summaryrefslogtreecommitdiffstats
path: root/third_party/WebKit/LayoutTests/fast/innerHTML/innerHTML-special-elements.html
blob: a359be4b2c37d5164b1bb6447c287f508a1e4104 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

<html>
<head>
<link rel="stylesheet" href="../js/resources/js-test-style.css">
<script src="../js/resources/js-test-pre.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>
<div id="hidden"  style="visibility: hidden">
<script id="script">/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;"'&<> */</script>
<style id="style">/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;"'&<> */</style>
<textarea id="textarea">/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;"'&<> */</textarea>
<xmp id="xmp">/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;"'&<> */</xmp>
</div>
<script>
description("Tests that accessing the innerHTML property of a text node encodes harmful entities which can result in cross site scripting.");

var tests = [ ['innerHTML("script")'  , '"/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;\\"\'&<> */"'],
              ['innerHTML("style")'   , '"/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;\\"\'&<> */"'],
              ['innerHTML("textarea")', '"/*\\"\'&amp;&lt;&gt;&nbsp;\\"\'&amp;&lt;&gt;&nbsp;\\"\'&amp;&lt;&gt; */"'],
              ['innerHTML("xmp")'     , '"/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;\\"\'&<> */"'],
              ['outerHTML("script")'  , '"<script id=\\"script\\">/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;\\"\'&<> */<\/script>"'],
              ['outerHTML("style")'   , '"<style id=\\"style\\">/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;\\"\'&<> */<\/style>"'],
              ['outerHTML("textarea")', '"<textarea id=\\"textarea\\">/*\\"\'&amp;&lt;&gt;&nbsp;\\"\'&amp;&lt;&gt;&nbsp;\\"\'&amp;&lt;&gt; */<\/textarea>"'],
              ['outerHTML("xmp")'     , '"<xmp id=\\"xmp\\">/*&quot;&apos;&amp;&lt;&gt;&nbsp;&#34;&#39;&#38;&#60;&#62;&#160;\\"\'&<> */<\/xmp>"'],
            ];

function innerHTML(textnode) {
    return document.getElementById(textnode).innerHTML;
}

function outerHTML(textnode) {
    return document.getElementById(textnode).outerHTML;
}

for (var i in tests) {
    shouldBe(tests[i][0], tests[i][1]);
}

successfullyParsed = true;

</script>
<script src="../js/resources/js-test-post.js"></script>
</body>
</html>
generated by cgit v1.1 at 2025-12-01 11:25:25 +0000