You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1793 lines
55 KiB
1793 lines
55 KiB
[
|
|
{
|
|
"config": null,
|
|
"input": [],
|
|
"inputType": "literal",
|
|
"output": null,
|
|
"exceptionType": "TypeError",
|
|
"message": "Sanitizer.sanitize() should throw an error."
|
|
},
|
|
{
|
|
"config": null,
|
|
"input": [
|
|
null
|
|
],
|
|
"inputType": "literal",
|
|
"output": null,
|
|
"exceptionType": "TypeError",
|
|
"message": "Sanitizer.sanitize(null)."
|
|
},
|
|
{
|
|
"config": null,
|
|
"input": [
|
|
"<a href=\"about:blank\">hello</a><script>console.log(\"world!\");</script>"
|
|
],
|
|
"inputType": "document-fragment",
|
|
"output": "<a href=\"about:blank\">hello</a>",
|
|
"message": "Sanitizer.sanitze(DocumentFragment)"
|
|
},
|
|
{
|
|
"config": null,
|
|
"input": [
|
|
"<a href=\"about:blank\">hello</a><script>console.log(\"world!\");</script>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<a href=\"about:blank\">hello</a>",
|
|
"message": "Sanitizer.sanitze(Document)"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body>test"
|
|
],
|
|
"inputType": "document",
|
|
"output": "test",
|
|
"message": "SanitizerAPI with config: string, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><b>bla</b>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<b>bla</b>",
|
|
"message": "SanitizerAPI with config: html fragment, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><a<embla"
|
|
],
|
|
"inputType": "document",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: broken html, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body>[object Object]"
|
|
],
|
|
"inputType": "document",
|
|
"output": "[object Object]",
|
|
"message": "SanitizerAPI with config: empty object, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body>1"
|
|
],
|
|
"inputType": "document",
|
|
"output": "1",
|
|
"message": "SanitizerAPI with config: number, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body>0"
|
|
],
|
|
"inputType": "document",
|
|
"output": "0",
|
|
"message": "SanitizerAPI with config: zeros, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body>3"
|
|
],
|
|
"inputType": "document",
|
|
"output": "3",
|
|
"message": "SanitizerAPI with config: arithmetic, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: empty string, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body>undefined"
|
|
],
|
|
"inputType": "document",
|
|
"output": "undefined",
|
|
"message": "SanitizerAPI with config: undefined, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><html><head></head><body>test</body></html>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "test",
|
|
"message": "SanitizerAPI with config: document, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>test"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>test</div>",
|
|
"message": "SanitizerAPI with config: html without close tag, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><script>alert('i am a test')</script>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: scripts for default configs, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body>hello<script>alert('i am a test')</script>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "hello",
|
|
"message": "SanitizerAPI with config: script not as root, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div><b>hello<script>alert('i am a test')</script>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div><b>hello</b></div>",
|
|
"message": "SanitizerAPI with config: script deeper in the tree, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p onclick='a= 123'>Click.</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>Click.</p>",
|
|
"message": "SanitizerAPI with config: onclick scripts, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><plaintext><p>text</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>text</p>",
|
|
"message": "SanitizerAPI with config: plaintext, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><xmp>TEXT</xmp>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "TEXT",
|
|
"message": "SanitizerAPI with config: xmp, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"test": 123
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body>test"
|
|
],
|
|
"inputType": "document",
|
|
"output": "test",
|
|
"message": "SanitizerAPI with config: invalid config_input, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": []
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body>test"
|
|
],
|
|
"inputType": "document",
|
|
"output": "test",
|
|
"message": "SanitizerAPI with config: empty dropElements list, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"div"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>test</div><p>bla"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>bla</p>",
|
|
"message": "SanitizerAPI with config: test html without close tag with dropElements list ['div'], sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
|
|
],
|
|
"inputType": "document",
|
|
"output": "bla",
|
|
"message": "SanitizerAPI with config: default behavior for custom elements, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowCustomElements": true
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
|
|
],
|
|
"inputType": "document",
|
|
"output": "testbla",
|
|
"message": "SanitizerAPI with config: allow custom elements, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowCustomElements": true,
|
|
"allowElements": [
|
|
"custom-element"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<custom-element>test</custom-element>bla",
|
|
"message": "SanitizerAPI with config: allow custom elements with allow elements, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowCustomElements": false
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
|
|
],
|
|
"inputType": "document",
|
|
"output": "bla",
|
|
"message": "SanitizerAPI with config: disallow custom elements, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"custom-element"
|
|
],
|
|
"allowCustomElements": true
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
|
|
],
|
|
"inputType": "document",
|
|
"output": "bla",
|
|
"message": "SanitizerAPI with config: allow custom elements with drop list contains [\"custom-element\"], sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"script"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><script>alert('i am a test')</script>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: test script with [\"script\"] as dropElements list, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"test-element",
|
|
"i"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test-element>t</test-element>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"test-element\", \"i\"]}, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"dl",
|
|
"p"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>balabala<i>i</i><p>t</p></div>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>balabala<i>i</i></div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"dl\", \"p\"]}, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"p"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>test<div>p</div>tt<p>div</p></div>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "testptt<p>div</p>",
|
|
"message": "SanitizerAPI with config: allowElements list [\"p\"], sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"div"
|
|
],
|
|
"allowElements": [
|
|
"div"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>test</div><p>bla"
|
|
],
|
|
"inputType": "document",
|
|
"output": "bla",
|
|
"message": "SanitizerAPI with config: allowElements list has no influence to dropElements, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "style",
|
|
"elements": [
|
|
"p"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p style='color: black'>Click.</p><div style='color: white'>div</div>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>Click.</p><div style=\"color: white\">div</div>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"style\": [\"p\"]} with style attribute, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": []
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p id='test'>Click.</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p id=\"test\">Click.</p>",
|
|
"message": "SanitizerAPI with config: empty dropAttributes list with id attribute, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "id",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p id='test'>Click.</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with id attribute, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "data-attribute-with-dashes",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p id='p' data-attribute-with-dashes='123'>Click.</p><script>document.getElementById('p').dataset.attributeWithDashes=123;</script>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p id=\"p\">Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"data-attribute-with-dashes\": [\"*\"]} with dom dataset js access, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowAttributes": [
|
|
{
|
|
"name": "id",
|
|
"elements": [
|
|
"div"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p id='p'>P</p><div id='div'>DIV</div>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>P</p><div id=\"div\">DIV</div>",
|
|
"message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"div\"]} with id attribute, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowAttributes": [
|
|
{
|
|
"name": "id",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p id='test' onclick='a= 123'>Click.</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p id=\"test\">Click.</p>",
|
|
"message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"*\"]} with id attribute and onclick scripts, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "style",
|
|
"elements": "*"
|
|
}
|
|
],
|
|
"allowAttributes": [
|
|
{
|
|
"name": "style",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p style='color: black'>Click.</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>Click.</p>",
|
|
"message": "SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"template",
|
|
"div"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><template><script>test</script><div>hello</div></template>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<template><div>hello</div></template>",
|
|
"message": "SanitizerAPI with config: Template element, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><a href='javascript:evil.com'>Click.</a>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<a>Click.</a>",
|
|
"message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><a href=' javascript:evil.com'>Click.</a>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<a>Click.</a>",
|
|
"message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal start with space, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><a href='http:evil.com'>Click.</a>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<a href=\"http:evil.com\">Click.</a>",
|
|
"message": "SanitizerAPI with config: HTMLAnchorElement, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><area href='javascript:evil.com'>Click.</area>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<area>Click.",
|
|
"message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><area href=' javascript:evil.com'>Click.</area>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<area>Click.",
|
|
"message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal start with space, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><area href='http:evil.com'>Click.</area>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<area href=\"http:evil.com\">Click.",
|
|
"message": "SanitizerAPI with config: HTMLAreaElement, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><form action='javascript:evil.com'>Click.</form>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<form>Click.</form>",
|
|
"message": "SanitizerAPI with config: HTMLFormElement with javascript action, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><form action=' javascript:evil.com'>Click.</form>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<form>Click.</form>",
|
|
"message": "SanitizerAPI with config: HTMLFormElement with javascript action start with space, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><form action='http:evil.com'>Click.</form>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<form action=\"http:evil.com\">Click.</form>",
|
|
"message": "SanitizerAPI with config: HTMLFormElement, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><input formaction='javascript:evil.com'>Click.</input>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<input>Click.",
|
|
"message": "SanitizerAPI with config: HTMLInputElement with javascript formaction, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><input formaction=' javascript:evil.com'>Click.</input>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<input>Click.",
|
|
"message": "SanitizerAPI with config: HTMLInputElement with javascript formaction start with space, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><input formaction='http:evil.com'>Click.</input>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<input formaction=\"http:evil.com\">Click.",
|
|
"message": "SanitizerAPI with config: HTMLInputElement, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><button formaction='javascript:evil.com'>Click.</button>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<button>Click.</button>",
|
|
"message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><button formaction=' javascript:evil.com'>Click.</button>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<button>Click.</button>",
|
|
"message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction start with space, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><button formaction='http:evil.com'>Click.</button>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<button formaction=\"http:evil.com\">Click.</button>",
|
|
"message": "SanitizerAPI with config: HTMLButtonElement, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p>Some text</p></body><!-- 1 --></html><!-- 2 --><p>Some more text</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>Some text</p><p>Some more text</p>",
|
|
"message": "SanitizerAPI with config: malformed HTML, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>Some text</p><p>Some more text</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments; comments not allowed, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowComments": true
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments; allowComments, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowComments": false
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>Some text</p><p>Some more text</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments; !allowComments, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p>comment<!-- hello -->in<!-- </p> -->text</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>commentintext</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowComments": true
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p>comment<!-- hello -->in<!-- </p> -->text</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, allowComments, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowComments": false
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p>comment<!-- hello -->in<!-- </p> -->text</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>commentintext</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, !allowComments, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"svg"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><svg></svg>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces., sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"div",
|
|
"svg"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div><svg></svg></div>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div></div>",
|
|
"message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces when nested., sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"I",
|
|
"DL"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>balabala<dl>test</dl></div>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>balabala<dl>test</dl></div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"I\", \"DL\"]}, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"i",
|
|
"dl"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>balabala<dl>test</dl></div>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]}, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"i",
|
|
"dl"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><DIV>balabala<DL>test</DL></DIV>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]} with uppercase HTML, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "ID",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p id=\"test\">Click.</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p id=\"test\">Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with id attribute, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "ID",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p ID=\"test\">Click.</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p id=\"test\">Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with ID attribute, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "id",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><p ID=\"test\">Click.</p>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<p>Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with ID attribute, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
123,
|
|
"test",
|
|
"i",
|
|
"custom-element"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements with unknown elements and without allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"blockElements": [
|
|
123,
|
|
"test",
|
|
"i",
|
|
"custom-element"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>balabalatest</div>",
|
|
"message": "SanitizerAPI with config: blockElements with unknown elements and without allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"p",
|
|
"test"
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>test<div>p</div>tt<p>div</p></div><test>test</test>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "testptt<p>div</p>",
|
|
"message": "SanitizerAPI with config: allowElements with unknown elements and without allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
123,
|
|
"test",
|
|
"i",
|
|
"custom-element"
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements with unknown elements and with allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"blockElements": [
|
|
123,
|
|
"test",
|
|
"i",
|
|
"custom-element"
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div>balabalatest</div>t",
|
|
"message": "SanitizerAPI with config: blockElements with unknown elements and with allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"p",
|
|
"test"
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div>test<div>p</div>tt<p>div</p><test>test</test></div>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "testptt<p>div</p><test>test</test>",
|
|
"message": "SanitizerAPI with config: allowElements with unknown elements and with allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowAttributes": [
|
|
{
|
|
"name": "hello",
|
|
"elements": "*"
|
|
},
|
|
{
|
|
"name": "world",
|
|
"elements": [
|
|
"b"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div><b></b></div>",
|
|
"message": "SanitizerAPI with config: allowAttributes unknown attributes and without allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowAttributes": [
|
|
{
|
|
"name": "hello",
|
|
"elements": "*"
|
|
},
|
|
{
|
|
"name": "world",
|
|
"elements": [
|
|
"b"
|
|
]
|
|
}
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div hello=\"1\"><b hello=\"3\" world=\"4\"></b></div>",
|
|
"message": "SanitizerAPI with config: allowAttributes unknown attributes and with allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "hello",
|
|
"elements": "*"
|
|
},
|
|
{
|
|
"name": "world",
|
|
"elements": [
|
|
"b"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div><b></b></div>",
|
|
"message": "SanitizerAPI with config: dropAttributes unknown attributes and without allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "hello",
|
|
"elements": "*"
|
|
},
|
|
{
|
|
"name": "world",
|
|
"elements": [
|
|
"b"
|
|
]
|
|
}
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": [
|
|
"<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>"
|
|
],
|
|
"inputType": "document",
|
|
"output": "<div><b></b></div>",
|
|
"message": "SanitizerAPI with config: dropAttributes unknown attributes and with allowUnknownMarkup, sanitize from document function for <body>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "test",
|
|
"inputType": "template-content",
|
|
"output": "test",
|
|
"message": "SanitizerAPI with config: string, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<b>bla</b>",
|
|
"inputType": "template-content",
|
|
"output": "<b>bla</b>",
|
|
"message": "SanitizerAPI with config: html fragment, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<a<embla",
|
|
"inputType": "template-content",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: broken html, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": {},
|
|
"inputType": "template-content",
|
|
"output": "[object Object]",
|
|
"message": "SanitizerAPI with config: empty object, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": 1,
|
|
"inputType": "template-content",
|
|
"output": "1",
|
|
"message": "SanitizerAPI with config: number, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": 0,
|
|
"inputType": "template-content",
|
|
"output": "0",
|
|
"message": "SanitizerAPI with config: zeros, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": 3,
|
|
"inputType": "template-content",
|
|
"output": "3",
|
|
"message": "SanitizerAPI with config: arithmetic, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "",
|
|
"inputType": "template-content",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: empty string, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"inputType": "template-content",
|
|
"output": "undefined",
|
|
"message": "SanitizerAPI with config: undefined, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<html><head></head><body>test</body></html>",
|
|
"inputType": "template-content",
|
|
"output": "test",
|
|
"message": "SanitizerAPI with config: document, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<div>test",
|
|
"inputType": "template-content",
|
|
"output": "<div>test</div>",
|
|
"message": "SanitizerAPI with config: html without close tag, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<script>alert('i am a test')</script>",
|
|
"inputType": "template-content",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: scripts for default configs, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "hello<script>alert('i am a test')</script>",
|
|
"inputType": "template-content",
|
|
"output": "hello",
|
|
"message": "SanitizerAPI with config: script not as root, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<div><b>hello<script>alert('i am a test')</script>",
|
|
"inputType": "template-content",
|
|
"output": "<div><b>hello</b></div>",
|
|
"message": "SanitizerAPI with config: script deeper in the tree, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<p onclick='a= 123'>Click.</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>Click.</p>",
|
|
"message": "SanitizerAPI with config: onclick scripts, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<plaintext><p>text</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>text</p>",
|
|
"message": "SanitizerAPI with config: plaintext, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<xmp>TEXT</xmp>",
|
|
"inputType": "template-content",
|
|
"output": "TEXT",
|
|
"message": "SanitizerAPI with config: xmp, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"test": 123
|
|
},
|
|
"input": "test",
|
|
"inputType": "template-content",
|
|
"output": "test",
|
|
"message": "SanitizerAPI with config: invalid config_input, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": []
|
|
},
|
|
"input": "test",
|
|
"inputType": "template-content",
|
|
"output": "test",
|
|
"message": "SanitizerAPI with config: empty dropElements list, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"div"
|
|
]
|
|
},
|
|
"input": "<div>test</div><p>bla",
|
|
"inputType": "template-content",
|
|
"output": "<p>bla</p>",
|
|
"message": "SanitizerAPI with config: test html without close tag with dropElements list ['div'], sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<custom-element>test</custom-element>bla",
|
|
"inputType": "template-content",
|
|
"output": "bla",
|
|
"message": "SanitizerAPI with config: default behavior for custom elements, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowCustomElements": true
|
|
},
|
|
"input": "<custom-element>test</custom-element>bla",
|
|
"inputType": "template-content",
|
|
"output": "testbla",
|
|
"message": "SanitizerAPI with config: allow custom elements, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowCustomElements": true,
|
|
"allowElements": [
|
|
"custom-element"
|
|
]
|
|
},
|
|
"input": "<custom-element>test</custom-element>bla",
|
|
"inputType": "template-content",
|
|
"output": "<custom-element>test</custom-element>bla",
|
|
"message": "SanitizerAPI with config: allow custom elements with allow elements, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowCustomElements": false
|
|
},
|
|
"input": "<custom-element>test</custom-element>bla",
|
|
"inputType": "template-content",
|
|
"output": "bla",
|
|
"message": "SanitizerAPI with config: disallow custom elements, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"custom-element"
|
|
],
|
|
"allowCustomElements": true
|
|
},
|
|
"input": "<custom-element>test</custom-element>bla",
|
|
"inputType": "template-content",
|
|
"output": "bla",
|
|
"message": "SanitizerAPI with config: allow custom elements with drop list contains [\"custom-element\"], sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"script"
|
|
]
|
|
},
|
|
"input": "<script>alert('i am a test')</script>",
|
|
"inputType": "template-content",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: test script with [\"script\"] as dropElements list, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"test-element",
|
|
"i"
|
|
]
|
|
},
|
|
"input": "<div>balabala<i>test</i></div><test-element>t</test-element>",
|
|
"inputType": "template-content",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"test-element\", \"i\"]}, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"dl",
|
|
"p"
|
|
]
|
|
},
|
|
"input": "<div>balabala<i>i</i><p>t</p></div>",
|
|
"inputType": "template-content",
|
|
"output": "<div>balabala<i>i</i></div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"dl\", \"p\"]}, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"p"
|
|
]
|
|
},
|
|
"input": "<div>test<div>p</div>tt<p>div</p></div>",
|
|
"inputType": "template-content",
|
|
"output": "testptt<p>div</p>",
|
|
"message": "SanitizerAPI with config: allowElements list [\"p\"], sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"div"
|
|
],
|
|
"allowElements": [
|
|
"div"
|
|
]
|
|
},
|
|
"input": "<div>test</div><p>bla",
|
|
"inputType": "template-content",
|
|
"output": "bla",
|
|
"message": "SanitizerAPI with config: allowElements list has no influence to dropElements, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "style",
|
|
"elements": [
|
|
"p"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"input": "<p style='color: black'>Click.</p><div style='color: white'>div</div>",
|
|
"inputType": "template-content",
|
|
"output": "<p>Click.</p><div style=\"color: white\">div</div>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"style\": [\"p\"]} with style attribute, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": []
|
|
},
|
|
"input": "<p id='test'>Click.</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p id=\"test\">Click.</p>",
|
|
"message": "SanitizerAPI with config: empty dropAttributes list with id attribute, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "id",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": "<p id='test'>Click.</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with id attribute, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "data-attribute-with-dashes",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": "<p id='p' data-attribute-with-dashes='123'>Click.</p><script>document.getElementById('p').dataset.attributeWithDashes=123;</script>",
|
|
"inputType": "template-content",
|
|
"output": "<p id=\"p\">Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"data-attribute-with-dashes\": [\"*\"]} with dom dataset js access, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowAttributes": [
|
|
{
|
|
"name": "id",
|
|
"elements": [
|
|
"div"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"input": "<p id='p'>P</p><div id='div'>DIV</div>",
|
|
"inputType": "template-content",
|
|
"output": "<p>P</p><div id=\"div\">DIV</div>",
|
|
"message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"div\"]} with id attribute, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowAttributes": [
|
|
{
|
|
"name": "id",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": "<p id='test' onclick='a= 123'>Click.</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p id=\"test\">Click.</p>",
|
|
"message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"*\"]} with id attribute and onclick scripts, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "style",
|
|
"elements": "*"
|
|
}
|
|
],
|
|
"allowAttributes": [
|
|
{
|
|
"name": "style",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": "<p style='color: black'>Click.</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>Click.</p>",
|
|
"message": "SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"template",
|
|
"div"
|
|
]
|
|
},
|
|
"input": "<template><script>test</script><div>hello</div></template>",
|
|
"inputType": "template-content",
|
|
"output": "<template><div>hello</div></template>",
|
|
"message": "SanitizerAPI with config: Template element, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<a href='javascript:evil.com'>Click.</a>",
|
|
"inputType": "template-content",
|
|
"output": "<a>Click.</a>",
|
|
"message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<a href=' javascript:evil.com'>Click.</a>",
|
|
"inputType": "template-content",
|
|
"output": "<a>Click.</a>",
|
|
"message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal start with space, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<a href='http:evil.com'>Click.</a>",
|
|
"inputType": "template-content",
|
|
"output": "<a href=\"http:evil.com\">Click.</a>",
|
|
"message": "SanitizerAPI with config: HTMLAnchorElement, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<area href='javascript:evil.com'>Click.</area>",
|
|
"inputType": "template-content",
|
|
"output": "<area>Click.",
|
|
"message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<area href=' javascript:evil.com'>Click.</area>",
|
|
"inputType": "template-content",
|
|
"output": "<area>Click.",
|
|
"message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal start with space, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<area href='http:evil.com'>Click.</area>",
|
|
"inputType": "template-content",
|
|
"output": "<area href=\"http:evil.com\">Click.",
|
|
"message": "SanitizerAPI with config: HTMLAreaElement, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<form action='javascript:evil.com'>Click.</form>",
|
|
"inputType": "template-content",
|
|
"output": "<form>Click.</form>",
|
|
"message": "SanitizerAPI with config: HTMLFormElement with javascript action, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<form action=' javascript:evil.com'>Click.</form>",
|
|
"inputType": "template-content",
|
|
"output": "<form>Click.</form>",
|
|
"message": "SanitizerAPI with config: HTMLFormElement with javascript action start with space, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<form action='http:evil.com'>Click.</form>",
|
|
"inputType": "template-content",
|
|
"output": "<form action=\"http:evil.com\">Click.</form>",
|
|
"message": "SanitizerAPI with config: HTMLFormElement, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<input formaction='javascript:evil.com'>Click.</input>",
|
|
"inputType": "template-content",
|
|
"output": "<input>Click.",
|
|
"message": "SanitizerAPI with config: HTMLInputElement with javascript formaction, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<input formaction=' javascript:evil.com'>Click.</input>",
|
|
"inputType": "template-content",
|
|
"output": "<input>Click.",
|
|
"message": "SanitizerAPI with config: HTMLInputElement with javascript formaction start with space, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<input formaction='http:evil.com'>Click.</input>",
|
|
"inputType": "template-content",
|
|
"output": "<input formaction=\"http:evil.com\">Click.",
|
|
"message": "SanitizerAPI with config: HTMLInputElement, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<button formaction='javascript:evil.com'>Click.</button>",
|
|
"inputType": "template-content",
|
|
"output": "<button>Click.</button>",
|
|
"message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<button formaction=' javascript:evil.com'>Click.</button>",
|
|
"inputType": "template-content",
|
|
"output": "<button>Click.</button>",
|
|
"message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction start with space, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<button formaction='http:evil.com'>Click.</button>",
|
|
"inputType": "template-content",
|
|
"output": "<button formaction=\"http:evil.com\">Click.</button>",
|
|
"message": "SanitizerAPI with config: HTMLButtonElement, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<p>Some text</p></body><!-- 1 --></html><!-- 2 --><p>Some more text</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>Some text</p><p>Some more text</p>",
|
|
"message": "SanitizerAPI with config: malformed HTML, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>Some text</p><p>Some more text</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments; comments not allowed, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowComments": true
|
|
},
|
|
"input": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments; allowComments, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowComments": false
|
|
},
|
|
"input": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>Some text</p><p>Some more text</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments; !allowComments, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {},
|
|
"input": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>commentintext</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowComments": true
|
|
},
|
|
"input": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, allowComments, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowComments": false
|
|
},
|
|
"input": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>commentintext</p>",
|
|
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, !allowComments, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"svg"
|
|
]
|
|
},
|
|
"input": "<svg></svg>",
|
|
"inputType": "template-content",
|
|
"output": "",
|
|
"message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces., sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"div",
|
|
"svg"
|
|
]
|
|
},
|
|
"input": "<div><svg></svg></div>",
|
|
"inputType": "template-content",
|
|
"output": "<div></div>",
|
|
"message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces when nested., sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"I",
|
|
"DL"
|
|
]
|
|
},
|
|
"input": "<div>balabala<dl>test</dl></div>",
|
|
"inputType": "template-content",
|
|
"output": "<div>balabala<dl>test</dl></div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"I\", \"DL\"]}, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"i",
|
|
"dl"
|
|
]
|
|
},
|
|
"input": "<div>balabala<dl>test</dl></div>",
|
|
"inputType": "template-content",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]}, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
"i",
|
|
"dl"
|
|
]
|
|
},
|
|
"input": "<DIV>balabala<DL>test</DL></DIV>",
|
|
"inputType": "template-content",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]} with uppercase HTML, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "ID",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": "<p id=\"test\">Click.</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p id=\"test\">Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with id attribute, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "ID",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": "<p ID=\"test\">Click.</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p id=\"test\">Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with ID attribute, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "id",
|
|
"elements": "*"
|
|
}
|
|
]
|
|
},
|
|
"input": "<p ID=\"test\">Click.</p>",
|
|
"inputType": "template-content",
|
|
"output": "<p>Click.</p>",
|
|
"message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with ID attribute, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
123,
|
|
"test",
|
|
"i",
|
|
"custom-element"
|
|
]
|
|
},
|
|
"input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>",
|
|
"inputType": "template-content",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements with unknown elements and without allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"blockElements": [
|
|
123,
|
|
"test",
|
|
"i",
|
|
"custom-element"
|
|
]
|
|
},
|
|
"input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>",
|
|
"inputType": "template-content",
|
|
"output": "<div>balabalatest</div>",
|
|
"message": "SanitizerAPI with config: blockElements with unknown elements and without allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"p",
|
|
"test"
|
|
]
|
|
},
|
|
"input": "<div>test<div>p</div>tt<p>div</p></div><test>test</test>",
|
|
"inputType": "template-content",
|
|
"output": "testptt<p>div</p>",
|
|
"message": "SanitizerAPI with config: allowElements with unknown elements and without allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropElements": [
|
|
123,
|
|
"test",
|
|
"i",
|
|
"custom-element"
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>",
|
|
"inputType": "template-content",
|
|
"output": "<div>balabala</div>",
|
|
"message": "SanitizerAPI with config: dropElements with unknown elements and with allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"blockElements": [
|
|
123,
|
|
"test",
|
|
"i",
|
|
"custom-element"
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>",
|
|
"inputType": "template-content",
|
|
"output": "<div>balabalatest</div>t",
|
|
"message": "SanitizerAPI with config: blockElements with unknown elements and with allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowElements": [
|
|
"p",
|
|
"test"
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": "<div>test<div>p</div>tt<p>div</p><test>test</test></div>",
|
|
"inputType": "template-content",
|
|
"output": "testptt<p>div</p><test>test</test>",
|
|
"message": "SanitizerAPI with config: allowElements with unknown elements and with allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowAttributes": [
|
|
{
|
|
"name": "hello",
|
|
"elements": "*"
|
|
},
|
|
{
|
|
"name": "world",
|
|
"elements": [
|
|
"b"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"input": "<div hello='1' world='2'><b hello='3' world='4'>",
|
|
"inputType": "template-content",
|
|
"output": "<div><b></b></div>",
|
|
"message": "SanitizerAPI with config: allowAttributes unknown attributes and without allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"allowAttributes": [
|
|
{
|
|
"name": "hello",
|
|
"elements": "*"
|
|
},
|
|
{
|
|
"name": "world",
|
|
"elements": [
|
|
"b"
|
|
]
|
|
}
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": "<div hello='1' world='2'><b hello='3' world='4'>",
|
|
"inputType": "template-content",
|
|
"output": "<div hello=\"1\"><b hello=\"3\" world=\"4\"></b></div>",
|
|
"message": "SanitizerAPI with config: allowAttributes unknown attributes and with allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "hello",
|
|
"elements": "*"
|
|
},
|
|
{
|
|
"name": "world",
|
|
"elements": [
|
|
"b"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"input": "<div hello='1' world='2'><b hello='3' world='4'>",
|
|
"inputType": "template-content",
|
|
"output": "<div><b></b></div>",
|
|
"message": "SanitizerAPI with config: dropAttributes unknown attributes and without allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
},
|
|
{
|
|
"config": {
|
|
"dropAttributes": [
|
|
{
|
|
"name": "hello",
|
|
"elements": "*"
|
|
},
|
|
{
|
|
"name": "world",
|
|
"elements": [
|
|
"b"
|
|
]
|
|
}
|
|
],
|
|
"allowUnknownMarkup": true
|
|
},
|
|
"input": "<div hello='1' world='2'><b hello='3' world='4'>",
|
|
"inputType": "template-content",
|
|
"output": "<div><b></b></div>",
|
|
"message": "SanitizerAPI with config: dropAttributes unknown attributes and with allowUnknownMarkup, sanitize from document fragment function for <template>"
|
|
}
|
|
]
|
|
|