41 lines
2.1 KiB
HTML
41 lines
2.1 KiB
HTML
<html>
|
|
<head>
|
|
<script src="../../resources/js-test-pre.js"></script>
|
|
</head>
|
|
<body>
|
|
<div id="hidden" style="visibility: hidden">
|
|
<script id="script">/*"'&<> "'&<> "'&<> */</script>
|
|
<style id="style">/*"'&<> "'&<> "'&<> */</style>
|
|
<textarea id="textarea">/*"'&<> "'&<> "'&<> */</textarea>
|
|
<xmp id="xmp">/*"'&<> "'&<> "'&<> */</xmp>
|
|
</div>
|
|
<script>
|
|
description("Tests that accessing the innerHTML property of a text node encodes harmful entities which can result in cross site scripting.");
|
|
|
|
var tests = [ ['innerHTML("script")' , '"/*"'&<> "'&<> \\"\'&<> */"'],
|
|
['innerHTML("style")' , '"/*"'&<> "'&<> \\"\'&<> */"'],
|
|
['innerHTML("textarea")', '"/*\\"\'&<> \\"\'&<> \\"\'&<> */"'],
|
|
['innerHTML("xmp")' , '"/*"'&<> "'&<> \\"\'&<> */"'],
|
|
['outerHTML("script")' , '"<script id=\\"script\\">/*"'&<> "'&<> \\"\'&<> */<\/script>"'],
|
|
['outerHTML("style")' , '"<style id=\\"style\\">/*"'&<> "'&<> \\"\'&<> */<\/style>"'],
|
|
['outerHTML("textarea")', '"<textarea id=\\"textarea\\">/*\\"\'&<> \\"\'&<> \\"\'&<> */<\/textarea>"'],
|
|
['outerHTML("xmp")' , '"<xmp id=\\"xmp\\">/*"'&<> "'&<> \\"\'&<> */<\/xmp>"'],
|
|
];
|
|
|
|
function innerHTML(textnode) {
|
|
return document.getElementById(textnode).innerHTML;
|
|
}
|
|
|
|
function outerHTML(textnode) {
|
|
return document.getElementById(textnode).outerHTML;
|
|
}
|
|
|
|
for (var i in tests) {
|
|
shouldBe(tests[i][0], tests[i][1]);
|
|
}
|
|
|
|
</script>
|
|
<script src="../../resources/js-test-post.js"></script>
|
|
</body>
|
|
</html>
|