63 lines
1.8 KiB
HTML
63 lines
1.8 KiB
HTML
<head>
|
|
<script>
|
|
if (window.testRunner)
|
|
testRunner.dumpAsText();
|
|
|
|
function print(message, color)
|
|
{
|
|
var paragraph = document.createElement("div");
|
|
paragraph.appendChild(document.createTextNode(message));
|
|
paragraph.style.fontFamily = "monospace";
|
|
if (color)
|
|
paragraph.style.color = color;
|
|
document.getElementById("console").appendChild(paragraph);
|
|
}
|
|
|
|
function run(a)
|
|
{
|
|
print(a);
|
|
try {
|
|
eval(a);
|
|
} catch(e) {
|
|
print(e);
|
|
}
|
|
}
|
|
|
|
function shouldBe(a, b)
|
|
{
|
|
var evalA;
|
|
try {
|
|
evalA = eval(a);
|
|
} catch(e) {
|
|
evalA = e;
|
|
}
|
|
|
|
if (evalA == b)
|
|
print("PASS: " + a + " should be " + b + " and is.", "green");
|
|
else
|
|
print("FAIL: " + a + " should be " + b + " but instead is " + evalA + ".", "red");
|
|
}
|
|
</script>
|
|
</head>
|
|
<body>
|
|
Test that innerHTML does not mangle javascript: urls.
|
|
<div id=console></div>
|
|
<div id=jsurltest><a href='
|
|
javascript:test(&37;3C!--D--&37;3E)'>link</a></div>
|
|
<script>
|
|
var r = document.getElementById('jsurltest');
|
|
run("r.innerHTML = r.innerHTML.replace(/&37;3C!--D--&37;3E/g, 123)");
|
|
shouldBe("r.innerHTML.indexOf('javascript:test(123)') > -1", true);
|
|
run("r.firstChild.setAttribute('href', 'javascript:test(\"text<\")')");
|
|
shouldBe("r.innerHTML.indexOf('javascript:test(\"text<\")') > -1", true);
|
|
run('r.firstChild.setAttribute("href", "javascript:test(\'text>\')")');
|
|
shouldBe('r.innerHTML.indexOf("javascript:test(\'text>\')") > -1', true);
|
|
testString = 'javascript:test(\'text&\',"test2&")';
|
|
print("testString = " + testString);
|
|
run('r.firstChild.setAttribute("href", testString)');
|
|
shouldBe('r.innerHTML.indexOf("javascript:test(\'text&\',"test2&")") > 1', true);
|
|
|
|
run("r.firstChild.setAttribute('href', 'http://www.google.fi/search?q=scarlett johansson&meta=&btnG=Google-haku')");
|
|
print(r.innerHTML);
|
|
</script>
|