[ { "config": null, "input": [], "inputType": "literal", "output": null, "exceptionType": "TypeError", "message": "Sanitizer.sanitize() should throw an error." }, { "config": null, "input": [ null ], "inputType": "literal", "output": null, "exceptionType": "TypeError", "message": "Sanitizer.sanitize(null)." }, { "config": null, "input": [ "hello" ], "inputType": "document-fragment", "output": "hello", "message": "Sanitizer.sanitze(DocumentFragment)" }, { "config": null, "input": [ "hello" ], "inputType": "document", "output": "hello", "message": "Sanitizer.sanitze(Document)" }, { "config": {}, "input": [ "test" ], "inputType": "document", "output": "test", "message": "SanitizerAPI with config: string, sanitize from document function for " }, { "config": {}, "input": [ "bla" ], "inputType": "document", "output": "bla", "message": "SanitizerAPI with config: html fragment, sanitize from document function for " }, { "config": {}, "input": [ "" }, { "config": {}, "input": [ "[object Object]" ], "inputType": "document", "output": "[object Object]", "message": "SanitizerAPI with config: empty object, sanitize from document function for " }, { "config": {}, "input": [ "1" ], "inputType": "document", "output": "1", "message": "SanitizerAPI with config: number, sanitize from document function for " }, { "config": {}, "input": [ "0" ], "inputType": "document", "output": "0", "message": "SanitizerAPI with config: zeros, sanitize from document function for " }, { "config": {}, "input": [ "3" ], "inputType": "document", "output": "3", "message": "SanitizerAPI with config: arithmetic, sanitize from document function for " }, { "config": {}, "input": [ "" ], "inputType": "document", "output": "", "message": "SanitizerAPI with config: empty string, sanitize from document function for " }, { "config": {}, "input": [ "undefined" ], "inputType": "document", "output": "undefined", "message": "SanitizerAPI with config: undefined, sanitize from document function for " }, { "config": {}, "input": [ "test" ], "inputType": "document", "output": "test", "message": "SanitizerAPI with config: document, sanitize from document function for " }, { "config": {}, "input": [ "
test" ], "inputType": "document", "output": "
test
", "message": "SanitizerAPI with config: html without close tag, sanitize from document function for " }, { "config": {}, "input": [ "" ], "inputType": "document", "output": "", "message": "SanitizerAPI with config: scripts for default configs, sanitize from document function for " }, { "config": {}, "input": [ "hello" ], "inputType": "document", "output": "hello", "message": "SanitizerAPI with config: script not as root, sanitize from document function for " }, { "config": {}, "input": [ "
hello" ], "inputType": "document", "output": "
hello
", "message": "SanitizerAPI with config: script deeper in the tree, sanitize from document function for " }, { "config": {}, "input": [ "

Click.

" ], "inputType": "document", "output": "

Click.

", "message": "SanitizerAPI with config: onclick scripts, sanitize from document function for " }, { "config": {}, "input": [ "<p>text</p>" ], "inputType": "document", "output": "&lt;p&gt;text&lt;/p&gt;", "message": "SanitizerAPI with config: plaintext, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><xmp>TEXT</xmp>" ], "inputType": "document", "output": "TEXT", "message": "SanitizerAPI with config: xmp, sanitize from document function for <body>" }, { "config": { "test": 123 }, "input": [ "<!DOCTYPE html><body>test" ], "inputType": "document", "output": "test", "message": "SanitizerAPI with config: invalid config_input, sanitize from document function for <body>" }, { "config": { "dropElements": [] }, "input": [ "<!DOCTYPE html><body>test" ], "inputType": "document", "output": "test", "message": "SanitizerAPI with config: empty dropElements list, sanitize from document function for <body>" }, { "config": { "dropElements": [ "div" ] }, "input": [ "<!DOCTYPE html><body><div>test</div><p>bla" ], "inputType": "document", "output": "<p>bla</p>", "message": "SanitizerAPI with config: test html without close tag with dropElements list ['div'], sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><custom-element>test</custom-element>bla" ], "inputType": "document", "output": "bla", "message": "SanitizerAPI with config: default behavior for custom elements, sanitize from document function for <body>" }, { "config": { "allowCustomElements": true }, "input": [ "<!DOCTYPE html><body><custom-element>test</custom-element>bla" ], "inputType": "document", "output": "testbla", "message": "SanitizerAPI with config: allow custom elements, sanitize from document function for <body>" }, { "config": { "allowCustomElements": true, "allowElements": [ "custom-element" ] }, "input": [ "<!DOCTYPE html><body><custom-element>test</custom-element>bla" ], "inputType": "document", "output": "<custom-element>test</custom-element>bla", "message": "SanitizerAPI with config: allow custom elements with allow elements, sanitize from document function for <body>" }, { "config": { "allowCustomElements": false }, "input": [ "<!DOCTYPE html><body><custom-element>test</custom-element>bla" ], "inputType": "document", "output": "bla", "message": "SanitizerAPI with config: disallow custom elements, sanitize from document function for <body>" }, { "config": { "dropElements": [ "custom-element" ], "allowCustomElements": true }, "input": [ "<!DOCTYPE html><body><custom-element>test</custom-element>bla" ], "inputType": "document", "output": "bla", "message": "SanitizerAPI with config: allow custom elements with drop list contains [\"custom-element\"], sanitize from document function for <body>" }, { "config": { "dropElements": [ "script" ] }, "input": [ "<!DOCTYPE html><body><script>alert('i am a test')</script>" ], "inputType": "document", "output": "", "message": "SanitizerAPI with config: test script with [\"script\"] as dropElements list, sanitize from document function for <body>" }, { "config": { "dropElements": [ "test-element", "i" ] }, "input": [ "<!DOCTYPE html><body><div>balabala<i>test</i></div><test-element>t</test-element>" ], "inputType": "document", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements list [\"test-element\", \"i\"]}, sanitize from document function for <body>" }, { "config": { "dropElements": [ "dl", "p" ] }, "input": [ "<!DOCTYPE html><body><div>balabala<i>i</i><p>t</p></div>" ], "inputType": "document", "output": "<div>balabala<i>i</i></div>", "message": "SanitizerAPI with config: dropElements list [\"dl\", \"p\"]}, sanitize from document function for <body>" }, { "config": { "allowElements": [ "p" ] }, "input": [ "<!DOCTYPE html><body><div>test<div>p</div>tt<p>div</p></div>" ], "inputType": "document", "output": "testptt<p>div</p>", "message": "SanitizerAPI with config: allowElements list [\"p\"], sanitize from document function for <body>" }, { "config": { "dropElements": [ "div" ], "allowElements": [ "div" ] }, "input": [ "<!DOCTYPE html><body><div>test</div><p>bla" ], "inputType": "document", "output": "bla", "message": "SanitizerAPI with config: allowElements list has no influence to dropElements, sanitize from document function for <body>" }, { "config": { "dropAttributes": [ { "name": "style", "elements": [ "p" ] } ] }, "input": [ "<!DOCTYPE html><body><p style='color: black'>Click.</p><div style='color: white'>div</div>" ], "inputType": "document", "output": "<p>Click.</p><div style=\"color: white\">div</div>", "message": "SanitizerAPI with config: dropAttributes list {\"style\": [\"p\"]} with style attribute, sanitize from document function for <body>" }, { "config": { "dropAttributes": [] }, "input": [ "<!DOCTYPE html><body><p id='test'>Click.</p>" ], "inputType": "document", "output": "<p id=\"test\">Click.</p>", "message": "SanitizerAPI with config: empty dropAttributes list with id attribute, sanitize from document function for <body>" }, { "config": { "dropAttributes": [ { "name": "id", "elements": "*" } ] }, "input": [ "<!DOCTYPE html><body><p id='test'>Click.</p>" ], "inputType": "document", "output": "<p>Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with id attribute, sanitize from document function for <body>" }, { "config": { "dropAttributes": [ { "name": "data-attribute-with-dashes", "elements": "*" } ] }, "input": [ "<!DOCTYPE html><body><p id='p' data-attribute-with-dashes='123'>Click.</p><script>document.getElementById('p').dataset.attributeWithDashes=123;</script>" ], "inputType": "document", "output": "<p id=\"p\">Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"data-attribute-with-dashes\": [\"*\"]} with dom dataset js access, sanitize from document function for <body>" }, { "config": { "allowAttributes": [ { "name": "id", "elements": [ "div" ] } ] }, "input": [ "<!DOCTYPE html><body><p id='p'>P</p><div id='div'>DIV</div>" ], "inputType": "document", "output": "<p>P</p><div id=\"div\">DIV</div>", "message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"div\"]} with id attribute, sanitize from document function for <body>" }, { "config": { "allowAttributes": [ { "name": "id", "elements": "*" } ] }, "input": [ "<!DOCTYPE html><body><p id='test' onclick='a= 123'>Click.</p>" ], "inputType": "document", "output": "<p id=\"test\">Click.</p>", "message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"*\"]} with id attribute and onclick scripts, sanitize from document function for <body>" }, { "config": { "dropAttributes": [ { "name": "style", "elements": "*" } ], "allowAttributes": [ { "name": "style", "elements": "*" } ] }, "input": [ "<!DOCTYPE html><body><p style='color: black'>Click.</p>" ], "inputType": "document", "output": "<p>Click.</p>", "message": "SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitize from document function for <body>" }, { "config": { "allowElements": [ "template", "div" ] }, "input": [ "<!DOCTYPE html><body><template><script>test</script><div>hello</div></template>" ], "inputType": "document", "output": "<template><div>hello</div></template>", "message": "SanitizerAPI with config: Template element, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><a href='javascript:evil.com'>Click.</a>" ], "inputType": "document", "output": "<a>Click.</a>", "message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><a href=' javascript:evil.com'>Click.</a>" ], "inputType": "document", "output": "<a>Click.</a>", "message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal start with space, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><a href='http:evil.com'>Click.</a>" ], "inputType": "document", "output": "<a href=\"http:evil.com\">Click.</a>", "message": "SanitizerAPI with config: HTMLAnchorElement, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><area href='javascript:evil.com'>Click.</area>" ], "inputType": "document", "output": "<area>Click.", "message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><area href=' javascript:evil.com'>Click.</area>" ], "inputType": "document", "output": "<area>Click.", "message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal start with space, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><area href='http:evil.com'>Click.</area>" ], "inputType": "document", "output": "<area href=\"http:evil.com\">Click.", "message": "SanitizerAPI with config: HTMLAreaElement, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><form action='javascript:evil.com'>Click.</form>" ], "inputType": "document", "output": "<form>Click.</form>", "message": "SanitizerAPI with config: HTMLFormElement with javascript action, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><form action=' javascript:evil.com'>Click.</form>" ], "inputType": "document", "output": "<form>Click.</form>", "message": "SanitizerAPI with config: HTMLFormElement with javascript action start with space, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><form action='http:evil.com'>Click.</form>" ], "inputType": "document", "output": "<form action=\"http:evil.com\">Click.</form>", "message": "SanitizerAPI with config: HTMLFormElement, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><input formaction='javascript:evil.com'>Click.</input>" ], "inputType": "document", "output": "<input>Click.", "message": "SanitizerAPI with config: HTMLInputElement with javascript formaction, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><input formaction=' javascript:evil.com'>Click.</input>" ], "inputType": "document", "output": "<input>Click.", "message": "SanitizerAPI with config: HTMLInputElement with javascript formaction start with space, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><input formaction='http:evil.com'>Click.</input>" ], "inputType": "document", "output": "<input formaction=\"http:evil.com\">Click.", "message": "SanitizerAPI with config: HTMLInputElement, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><button formaction='javascript:evil.com'>Click.</button>" ], "inputType": "document", "output": "<button>Click.</button>", "message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><button formaction=' javascript:evil.com'>Click.</button>" ], "inputType": "document", "output": "<button>Click.</button>", "message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction start with space, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><button formaction='http:evil.com'>Click.</button>" ], "inputType": "document", "output": "<button formaction=\"http:evil.com\">Click.</button>", "message": "SanitizerAPI with config: HTMLButtonElement, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><p>Some text</p></body><!-- 1 --></html><!-- 2 --><p>Some more text</p>" ], "inputType": "document", "output": "<p>Some text</p><p>Some more text</p>", "message": "SanitizerAPI with config: malformed HTML, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>" ], "inputType": "document", "output": "<p>Some text</p><p>Some more text</p>", "message": "SanitizerAPI with config: HTML with comments; comments not allowed, sanitize from document function for <body>" }, { "config": { "allowComments": true }, "input": [ "<!DOCTYPE html><body><p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>" ], "inputType": "document", "output": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", "message": "SanitizerAPI with config: HTML with comments; allowComments, sanitize from document function for <body>" }, { "config": { "allowComments": false }, "input": [ "<!DOCTYPE html><body><p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>" ], "inputType": "document", "output": "<p>Some text</p><p>Some more text</p>", "message": "SanitizerAPI with config: HTML with comments; !allowComments, sanitize from document function for <body>" }, { "config": {}, "input": [ "<!DOCTYPE html><body><p>comment<!-- hello -->in<!-- </p> -->text</p>" ], "inputType": "document", "output": "<p>commentintext</p>", "message": "SanitizerAPI with config: HTML with comments deeper in the tree, sanitize from document function for <body>" }, { "config": { "allowComments": true }, "input": [ "<!DOCTYPE html><body><p>comment<!-- hello -->in<!-- </p> -->text</p>" ], "inputType": "document", "output": "<p>comment<!-- hello -->in<!-- </p> -->text</p>", "message": "SanitizerAPI with config: HTML with comments deeper in the tree, allowComments, sanitize from document function for <body>" }, { "config": { "allowComments": false }, "input": [ "<!DOCTYPE html><body><p>comment<!-- hello -->in<!-- </p> -->text</p>" ], "inputType": "document", "output": "<p>commentintext</p>", "message": "SanitizerAPI with config: HTML with comments deeper in the tree, !allowComments, sanitize from document function for <body>" }, { "config": { "allowElements": [ "svg" ] }, "input": [ "<!DOCTYPE html><body><svg></svg>" ], "inputType": "document", "output": "", "message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces., sanitize from document function for <body>" }, { "config": { "allowElements": [ "div", "svg" ] }, "input": [ "<!DOCTYPE html><body><div><svg></svg></div>" ], "inputType": "document", "output": "<div></div>", "message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces when nested., sanitize from document function for <body>" }, { "config": { "dropElements": [ "I", "DL" ] }, "input": [ "<!DOCTYPE html><body><div>balabala<dl>test</dl></div>" ], "inputType": "document", "output": "<div>balabala<dl>test</dl></div>", "message": "SanitizerAPI with config: dropElements list [\"I\", \"DL\"]}, sanitize from document function for <body>" }, { "config": { "dropElements": [ "i", "dl" ] }, "input": [ "<!DOCTYPE html><body><div>balabala<dl>test</dl></div>" ], "inputType": "document", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]}, sanitize from document function for <body>" }, { "config": { "dropElements": [ "i", "dl" ] }, "input": [ "<!DOCTYPE html><body><DIV>balabala<DL>test</DL></DIV>" ], "inputType": "document", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]} with uppercase HTML, sanitize from document function for <body>" }, { "config": { "dropAttributes": [ { "name": "ID", "elements": "*" } ] }, "input": [ "<!DOCTYPE html><body><p id=\"test\">Click.</p>" ], "inputType": "document", "output": "<p id=\"test\">Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with id attribute, sanitize from document function for <body>" }, { "config": { "dropAttributes": [ { "name": "ID", "elements": "*" } ] }, "input": [ "<!DOCTYPE html><body><p ID=\"test\">Click.</p>" ], "inputType": "document", "output": "<p id=\"test\">Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with ID attribute, sanitize from document function for <body>" }, { "config": { "dropAttributes": [ { "name": "id", "elements": "*" } ] }, "input": [ "<!DOCTYPE html><body><p ID=\"test\">Click.</p>" ], "inputType": "document", "output": "<p>Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with ID attribute, sanitize from document function for <body>" }, { "config": { "dropElements": [ 123, "test", "i", "custom-element" ] }, "input": [ "<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>" ], "inputType": "document", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements with unknown elements and without allowUnknownMarkup, sanitize from document function for <body>" }, { "config": { "blockElements": [ 123, "test", "i", "custom-element" ] }, "input": [ "<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>" ], "inputType": "document", "output": "<div>balabalatest</div>", "message": "SanitizerAPI with config: blockElements with unknown elements and without allowUnknownMarkup, sanitize from document function for <body>" }, { "config": { "allowElements": [ "p", "test" ] }, "input": [ "<!DOCTYPE html><body><div>test<div>p</div>tt<p>div</p></div><test>test</test>" ], "inputType": "document", "output": "testptt<p>div</p>", "message": "SanitizerAPI with config: allowElements with unknown elements and without allowUnknownMarkup, sanitize from document function for <body>" }, { "config": { "dropElements": [ 123, "test", "i", "custom-element" ], "allowUnknownMarkup": true }, "input": [ "<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>" ], "inputType": "document", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements with unknown elements and with allowUnknownMarkup, sanitize from document function for <body>" }, { "config": { "blockElements": [ 123, "test", "i", "custom-element" ], "allowUnknownMarkup": true }, "input": [ "<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>" ], "inputType": "document", "output": "<div>balabalatest</div>t", "message": "SanitizerAPI with config: blockElements with unknown elements and with allowUnknownMarkup, sanitize from document function for <body>" }, { "config": { "allowElements": [ "p", "test" ], "allowUnknownMarkup": true }, "input": [ "<!DOCTYPE html><body><div>test<div>p</div>tt<p>div</p><test>test</test></div>" ], "inputType": "document", "output": "testptt<p>div</p><test>test</test>", "message": "SanitizerAPI with config: allowElements with unknown elements and with allowUnknownMarkup, sanitize from document function for <body>" }, { "config": { "allowAttributes": [ { "name": "hello", "elements": "*" }, { "name": "world", "elements": [ "b" ] } ] }, "input": [ "<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>" ], "inputType": "document", "output": "<div><b></b></div>", "message": "SanitizerAPI with config: allowAttributes unknown attributes and without allowUnknownMarkup, sanitize from document function for <body>" }, { "config": { "allowAttributes": [ { "name": "hello", "elements": "*" }, { "name": "world", "elements": [ "b" ] } ], "allowUnknownMarkup": true }, "input": [ "<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>" ], "inputType": "document", "output": "<div hello=\"1\"><b hello=\"3\" world=\"4\"></b></div>", "message": "SanitizerAPI with config: allowAttributes unknown attributes and with allowUnknownMarkup, sanitize from document function for <body>" }, { "config": { "dropAttributes": [ { "name": "hello", "elements": "*" }, { "name": "world", "elements": [ "b" ] } ] }, "input": [ "<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>" ], "inputType": "document", "output": "<div><b></b></div>", "message": "SanitizerAPI with config: dropAttributes unknown attributes and without allowUnknownMarkup, sanitize from document function for <body>" }, { "config": { "dropAttributes": [ { "name": "hello", "elements": "*" }, { "name": "world", "elements": [ "b" ] } ], "allowUnknownMarkup": true }, "input": [ "<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>" ], "inputType": "document", "output": "<div><b></b></div>", "message": "SanitizerAPI with config: dropAttributes unknown attributes and with allowUnknownMarkup, sanitize from document function for <body>" }, { "config": {}, "input": "test", "inputType": "template-content", "output": "test", "message": "SanitizerAPI with config: string, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<b>bla</b>", "inputType": "template-content", "output": "<b>bla</b>", "message": "SanitizerAPI with config: html fragment, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<a<embla", "inputType": "template-content", "output": "", "message": "SanitizerAPI with config: broken html, sanitize from document fragment function for <template>" }, { "config": {}, "input": {}, "inputType": "template-content", "output": "[object Object]", "message": "SanitizerAPI with config: empty object, sanitize from document fragment function for <template>" }, { "config": {}, "input": 1, "inputType": "template-content", "output": "1", "message": "SanitizerAPI with config: number, sanitize from document fragment function for <template>" }, { "config": {}, "input": 0, "inputType": "template-content", "output": "0", "message": "SanitizerAPI with config: zeros, sanitize from document fragment function for <template>" }, { "config": {}, "input": 3, "inputType": "template-content", "output": "3", "message": "SanitizerAPI with config: arithmetic, sanitize from document fragment function for <template>" }, { "config": {}, "input": "", "inputType": "template-content", "output": "", "message": "SanitizerAPI with config: empty string, sanitize from document fragment function for <template>" }, { "config": {}, "inputType": "template-content", "output": "undefined", "message": "SanitizerAPI with config: undefined, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<html><head></head><body>test</body></html>", "inputType": "template-content", "output": "test", "message": "SanitizerAPI with config: document, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<div>test", "inputType": "template-content", "output": "<div>test</div>", "message": "SanitizerAPI with config: html without close tag, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<script>alert('i am a test')</script>", "inputType": "template-content", "output": "", "message": "SanitizerAPI with config: scripts for default configs, sanitize from document fragment function for <template>" }, { "config": {}, "input": "hello<script>alert('i am a test')</script>", "inputType": "template-content", "output": "hello", "message": "SanitizerAPI with config: script not as root, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<div><b>hello<script>alert('i am a test')</script>", "inputType": "template-content", "output": "<div><b>hello</b></div>", "message": "SanitizerAPI with config: script deeper in the tree, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<p onclick='a= 123'>Click.</p>", "inputType": "template-content", "output": "<p>Click.</p>", "message": "SanitizerAPI with config: onclick scripts, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<plaintext><p>text</p>", "inputType": "template-content", "output": "&lt;p&gt;text&lt;/p&gt;", "message": "SanitizerAPI with config: plaintext, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<xmp>TEXT</xmp>", "inputType": "template-content", "output": "TEXT", "message": "SanitizerAPI with config: xmp, sanitize from document fragment function for <template>" }, { "config": { "test": 123 }, "input": "test", "inputType": "template-content", "output": "test", "message": "SanitizerAPI with config: invalid config_input, sanitize from document fragment function for <template>" }, { "config": { "dropElements": [] }, "input": "test", "inputType": "template-content", "output": "test", "message": "SanitizerAPI with config: empty dropElements list, sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ "div" ] }, "input": "<div>test</div><p>bla", "inputType": "template-content", "output": "<p>bla</p>", "message": "SanitizerAPI with config: test html without close tag with dropElements list ['div'], sanitize from document fragment function for <template>" }, { "config": {}, "input": "<custom-element>test</custom-element>bla", "inputType": "template-content", "output": "bla", "message": "SanitizerAPI with config: default behavior for custom elements, sanitize from document fragment function for <template>" }, { "config": { "allowCustomElements": true }, "input": "<custom-element>test</custom-element>bla", "inputType": "template-content", "output": "testbla", "message": "SanitizerAPI with config: allow custom elements, sanitize from document fragment function for <template>" }, { "config": { "allowCustomElements": true, "allowElements": [ "custom-element" ] }, "input": "<custom-element>test</custom-element>bla", "inputType": "template-content", "output": "<custom-element>test</custom-element>bla", "message": "SanitizerAPI with config: allow custom elements with allow elements, sanitize from document fragment function for <template>" }, { "config": { "allowCustomElements": false }, "input": "<custom-element>test</custom-element>bla", "inputType": "template-content", "output": "bla", "message": "SanitizerAPI with config: disallow custom elements, sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ "custom-element" ], "allowCustomElements": true }, "input": "<custom-element>test</custom-element>bla", "inputType": "template-content", "output": "bla", "message": "SanitizerAPI with config: allow custom elements with drop list contains [\"custom-element\"], sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ "script" ] }, "input": "<script>alert('i am a test')</script>", "inputType": "template-content", "output": "", "message": "SanitizerAPI with config: test script with [\"script\"] as dropElements list, sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ "test-element", "i" ] }, "input": "<div>balabala<i>test</i></div><test-element>t</test-element>", "inputType": "template-content", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements list [\"test-element\", \"i\"]}, sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ "dl", "p" ] }, "input": "<div>balabala<i>i</i><p>t</p></div>", "inputType": "template-content", "output": "<div>balabala<i>i</i></div>", "message": "SanitizerAPI with config: dropElements list [\"dl\", \"p\"]}, sanitize from document fragment function for <template>" }, { "config": { "allowElements": [ "p" ] }, "input": "<div>test<div>p</div>tt<p>div</p></div>", "inputType": "template-content", "output": "testptt<p>div</p>", "message": "SanitizerAPI with config: allowElements list [\"p\"], sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ "div" ], "allowElements": [ "div" ] }, "input": "<div>test</div><p>bla", "inputType": "template-content", "output": "bla", "message": "SanitizerAPI with config: allowElements list has no influence to dropElements, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [ { "name": "style", "elements": [ "p" ] } ] }, "input": "<p style='color: black'>Click.</p><div style='color: white'>div</div>", "inputType": "template-content", "output": "<p>Click.</p><div style=\"color: white\">div</div>", "message": "SanitizerAPI with config: dropAttributes list {\"style\": [\"p\"]} with style attribute, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [] }, "input": "<p id='test'>Click.</p>", "inputType": "template-content", "output": "<p id=\"test\">Click.</p>", "message": "SanitizerAPI with config: empty dropAttributes list with id attribute, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [ { "name": "id", "elements": "*" } ] }, "input": "<p id='test'>Click.</p>", "inputType": "template-content", "output": "<p>Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with id attribute, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [ { "name": "data-attribute-with-dashes", "elements": "*" } ] }, "input": "<p id='p' data-attribute-with-dashes='123'>Click.</p><script>document.getElementById('p').dataset.attributeWithDashes=123;</script>", "inputType": "template-content", "output": "<p id=\"p\">Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"data-attribute-with-dashes\": [\"*\"]} with dom dataset js access, sanitize from document fragment function for <template>" }, { "config": { "allowAttributes": [ { "name": "id", "elements": [ "div" ] } ] }, "input": "<p id='p'>P</p><div id='div'>DIV</div>", "inputType": "template-content", "output": "<p>P</p><div id=\"div\">DIV</div>", "message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"div\"]} with id attribute, sanitize from document fragment function for <template>" }, { "config": { "allowAttributes": [ { "name": "id", "elements": "*" } ] }, "input": "<p id='test' onclick='a= 123'>Click.</p>", "inputType": "template-content", "output": "<p id=\"test\">Click.</p>", "message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"*\"]} with id attribute and onclick scripts, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [ { "name": "style", "elements": "*" } ], "allowAttributes": [ { "name": "style", "elements": "*" } ] }, "input": "<p style='color: black'>Click.</p>", "inputType": "template-content", "output": "<p>Click.</p>", "message": "SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitize from document fragment function for <template>" }, { "config": { "allowElements": [ "template", "div" ] }, "input": "<template><script>test</script><div>hello</div></template>", "inputType": "template-content", "output": "<template><div>hello</div></template>", "message": "SanitizerAPI with config: Template element, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<a href='javascript:evil.com'>Click.</a>", "inputType": "template-content", "output": "<a>Click.</a>", "message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<a href=' javascript:evil.com'>Click.</a>", "inputType": "template-content", "output": "<a>Click.</a>", "message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal start with space, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<a href='http:evil.com'>Click.</a>", "inputType": "template-content", "output": "<a href=\"http:evil.com\">Click.</a>", "message": "SanitizerAPI with config: HTMLAnchorElement, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<area href='javascript:evil.com'>Click.</area>", "inputType": "template-content", "output": "<area>Click.", "message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<area href=' javascript:evil.com'>Click.</area>", "inputType": "template-content", "output": "<area>Click.", "message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal start with space, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<area href='http:evil.com'>Click.</area>", "inputType": "template-content", "output": "<area href=\"http:evil.com\">Click.", "message": "SanitizerAPI with config: HTMLAreaElement, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<form action='javascript:evil.com'>Click.</form>", "inputType": "template-content", "output": "<form>Click.</form>", "message": "SanitizerAPI with config: HTMLFormElement with javascript action, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<form action=' javascript:evil.com'>Click.</form>", "inputType": "template-content", "output": "<form>Click.</form>", "message": "SanitizerAPI with config: HTMLFormElement with javascript action start with space, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<form action='http:evil.com'>Click.</form>", "inputType": "template-content", "output": "<form action=\"http:evil.com\">Click.</form>", "message": "SanitizerAPI with config: HTMLFormElement, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<input formaction='javascript:evil.com'>Click.</input>", "inputType": "template-content", "output": "<input>Click.", "message": "SanitizerAPI with config: HTMLInputElement with javascript formaction, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<input formaction=' javascript:evil.com'>Click.</input>", "inputType": "template-content", "output": "<input>Click.", "message": "SanitizerAPI with config: HTMLInputElement with javascript formaction start with space, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<input formaction='http:evil.com'>Click.</input>", "inputType": "template-content", "output": "<input formaction=\"http:evil.com\">Click.", "message": "SanitizerAPI with config: HTMLInputElement, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<button formaction='javascript:evil.com'>Click.</button>", "inputType": "template-content", "output": "<button>Click.</button>", "message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<button formaction=' javascript:evil.com'>Click.</button>", "inputType": "template-content", "output": "<button>Click.</button>", "message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction start with space, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<button formaction='http:evil.com'>Click.</button>", "inputType": "template-content", "output": "<button formaction=\"http:evil.com\">Click.</button>", "message": "SanitizerAPI with config: HTMLButtonElement, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<p>Some text</p></body><!-- 1 --></html><!-- 2 --><p>Some more text</p>", "inputType": "template-content", "output": "<p>Some text</p><p>Some more text</p>", "message": "SanitizerAPI with config: malformed HTML, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", "inputType": "template-content", "output": "<p>Some text</p><p>Some more text</p>", "message": "SanitizerAPI with config: HTML with comments; comments not allowed, sanitize from document fragment function for <template>" }, { "config": { "allowComments": true }, "input": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", "inputType": "template-content", "output": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", "message": "SanitizerAPI with config: HTML with comments; allowComments, sanitize from document fragment function for <template>" }, { "config": { "allowComments": false }, "input": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", "inputType": "template-content", "output": "<p>Some text</p><p>Some more text</p>", "message": "SanitizerAPI with config: HTML with comments; !allowComments, sanitize from document fragment function for <template>" }, { "config": {}, "input": "<p>comment<!-- hello -->in<!-- </p> -->text</p>", "inputType": "template-content", "output": "<p>commentintext</p>", "message": "SanitizerAPI with config: HTML with comments deeper in the tree, sanitize from document fragment function for <template>" }, { "config": { "allowComments": true }, "input": "<p>comment<!-- hello -->in<!-- </p> -->text</p>", "inputType": "template-content", "output": "<p>comment<!-- hello -->in<!-- </p> -->text</p>", "message": "SanitizerAPI with config: HTML with comments deeper in the tree, allowComments, sanitize from document fragment function for <template>" }, { "config": { "allowComments": false }, "input": "<p>comment<!-- hello -->in<!-- </p> -->text</p>", "inputType": "template-content", "output": "<p>commentintext</p>", "message": "SanitizerAPI with config: HTML with comments deeper in the tree, !allowComments, sanitize from document fragment function for <template>" }, { "config": { "allowElements": [ "svg" ] }, "input": "<svg></svg>", "inputType": "template-content", "output": "", "message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces., sanitize from document fragment function for <template>" }, { "config": { "allowElements": [ "div", "svg" ] }, "input": "<div><svg></svg></div>", "inputType": "template-content", "output": "<div></div>", "message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces when nested., sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ "I", "DL" ] }, "input": "<div>balabala<dl>test</dl></div>", "inputType": "template-content", "output": "<div>balabala<dl>test</dl></div>", "message": "SanitizerAPI with config: dropElements list [\"I\", \"DL\"]}, sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ "i", "dl" ] }, "input": "<div>balabala<dl>test</dl></div>", "inputType": "template-content", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]}, sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ "i", "dl" ] }, "input": "<DIV>balabala<DL>test</DL></DIV>", "inputType": "template-content", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]} with uppercase HTML, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [ { "name": "ID", "elements": "*" } ] }, "input": "<p id=\"test\">Click.</p>", "inputType": "template-content", "output": "<p id=\"test\">Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with id attribute, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [ { "name": "ID", "elements": "*" } ] }, "input": "<p ID=\"test\">Click.</p>", "inputType": "template-content", "output": "<p id=\"test\">Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with ID attribute, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [ { "name": "id", "elements": "*" } ] }, "input": "<p ID=\"test\">Click.</p>", "inputType": "template-content", "output": "<p>Click.</p>", "message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with ID attribute, sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ 123, "test", "i", "custom-element" ] }, "input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>", "inputType": "template-content", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements with unknown elements and without allowUnknownMarkup, sanitize from document fragment function for <template>" }, { "config": { "blockElements": [ 123, "test", "i", "custom-element" ] }, "input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>", "inputType": "template-content", "output": "<div>balabalatest</div>", "message": "SanitizerAPI with config: blockElements with unknown elements and without allowUnknownMarkup, sanitize from document fragment function for <template>" }, { "config": { "allowElements": [ "p", "test" ] }, "input": "<div>test<div>p</div>tt<p>div</p></div><test>test</test>", "inputType": "template-content", "output": "testptt<p>div</p>", "message": "SanitizerAPI with config: allowElements with unknown elements and without allowUnknownMarkup, sanitize from document fragment function for <template>" }, { "config": { "dropElements": [ 123, "test", "i", "custom-element" ], "allowUnknownMarkup": true }, "input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>", "inputType": "template-content", "output": "<div>balabala</div>", "message": "SanitizerAPI with config: dropElements with unknown elements and with allowUnknownMarkup, sanitize from document fragment function for <template>" }, { "config": { "blockElements": [ 123, "test", "i", "custom-element" ], "allowUnknownMarkup": true }, "input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>", "inputType": "template-content", "output": "<div>balabalatest</div>t", "message": "SanitizerAPI with config: blockElements with unknown elements and with allowUnknownMarkup, sanitize from document fragment function for <template>" }, { "config": { "allowElements": [ "p", "test" ], "allowUnknownMarkup": true }, "input": "<div>test<div>p</div>tt<p>div</p><test>test</test></div>", "inputType": "template-content", "output": "testptt<p>div</p><test>test</test>", "message": "SanitizerAPI with config: allowElements with unknown elements and with allowUnknownMarkup, sanitize from document fragment function for <template>" }, { "config": { "allowAttributes": [ { "name": "hello", "elements": "*" }, { "name": "world", "elements": [ "b" ] } ] }, "input": "<div hello='1' world='2'><b hello='3' world='4'>", "inputType": "template-content", "output": "<div><b></b></div>", "message": "SanitizerAPI with config: allowAttributes unknown attributes and without allowUnknownMarkup, sanitize from document fragment function for <template>" }, { "config": { "allowAttributes": [ { "name": "hello", "elements": "*" }, { "name": "world", "elements": [ "b" ] } ], "allowUnknownMarkup": true }, "input": "<div hello='1' world='2'><b hello='3' world='4'>", "inputType": "template-content", "output": "<div hello=\"1\"><b hello=\"3\" world=\"4\"></b></div>", "message": "SanitizerAPI with config: allowAttributes unknown attributes and with allowUnknownMarkup, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [ { "name": "hello", "elements": "*" }, { "name": "world", "elements": [ "b" ] } ] }, "input": "<div hello='1' world='2'><b hello='3' world='4'>", "inputType": "template-content", "output": "<div><b></b></div>", "message": "SanitizerAPI with config: dropAttributes unknown attributes and without allowUnknownMarkup, sanitize from document fragment function for <template>" }, { "config": { "dropAttributes": [ { "name": "hello", "elements": "*" }, { "name": "world", "elements": [ "b" ] } ], "allowUnknownMarkup": true }, "input": "<div hello='1' world='2'><b hello='3' world='4'>", "inputType": "template-content", "output": "<div><b></b></div>", "message": "SanitizerAPI with config: dropAttributes unknown attributes and with allowUnknownMarkup, sanitize from document fragment function for <template>" } ]