68 lines
2.0 KiB
HTML
68 lines
2.0 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<body>
|
|
<script src="../../resources/js-test.js"></script>
|
|
<div id="editor" contenteditable></div>
|
|
<script>
|
|
|
|
description('This tests inserting content with an event handler. WebKit should never execute event handlers.');
|
|
|
|
editor.focus();
|
|
|
|
function insertHTML(markup) {
|
|
editor.textContent = '';
|
|
editor.focus();
|
|
document.execCommand('insertHTML', false, markup);
|
|
}
|
|
|
|
let didExecute = false;
|
|
debug('');
|
|
debug('Inserting with load event handler');
|
|
editor.addEventListener('beforeinput', () => {
|
|
shouldBeTrue(`event.dataTransfer.getData('text/html').includes('onload="')`);
|
|
shouldBeTrue(`event.dataTransfer.getData('text/html').includes('onmouseover="')`);
|
|
}, {once: true});
|
|
insertHTML('<iframe onload="didExecute = true" onmouseover="alert(\'FAIL\')"></iframe>');
|
|
shouldBeFalse('didExecute');
|
|
|
|
didExecute = false;
|
|
debug('');
|
|
debug('Inserting with script element');
|
|
editor.addEventListener('beforeinput', () => {
|
|
shouldBeTrue(`event.dataTransfer.getData('text/html').includes('script')`);
|
|
}, {once: true});
|
|
insertHTML(`<iframe src="data:text/html,<!DOCTYPE html><b>hi</b><script>alert("FAIL")</scr` + 'ipt>"></iframe>');
|
|
shouldBeFalse('didExecute');
|
|
|
|
didExecute = false;
|
|
debug('');
|
|
debug('Inserting iframe with a name into plaintext-only');
|
|
editor.setAttribute('contenteditable', 'plaintext-only');
|
|
|
|
let i = 0;
|
|
function insertObjectElement() {
|
|
const object = document.createElement('object');
|
|
object.data = 'about:blank';
|
|
object.onload = () => {
|
|
try {
|
|
if (window.open('about:blank', 'named-frame').frameElement.parentNode)
|
|
didExecute = true;
|
|
} catch (e) { }
|
|
if (!didExecute && i++ < 10)
|
|
insertObjectElement();
|
|
}
|
|
document.body.appendChild(object);
|
|
}
|
|
insertObjectElement();
|
|
editor.focus();
|
|
editor.addEventListener('beforeinput', () => {
|
|
shouldBeTrue(`event.dataTransfer.getData("text/html").includes("iframe name=")`);
|
|
}, {once: true});
|
|
insertHTML(`<iframe name='named-frame'></iframe>`);
|
|
shouldBeFalse('didExecute');
|
|
didExecute = true;
|
|
|
|
</script>
|
|
</body>
|
|
</html>
|