer.h"
|
||||
#include "Sanitizer.h"
|
||||
|
||||
namespace mozilla {
|
||||
namespace dom {
|
||||
namespace mozilla::dom {
|
||||
|
||||
NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(Sanitizer, mGlobal)
|
||||
|
||||
@ -33,15 +32,14 @@ JSObject* Sanitizer::WrapObject(JSContext* aCx,
|
||||
|
||||
/* static */
|
||||
already_AddRefed<Sanitizer> Sanitizer::Constructor(
|
||||
const GlobalObject& aGlobal, const SanitizerOptions& aOptions,
|
||||
const GlobalObject& aGlobal, const SanitizerConfig& aOptions,
|
||||
ErrorResult& aRv) {
|
||||
// Note: Later, aOptions will be interpreted and stored as a member.
|
||||
// We'll just ignore it for now.
|
||||
nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
|
||||
RefPtr<Sanitizer> sanitizer = new Sanitizer(global);
|
||||
RefPtr<Sanitizer> sanitizer = new Sanitizer(global, aOptions);
|
||||
AutoTArray<nsString, 1> params = {};
|
||||
sanitizer->LogLocalizedString("SanitizerOptionsDiscarded", params,
|
||||
nsIScriptError::infoFlag);
|
||||
|
||||
return sanitizer.forget();
|
||||
}
|
||||
|
||||
@ -121,9 +119,8 @@ already_AddRefed<DocumentFragment> Sanitizer::Sanitize(
|
||||
if (error.Failed()) {
|
||||
return fragment.forget();
|
||||
}
|
||||
nsTreeSanitizer treeSanitizer(mSanitizationFlags);
|
||||
|
||||
treeSanitizer.Sanitize(fragment);
|
||||
mTreeSanitizer.Sanitize(fragment);
|
||||
return fragment.forget();
|
||||
}
|
||||
|
||||
@ -137,9 +134,8 @@ void Sanitizer::SanitizeToString(
|
||||
if (error.Failed()) {
|
||||
return;
|
||||
}
|
||||
nsTreeSanitizer treeSanitizer(mSanitizationFlags);
|
||||
|
||||
treeSanitizer.Sanitize(fragment);
|
||||
mTreeSanitizer.Sanitize(fragment);
|
||||
fragment->GetInnerHTML(outSanitized);
|
||||
}
|
||||
|
||||
@ -185,5 +181,4 @@ void Sanitizer::LogMessage(const nsAString& aMessage, uint32_t aFlags,
|
||||
}
|
||||
}
|
||||
|
||||
} // namespace dom
|
||||
} // namespace mozilla
|
||||
} // namespace mozilla::dom
|
||||
|
||||
@ -33,11 +33,12 @@ class Sanitizer final : public nsISupports, public nsWrapperCache {
|
||||
NS_DECL_CYCLE_COLLECTING_ISUPPORTS
|
||||
NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS(Sanitizer)
|
||||
|
||||
explicit Sanitizer(nsIGlobalObject* aGlobal) : mGlobal(aGlobal) {
|
||||
explicit Sanitizer(nsIGlobalObject* aGlobal, const SanitizerConfig& aOptions)
|
||||
: mGlobal(aGlobal),
|
||||
mTreeSanitizer(nsIParserUtils::SanitizerAllowStyle |
|
||||
nsIParserUtils::SanitizerAllowComments) {
|
||||
MOZ_ASSERT(aGlobal);
|
||||
// FIXME(freddyb): Waiting for wicg-draft to evolve. Bug 1658564.
|
||||
mSanitizationFlags = nsIParserUtils::SanitizerAllowStyle |
|
||||
nsIParserUtils::SanitizerAllowComments;
|
||||
mTreeSanitizer.WithWebSanitizerOptions(aOptions);
|
||||
}
|
||||
|
||||
nsIGlobalObject* GetParentObject() const { return mGlobal; }
|
||||
@ -50,7 +51,7 @@ class Sanitizer final : public nsISupports, public nsWrapperCache {
|
||||
* @return a new Sanitizer object, with methods as below
|
||||
*/
|
||||
static already_AddRefed<Sanitizer> Constructor(
|
||||
const GlobalObject& aGlobal, const SanitizerOptions& aOptions,
|
||||
const GlobalObject& aGlobal, const SanitizerConfig& aOptions,
|
||||
ErrorResult& aRv);
|
||||
|
||||
/**
|
||||
@ -94,9 +95,9 @@ class Sanitizer final : public nsISupports, public nsWrapperCache {
|
||||
static void LogMessage(const nsAString& aMessage, uint32_t aFlags,
|
||||
uint64_t aInnerWindowID, bool aFromPrivateWindow);
|
||||
|
||||
SanitizerOptions mOptions;
|
||||
uint32_t mSanitizationFlags;
|
||||
nsCOMPtr<nsIGlobalObject> mGlobal;
|
||||
SanitizerConfig mOptions;
|
||||
nsTreeSanitizer mTreeSanitizer;
|
||||
};
|
||||
} // namespace dom
|
||||
} // namespace mozilla
|
||||
|
||||
@ -48,26 +48,74 @@ SimpleTest.waitForExplicitFinish();
|
||||
const testCases = [
|
||||
{
|
||||
testString: "<p>hello</p>",
|
||||
testExpected: "<p>hello</p>"
|
||||
testExpected: "<p>hello</p>",
|
||||
sanitizerOptions: {}
|
||||
},
|
||||
{
|
||||
// script element encoded to not confuse the HTML parser and end execution here
|
||||
testString: "<p>second test</p><script>alert(1)\x3C/script>",
|
||||
testExpected: "<p>second test</p>"
|
||||
testExpected: "<p>second test</p>",
|
||||
sanitizerOptions: {},
|
||||
},
|
||||
{
|
||||
// test for the allowElements option
|
||||
testString: "<p>hello <i>folks</i></p>",
|
||||
testExpected: "<p>hello folks</p>",
|
||||
sanitizerOptions: { allowElements: ["p"] },
|
||||
},
|
||||
{
|
||||
// test for the blockElements option
|
||||
testString: "<p>hello <i>folks</i></p>",
|
||||
testExpected: "<p>hello folks</p>",
|
||||
sanitizerOptions: { blockElements: ["i"] },
|
||||
},
|
||||
{
|
||||
// test for the allowAttributes option
|
||||
testString: `<p haha="lol">hello</p>`,
|
||||
testExpected: `<p haha="lol">hello</p>`,
|
||||
sanitizerOptions: { allowAttributes: { 'haha': ['p'] } },
|
||||
},
|
||||
{
|
||||
// confirming the inverse
|
||||
testString: `<p haha="lol">hello</p>`,
|
||||
testExpected: `<p>hello</p>`,
|
||||
sanitizerOptions: {},
|
||||
},
|
||||
{
|
||||
// test for the dropAttributes option
|
||||
testString: `<p title="dropme">hello</p>`,
|
||||
testExpected: `<p>hello</p>`,
|
||||
sanitizerOptions: { dropAttributes: { 'title': ['p'] } },
|
||||
},
|
||||
{
|
||||
// confirming the inverse
|
||||
testString: `<p title="dontdropme">hello</p>`,
|
||||
testExpected: `<p title="dontdropme">hello</p>`,
|
||||
sanitizerOptions: {},
|
||||
},
|
||||
{
|
||||
// if an attribute is allowed and dropped, the drop will take preference
|
||||
testString: `<p title="lol">hello</p>`,
|
||||
testExpected: `<p>hello</p>`,
|
||||
sanitizerOptions: {
|
||||
allowAttributes: { 'title': ['p'] },
|
||||
dropAttributes: { 'title': ['p'] },
|
||||
},
|
||||
},
|
||||
];
|
||||
|
||||
|
||||
const div = document.getElementById("div");
|
||||
for (let test of testCases) {
|
||||
const {testString, testExpected} = test;
|
||||
const {testString, testExpected, sanitizerOptions} = test;
|
||||
const testSanitizer = new Sanitizer(sanitizerOptions);
|
||||
|
||||
for (let testInputAndType of possibleInputTypes(testString)) {
|
||||
const {testInput, testType} = testInputAndType;
|
||||
|
||||
// test documentfragment API
|
||||
div.innerHTML = "";
|
||||
const docFragment = mySanitizer.sanitize(testInput);
|
||||
const docFragment = testSanitizer.sanitize(testInput);
|
||||
div.append(docFragment);
|
||||
is(div.innerHTML, testExpected, `Sanitizer.sanitize() should turn (${testType}) '${testInput}' into '${testExpected}'`);
|
||||
|
||||
|
||||
@ -12,19 +12,23 @@
|
||||
|
||||
|
||||
typedef (DOMString or DocumentFragment or Document) SanitizerInput;
|
||||
|
||||
// unimplemented during prototyping
|
||||
dictionary SanitizerOptions {
|
||||
sequence<DOMString> allowed;
|
||||
sequence<DOMString> removed;
|
||||
};
|
||||
typedef record<DOMString, sequence<DOMString>> AttributeMatchList;
|
||||
|
||||
[Exposed=Window, SecureContext, Pref="dom.security.sanitizer.enabled"]
|
||||
interface Sanitizer {
|
||||
[Throws]
|
||||
constructor(optional SanitizerOptions options = {}); // optionality still discussed in spec
|
||||
constructor(optional SanitizerConfig sanitizerConfig = {});
|
||||
[Throws]
|
||||
DocumentFragment sanitize(SanitizerInput input);
|
||||
[Throws]
|
||||
DOMString sanitizeToString(SanitizerInput input);
|
||||
};
|
||||
|
||||
dictionary SanitizerConfig {
|
||||
sequence<DOMString> allowElements;
|
||||
sequence<DOMString> blockElements;
|
||||
sequence<DOMString> dropElements;
|
||||
AttributeMatchList allowAttributes;
|
||||
AttributeMatchList dropAttributes;
|
||||
boolean allowCustomElements;
|
||||
};
|
||||
|
||||
@ -1,31 +1,16 @@
|
||||
[sanitizer-config.https.tentative.html]
|
||||
[SanitizerAPI: allowElements modify is okay.]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI: allowElements config is not kept as reference.]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI: blockElements modify is okay.]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI: blockElements config is not kept as reference.]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI: dropElements modify is okay.]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI: dropElements config is not kept as reference.]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI: allowAttributes modify is okay.]
|
||||
[SanitizerAPI: allowElements stays is okay.]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI: allowAttributes config is not kept as reference.]
|
||||
[SanitizerAPI: blockElements stays is okay.]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI: dropAttributes modify is okay.]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI: dropAttributes config is not kept as reference.]
|
||||
[SanitizerAPI: dropAttributes stays is okay.]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
@ -5,9 +5,6 @@
|
||||
[SanitizerAPI with config: default behavior for custom elements, sanitize from string function for default behavior for custom elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allow custom elements with allow elements, sanitize from string function for allow custom elements with allow elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: disallow custom elements, sanitize from string function for disallow custom elements]
|
||||
expected: FAIL
|
||||
|
||||
@ -29,12 +26,6 @@
|
||||
[SanitizerAPI with config: blockElements list with invalid values, sanitize from string function for blockElements list with invalid values]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p"\], sanitize from string function for allowElements list ["p"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p", "test"\], sanitize from string function for allowElements list ["p", "test"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list has no influence to dropElements, sanitize from string function for allowElements list has no influence to dropElements]
|
||||
expected: FAIL
|
||||
|
||||
@ -44,24 +35,12 @@
|
||||
[SanitizerAPI with config: dropAttributes list {"*": ["a"\]} with style attribute, sanitize from string function for dropAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"id": ["*"\]} with id attribute, sanitize from string function for dropAttributes list {"id": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"ID": ["*"\]} with id attribute, sanitize from string function for dropAttributes list {"ID": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access, sanitize from string function for dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"id": ["div"\]} with id attribute, sanitize from string function for allowAttributes list {"id": ["div"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"*": ["a"\]} with style attribute, sanitize from string function for allowAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitize from string function for allowAttributes list has no influence to dropAttributes]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: plaintext, sanitize from document function for plaintext]
|
||||
expected: FAIL
|
||||
|
||||
@ -71,9 +50,6 @@
|
||||
[SanitizerAPI with config: default behavior for custom elements, sanitize from document function for default behavior for custom elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allow custom elements with allow elements, sanitize from document function for allow custom elements with allow elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: disallow custom elements, sanitize from document function for disallow custom elements]
|
||||
expected: FAIL
|
||||
|
||||
@ -95,12 +71,6 @@
|
||||
[SanitizerAPI with config: blockElements list with invalid values, sanitize from document function for blockElements list with invalid values]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p"\], sanitize from document function for allowElements list ["p"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p", "test"\], sanitize from document function for allowElements list ["p", "test"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list has no influence to dropElements, sanitize from document function for allowElements list has no influence to dropElements]
|
||||
expected: FAIL
|
||||
|
||||
@ -110,24 +80,12 @@
|
||||
[SanitizerAPI with config: dropAttributes list {"*": ["a"\]} with style attribute, sanitize from document function for dropAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"id": ["*"\]} with id attribute, sanitize from document function for dropAttributes list {"id": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"ID": ["*"\]} with id attribute, sanitize from document function for dropAttributes list {"ID": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access, sanitize from document function for dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"id": ["div"\]} with id attribute, sanitize from document function for allowAttributes list {"id": ["div"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"*": ["a"\]} with style attribute, sanitize from document function for allowAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitize from document function for allowAttributes list has no influence to dropAttributes]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: plaintext, sanitize from document fragment function for plaintext]
|
||||
expected: FAIL
|
||||
|
||||
@ -137,9 +95,6 @@
|
||||
[SanitizerAPI with config: default behavior for custom elements, sanitize from document fragment function for default behavior for custom elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allow custom elements with allow elements, sanitize from document fragment function for allow custom elements with allow elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: disallow custom elements, sanitize from document fragment function for disallow custom elements]
|
||||
expected: FAIL
|
||||
|
||||
@ -161,12 +116,6 @@
|
||||
[SanitizerAPI with config: blockElements list with invalid values, sanitize from document fragment function for blockElements list with invalid values]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p"\], sanitize from document fragment function for allowElements list ["p"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p", "test"\], sanitize from document fragment function for allowElements list ["p", "test"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list has no influence to dropElements, sanitize from document fragment function for allowElements list has no influence to dropElements]
|
||||
expected: FAIL
|
||||
|
||||
@ -176,21 +125,18 @@
|
||||
[SanitizerAPI with config: dropAttributes list {"*": ["a"\]} with style attribute, sanitize from document fragment function for dropAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"id": ["*"\]} with id attribute, sanitize from document fragment function for dropAttributes list {"id": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"ID": ["*"\]} with id attribute, sanitize from document fragment function for dropAttributes list {"ID": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access, sanitize from document fragment function for dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"id": ["div"\]} with id attribute, sanitize from document fragment function for allowAttributes list {"id": ["div"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"*": ["a"\]} with style attribute, sanitize from document fragment function for allowAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitize from document fragment function for allowAttributes list has no influence to dropAttributes]
|
||||
[SanitizerAPI with config: empty dropAttributes list with id attribute, sanitize from string function for empty dropAttributes list with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: empty dropAttributes list with id attribute, sanitize from document function for empty dropAttributes list with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: empty dropAttributes list with id attribute, sanitize from document fragment function for empty dropAttributes list with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
@ -5,9 +5,6 @@
|
||||
[SanitizerAPI config: default behavior for custom elements, sanitizeToString from string function for default behavior for custom elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: allow custom elements with allow elements, sanitizeToString from string function for allow custom elements with allow elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: disallow custom elements, sanitizeToString from string function for disallow custom elements]
|
||||
expected: FAIL
|
||||
|
||||
@ -29,12 +26,6 @@
|
||||
[SanitizerAPI config: blockElements list with invalid values, sanitizeToString from string function for blockElements list with invalid values]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: allowElements list ["p"\], sanitizeToString from string function for allowElements list ["p"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: allowElements list ["p", "test"\], sanitizeToString from string function for allowElements list ["p", "test"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: allowElements list has no influence to dropElements, sanitizeToString from string function for allowElements list has no influence to dropElements]
|
||||
expected: FAIL
|
||||
|
||||
@ -44,24 +35,12 @@
|
||||
[SanitizerAPI config: dropAttributes list {"*": ["a"\]} with style attribute, sanitizeToString from string function for dropAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: dropAttributes list {"id": ["*"\]} with id attribute, sanitizeToString from string function for dropAttributes list {"id": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: dropAttributes list {"ID": ["*"\]} with id attribute, sanitizeToString from string function for dropAttributes list {"ID": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access, sanitizeToString from string function for dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: allowAttributes list {"id": ["div"\]} with id attribute, sanitizeToString from string function for allowAttributes list {"id": ["div"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: allowAttributes list {"*": ["a"\]} with style attribute, sanitizeToString from string function for allowAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI config: allowAttributes list has no influence to dropAttributes, sanitizeToString from string function for allowAttributes list has no influence to dropAttributes]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: plaintext, sanitizeToString from document function for plaintext]
|
||||
expected: FAIL
|
||||
|
||||
@ -71,9 +50,6 @@
|
||||
[SanitizerAPI with config: default behavior for custom elements, sanitizeToString from document function for default behavior for custom elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allow custom elements with allow elements, sanitizeToString from document function for allow custom elements with allow elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: disallow custom elements, sanitizeToString from document function for disallow custom elements]
|
||||
expected: FAIL
|
||||
|
||||
@ -95,12 +71,6 @@
|
||||
[SanitizerAPI with config: blockElements list with invalid values, sanitizeToString from document function for blockElements list with invalid values]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p"\], sanitizeToString from document function for allowElements list ["p"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p", "test"\], sanitizeToString from document function for allowElements list ["p", "test"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list has no influence to dropElements, sanitizeToString from document function for allowElements list has no influence to dropElements]
|
||||
expected: FAIL
|
||||
|
||||
@ -110,24 +80,12 @@
|
||||
[SanitizerAPI with config: dropAttributes list {"*": ["a"\]} with style attribute, sanitizeToString from document function for dropAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"id": ["*"\]} with id attribute, sanitizeToString from document function for dropAttributes list {"id": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"ID": ["*"\]} with id attribute, sanitizeToString from document function for dropAttributes list {"ID": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access, sanitizeToString from document function for dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"id": ["div"\]} with id attribute, sanitizeToString from document function for allowAttributes list {"id": ["div"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"*": ["a"\]} with style attribute, sanitizeToString from document function for allowAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitizeToString from document function for allowAttributes list has no influence to dropAttributes]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: plaintext, sanitizeToString from document fragment function for plaintext]
|
||||
expected: FAIL
|
||||
|
||||
@ -137,9 +95,6 @@
|
||||
[SanitizerAPI with config: default behavior for custom elements, sanitizeToString from document fragment function for default behavior for custom elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allow custom elements with allow elements, sanitizeToString from document fragment function for allow custom elements with allow elements]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: disallow custom elements, sanitizeToString from document fragment function for disallow custom elements]
|
||||
expected: FAIL
|
||||
|
||||
@ -161,12 +116,6 @@
|
||||
[SanitizerAPI with config: blockElements list with invalid values, sanitizeToString from document fragment function for blockElements list with invalid values]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p"\], sanitizeToString from document fragment function for allowElements list ["p"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list ["p", "test"\], sanitizeToString from document fragment function for allowElements list ["p", "test"\]]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowElements list has no influence to dropElements, sanitizeToString from document fragment function for allowElements list has no influence to dropElements]
|
||||
expected: FAIL
|
||||
|
||||
@ -176,21 +125,18 @@
|
||||
[SanitizerAPI with config: dropAttributes list {"*": ["a"\]} with style attribute, sanitizeToString from document fragment function for dropAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"id": ["*"\]} with id attribute, sanitizeToString from document fragment function for dropAttributes list {"id": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"ID": ["*"\]} with id attribute, sanitizeToString from document fragment function for dropAttributes list {"ID": ["*"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access, sanitizeToString from document fragment function for dropAttributes list {"data-attribute-with-dashes": ["*"\]} with dom dataset js access]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"id": ["div"\]} with id attribute, sanitizeToString from document fragment function for allowAttributes list {"id": ["div"\]} with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list {"*": ["a"\]} with style attribute, sanitizeToString from document fragment function for allowAttributes list {"*": ["a"\]} with style attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitizeToString from document fragment function for allowAttributes list has no influence to dropAttributes]
|
||||
[SanitizerAPI config: empty dropAttributes list with id attribute, sanitizeToString from string function for empty dropAttributes list with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: empty dropAttributes list with id attribute, sanitizeToString from document function for empty dropAttributes list with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
[SanitizerAPI with config: empty dropAttributes list with id attribute, sanitizeToString from document fragment function for empty dropAttributes list with id attribute]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user