MensBeam/HTML-Sanitizer
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
HTML-Sanitizer/tests/cases/std-sanitize.json

1793 lines
55 KiB
JSON
Raw Blame History

[
{
"config": null,
"input": [],
"inputType": "literal",
"output": null,
"exceptionType": "TypeError",
"message": "Sanitizer.sanitize() should throw an error."
},
{
"config": null,
"input": [
null
],
"inputType": "literal",
"output": null,
"exceptionType": "TypeError",
"message": "Sanitizer.sanitize(null)."
},
{
"config": null,
"input": [
"<a href=\"about:blank\">hello</a><script>console.log(\"world!\");</script>"
],
"inputType": "document-fragment",
"output": "<a href=\"about:blank\">hello</a>",
"message": "Sanitizer.sanitze(DocumentFragment)"
},
{
"config": null,
"input": [
"<a href=\"about:blank\">hello</a><script>console.log(\"world!\");</script>"
],
"inputType": "document",
"output": "<a href=\"about:blank\">hello</a>",
"message": "Sanitizer.sanitze(Document)"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body>test"
],
"inputType": "document",
"output": "test",
"message": "SanitizerAPI with config: string, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><b>bla</b>"
],
"inputType": "document",
"output": "<b>bla</b>",
"message": "SanitizerAPI with config: html fragment, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><a<embla"
],
"inputType": "document",
"output": "",
"message": "SanitizerAPI with config: broken html, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body>[object Object]"
],
"inputType": "document",
"output": "[object Object]",
"message": "SanitizerAPI with config: empty object, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body>1"
],
"inputType": "document",
"output": "1",
"message": "SanitizerAPI with config: number, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body>0"
],
"inputType": "document",
"output": "0",
"message": "SanitizerAPI with config: zeros, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body>3"
],
"inputType": "document",
"output": "3",
"message": "SanitizerAPI with config: arithmetic, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body>"
],
"inputType": "document",
"output": "",
"message": "SanitizerAPI with config: empty string, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body>undefined"
],
"inputType": "document",
"output": "undefined",
"message": "SanitizerAPI with config: undefined, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><html><head></head><body>test</body></html>"
],
"inputType": "document",
"output": "test",
"message": "SanitizerAPI with config: document, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><div>test"
],
"inputType": "document",
"output": "<div>test</div>",
"message": "SanitizerAPI with config: html without close tag, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><script>alert('i am a test')</script>"
],
"inputType": "document",
"output": "",
"message": "SanitizerAPI with config: scripts for default configs, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body>hello<script>alert('i am a test')</script>"
],
"inputType": "document",
"output": "hello",
"message": "SanitizerAPI with config: script not as root, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><div><b>hello<script>alert('i am a test')</script>"
],
"inputType": "document",
"output": "<div><b>hello</b></div>",
"message": "SanitizerAPI with config: script deeper in the tree, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><p onclick='a= 123'>Click.</p>"
],
"inputType": "document",
"output": "<p>Click.</p>",
"message": "SanitizerAPI with config: onclick scripts, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><plaintext><p>text</p>"
],
"inputType": "document",
"output": "&lt;p&gt;text&lt;/p&gt;",
"message": "SanitizerAPI with config: plaintext, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><xmp>TEXT</xmp>"
],
"inputType": "document",
"output": "TEXT",
"message": "SanitizerAPI with config: xmp, sanitize from document function for <body>"
},
{
"config": {
"test": 123
},
"input": [
"<!DOCTYPE html><body>test"
],
"inputType": "document",
"output": "test",
"message": "SanitizerAPI with config: invalid config_input, sanitize from document function for <body>"
},
{
"config": {
"dropElements": []
},
"input": [
"<!DOCTYPE html><body>test"
],
"inputType": "document",
"output": "test",
"message": "SanitizerAPI with config: empty dropElements list, sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
"div"
]
},
"input": [
"<!DOCTYPE html><body><div>test</div><p>bla"
],
"inputType": "document",
"output": "<p>bla</p>",
"message": "SanitizerAPI with config: test html without close tag with dropElements list ['div'], sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
],
"inputType": "document",
"output": "bla",
"message": "SanitizerAPI with config: default behavior for custom elements, sanitize from document function for <body>"
},
{
"config": {
"allowCustomElements": true
},
"input": [
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
],
"inputType": "document",
"output": "testbla",
"message": "SanitizerAPI with config: allow custom elements, sanitize from document function for <body>"
},
{
"config": {
"allowCustomElements": true,
"allowElements": [
"custom-element"
]
},
"input": [
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
],
"inputType": "document",
"output": "<custom-element>test</custom-element>bla",
"message": "SanitizerAPI with config: allow custom elements with allow elements, sanitize from document function for <body>"
},
{
"config": {
"allowCustomElements": false
},
"input": [
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
],
"inputType": "document",
"output": "bla",
"message": "SanitizerAPI with config: disallow custom elements, sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
"custom-element"
],
"allowCustomElements": true
},
"input": [
"<!DOCTYPE html><body><custom-element>test</custom-element>bla"
],
"inputType": "document",
"output": "bla",
"message": "SanitizerAPI with config: allow custom elements with drop list contains [\"custom-element\"], sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
"script"
]
},
"input": [
"<!DOCTYPE html><body><script>alert('i am a test')</script>"
],
"inputType": "document",
"output": "",
"message": "SanitizerAPI with config: test script with [\"script\"] as dropElements list, sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
"test-element",
"i"
]
},
"input": [
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test-element>t</test-element>"
],
"inputType": "document",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements list [\"test-element\", \"i\"]}, sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
"dl",
"p"
]
},
"input": [
"<!DOCTYPE html><body><div>balabala<i>i</i><p>t</p></div>"
],
"inputType": "document",
"output": "<div>balabala<i>i</i></div>",
"message": "SanitizerAPI with config: dropElements list [\"dl\", \"p\"]}, sanitize from document function for <body>"
},
{
"config": {
"allowElements": [
"p"
]
},
"input": [
"<!DOCTYPE html><body><div>test<div>p</div>tt<p>div</p></div>"
],
"inputType": "document",
"output": "testptt<p>div</p>",
"message": "SanitizerAPI with config: allowElements list [\"p\"], sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
"div"
],
"allowElements": [
"div"
]
},
"input": [
"<!DOCTYPE html><body><div>test</div><p>bla"
],
"inputType": "document",
"output": "bla",
"message": "SanitizerAPI with config: allowElements list has no influence to dropElements, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": [
{
"name": "style",
"elements": [
"p"
]
}
]
},
"input": [
"<!DOCTYPE html><body><p style='color: black'>Click.</p><div style='color: white'>div</div>"
],
"inputType": "document",
"output": "<p>Click.</p><div style=\"color: white\">div</div>",
"message": "SanitizerAPI with config: dropAttributes list {\"style\": [\"p\"]} with style attribute, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": []
},
"input": [
"<!DOCTYPE html><body><p id='test'>Click.</p>"
],
"inputType": "document",
"output": "<p id=\"test\">Click.</p>",
"message": "SanitizerAPI with config: empty dropAttributes list with id attribute, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": [
{
"name": "id",
"elements": "*"
}
]
},
"input": [
"<!DOCTYPE html><body><p id='test'>Click.</p>"
],
"inputType": "document",
"output": "<p>Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with id attribute, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": [
{
"name": "data-attribute-with-dashes",
"elements": "*"
}
]
},
"input": [
"<!DOCTYPE html><body><p id='p' data-attribute-with-dashes='123'>Click.</p><script>document.getElementById('p').dataset.attributeWithDashes=123;</script>"
],
"inputType": "document",
"output": "<p id=\"p\">Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"data-attribute-with-dashes\": [\"*\"]} with dom dataset js access, sanitize from document function for <body>"
},
{
"config": {
"allowAttributes": [
{
"name": "id",
"elements": [
"div"
]
}
]
},
"input": [
"<!DOCTYPE html><body><p id='p'>P</p><div id='div'>DIV</div>"
],
"inputType": "document",
"output": "<p>P</p><div id=\"div\">DIV</div>",
"message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"div\"]} with id attribute, sanitize from document function for <body>"
},
{
"config": {
"allowAttributes": [
{
"name": "id",
"elements": "*"
}
]
},
"input": [
"<!DOCTYPE html><body><p id='test' onclick='a= 123'>Click.</p>"
],
"inputType": "document",
"output": "<p id=\"test\">Click.</p>",
"message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"*\"]} with id attribute and onclick scripts, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": [
{
"name": "style",
"elements": "*"
}
],
"allowAttributes": [
{
"name": "style",
"elements": "*"
}
]
},
"input": [
"<!DOCTYPE html><body><p style='color: black'>Click.</p>"
],
"inputType": "document",
"output": "<p>Click.</p>",
"message": "SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitize from document function for <body>"
},
{
"config": {
"allowElements": [
"template",
"div"
]
},
"input": [
"<!DOCTYPE html><body><template><script>test</script><div>hello</div></template>"
],
"inputType": "document",
"output": "<template><div>hello</div></template>",
"message": "SanitizerAPI with config: Template element, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><a href='javascript:evil.com'>Click.</a>"
],
"inputType": "document",
"output": "<a>Click.</a>",
"message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><a href=' javascript:evil.com'>Click.</a>"
],
"inputType": "document",
"output": "<a>Click.</a>",
"message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal start with space, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><a href='http:evil.com'>Click.</a>"
],
"inputType": "document",
"output": "<a href=\"http:evil.com\">Click.</a>",
"message": "SanitizerAPI with config: HTMLAnchorElement, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><area href='javascript:evil.com'>Click.</area>"
],
"inputType": "document",
"output": "<area>Click.",
"message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><area href=' javascript:evil.com'>Click.</area>"
],
"inputType": "document",
"output": "<area>Click.",
"message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal start with space, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><area href='http:evil.com'>Click.</area>"
],
"inputType": "document",
"output": "<area href=\"http:evil.com\">Click.",
"message": "SanitizerAPI with config: HTMLAreaElement, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><form action='javascript:evil.com'>Click.</form>"
],
"inputType": "document",
"output": "<form>Click.</form>",
"message": "SanitizerAPI with config: HTMLFormElement with javascript action, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><form action=' javascript:evil.com'>Click.</form>"
],
"inputType": "document",
"output": "<form>Click.</form>",
"message": "SanitizerAPI with config: HTMLFormElement with javascript action start with space, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><form action='http:evil.com'>Click.</form>"
],
"inputType": "document",
"output": "<form action=\"http:evil.com\">Click.</form>",
"message": "SanitizerAPI with config: HTMLFormElement, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><input formaction='javascript:evil.com'>Click.</input>"
],
"inputType": "document",
"output": "<input>Click.",
"message": "SanitizerAPI with config: HTMLInputElement with javascript formaction, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><input formaction=' javascript:evil.com'>Click.</input>"
],
"inputType": "document",
"output": "<input>Click.",
"message": "SanitizerAPI with config: HTMLInputElement with javascript formaction start with space, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><input formaction='http:evil.com'>Click.</input>"
],
"inputType": "document",
"output": "<input formaction=\"http:evil.com\">Click.",
"message": "SanitizerAPI with config: HTMLInputElement, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><button formaction='javascript:evil.com'>Click.</button>"
],
"inputType": "document",
"output": "<button>Click.</button>",
"message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><button formaction=' javascript:evil.com'>Click.</button>"
],
"inputType": "document",
"output": "<button>Click.</button>",
"message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction start with space, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><button formaction='http:evil.com'>Click.</button>"
],
"inputType": "document",
"output": "<button formaction=\"http:evil.com\">Click.</button>",
"message": "SanitizerAPI with config: HTMLButtonElement, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><p>Some text</p></body><!-- 1 --></html><!-- 2 --><p>Some more text</p>"
],
"inputType": "document",
"output": "<p>Some text</p><p>Some more text</p>",
"message": "SanitizerAPI with config: malformed HTML, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>"
],
"inputType": "document",
"output": "<p>Some text</p><p>Some more text</p>",
"message": "SanitizerAPI with config: HTML with comments; comments not allowed, sanitize from document function for <body>"
},
{
"config": {
"allowComments": true
},
"input": [
"<!DOCTYPE html><body><p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>"
],
"inputType": "document",
"output": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
"message": "SanitizerAPI with config: HTML with comments; allowComments, sanitize from document function for <body>"
},
{
"config": {
"allowComments": false
},
"input": [
"<!DOCTYPE html><body><p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>"
],
"inputType": "document",
"output": "<p>Some text</p><p>Some more text</p>",
"message": "SanitizerAPI with config: HTML with comments; !allowComments, sanitize from document function for <body>"
},
{
"config": {},
"input": [
"<!DOCTYPE html><body><p>comment<!-- hello -->in<!-- </p> -->text</p>"
],
"inputType": "document",
"output": "<p>commentintext</p>",
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, sanitize from document function for <body>"
},
{
"config": {
"allowComments": true
},
"input": [
"<!DOCTYPE html><body><p>comment<!-- hello -->in<!-- </p> -->text</p>"
],
"inputType": "document",
"output": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, allowComments, sanitize from document function for <body>"
},
{
"config": {
"allowComments": false
},
"input": [
"<!DOCTYPE html><body><p>comment<!-- hello -->in<!-- </p> -->text</p>"
],
"inputType": "document",
"output": "<p>commentintext</p>",
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, !allowComments, sanitize from document function for <body>"
},
{
"config": {
"allowElements": [
"svg"
]
},
"input": [
"<!DOCTYPE html><body><svg></svg>"
],
"inputType": "document",
"output": "",
"message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces., sanitize from document function for <body>"
},
{
"config": {
"allowElements": [
"div",
"svg"
]
},
"input": [
"<!DOCTYPE html><body><div><svg></svg></div>"
],
"inputType": "document",
"output": "<div></div>",
"message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces when nested., sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
"I",
"DL"
]
},
"input": [
"<!DOCTYPE html><body><div>balabala<dl>test</dl></div>"
],
"inputType": "document",
"output": "<div>balabala<dl>test</dl></div>",
"message": "SanitizerAPI with config: dropElements list [\"I\", \"DL\"]}, sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
"i",
"dl"
]
},
"input": [
"<!DOCTYPE html><body><div>balabala<dl>test</dl></div>"
],
"inputType": "document",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]}, sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
"i",
"dl"
]
},
"input": [
"<!DOCTYPE html><body><DIV>balabala<DL>test</DL></DIV>"
],
"inputType": "document",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]} with uppercase HTML, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": [
{
"name": "ID",
"elements": "*"
}
]
},
"input": [
"<!DOCTYPE html><body><p id=\"test\">Click.</p>"
],
"inputType": "document",
"output": "<p id=\"test\">Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with id attribute, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": [
{
"name": "ID",
"elements": "*"
}
]
},
"input": [
"<!DOCTYPE html><body><p ID=\"test\">Click.</p>"
],
"inputType": "document",
"output": "<p id=\"test\">Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with ID attribute, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": [
{
"name": "id",
"elements": "*"
}
]
},
"input": [
"<!DOCTYPE html><body><p ID=\"test\">Click.</p>"
],
"inputType": "document",
"output": "<p>Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with ID attribute, sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
123,
"test",
"i",
"custom-element"
]
},
"input": [
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>"
],
"inputType": "document",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements with unknown elements and without allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {
"blockElements": [
123,
"test",
"i",
"custom-element"
]
},
"input": [
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>"
],
"inputType": "document",
"output": "<div>balabalatest</div>",
"message": "SanitizerAPI with config: blockElements with unknown elements and without allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {
"allowElements": [
"p",
"test"
]
},
"input": [
"<!DOCTYPE html><body><div>test<div>p</div>tt<p>div</p></div><test>test</test>"
],
"inputType": "document",
"output": "testptt<p>div</p>",
"message": "SanitizerAPI with config: allowElements with unknown elements and without allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {
"dropElements": [
123,
"test",
"i",
"custom-element"
],
"allowUnknownMarkup": true
},
"input": [
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>"
],
"inputType": "document",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements with unknown elements and with allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {
"blockElements": [
123,
"test",
"i",
"custom-element"
],
"allowUnknownMarkup": true
},
"input": [
"<!DOCTYPE html><body><div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>"
],
"inputType": "document",
"output": "<div>balabalatest</div>t",
"message": "SanitizerAPI with config: blockElements with unknown elements and with allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {
"allowElements": [
"p",
"test"
],
"allowUnknownMarkup": true
},
"input": [
"<!DOCTYPE html><body><div>test<div>p</div>tt<p>div</p><test>test</test></div>"
],
"inputType": "document",
"output": "testptt<p>div</p><test>test</test>",
"message": "SanitizerAPI with config: allowElements with unknown elements and with allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {
"allowAttributes": [
{
"name": "hello",
"elements": "*"
},
{
"name": "world",
"elements": [
"b"
]
}
]
},
"input": [
"<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>"
],
"inputType": "document",
"output": "<div><b></b></div>",
"message": "SanitizerAPI with config: allowAttributes unknown attributes and without allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {
"allowAttributes": [
{
"name": "hello",
"elements": "*"
},
{
"name": "world",
"elements": [
"b"
]
}
],
"allowUnknownMarkup": true
},
"input": [
"<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>"
],
"inputType": "document",
"output": "<div hello=\"1\"><b hello=\"3\" world=\"4\"></b></div>",
"message": "SanitizerAPI with config: allowAttributes unknown attributes and with allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": [
{
"name": "hello",
"elements": "*"
},
{
"name": "world",
"elements": [
"b"
]
}
]
},
"input": [
"<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>"
],
"inputType": "document",
"output": "<div><b></b></div>",
"message": "SanitizerAPI with config: dropAttributes unknown attributes and without allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {
"dropAttributes": [
{
"name": "hello",
"elements": "*"
},
{
"name": "world",
"elements": [
"b"
]
}
],
"allowUnknownMarkup": true
},
"input": [
"<!DOCTYPE html><body><div hello='1' world='2'><b hello='3' world='4'>"
],
"inputType": "document",
"output": "<div><b></b></div>",
"message": "SanitizerAPI with config: dropAttributes unknown attributes and with allowUnknownMarkup, sanitize from document function for <body>"
},
{
"config": {},
"input": "test",
"inputType": "template-content",
"output": "test",
"message": "SanitizerAPI with config: string, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<b>bla</b>",
"inputType": "template-content",
"output": "<b>bla</b>",
"message": "SanitizerAPI with config: html fragment, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<a<embla",
"inputType": "template-content",
"output": "",
"message": "SanitizerAPI with config: broken html, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": {},
"inputType": "template-content",
"output": "[object Object]",
"message": "SanitizerAPI with config: empty object, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": 1,
"inputType": "template-content",
"output": "1",
"message": "SanitizerAPI with config: number, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": 0,
"inputType": "template-content",
"output": "0",
"message": "SanitizerAPI with config: zeros, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": 3,
"inputType": "template-content",
"output": "3",
"message": "SanitizerAPI with config: arithmetic, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "",
"inputType": "template-content",
"output": "",
"message": "SanitizerAPI with config: empty string, sanitize from document fragment function for <template>"
},
{
"config": {},
"inputType": "template-content",
"output": "undefined",
"message": "SanitizerAPI with config: undefined, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<html><head></head><body>test</body></html>",
"inputType": "template-content",
"output": "test",
"message": "SanitizerAPI with config: document, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<div>test",
"inputType": "template-content",
"output": "<div>test</div>",
"message": "SanitizerAPI with config: html without close tag, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<script>alert('i am a test')</script>",
"inputType": "template-content",
"output": "",
"message": "SanitizerAPI with config: scripts for default configs, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "hello<script>alert('i am a test')</script>",
"inputType": "template-content",
"output": "hello",
"message": "SanitizerAPI with config: script not as root, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<div><b>hello<script>alert('i am a test')</script>",
"inputType": "template-content",
"output": "<div><b>hello</b></div>",
"message": "SanitizerAPI with config: script deeper in the tree, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<p onclick='a= 123'>Click.</p>",
"inputType": "template-content",
"output": "<p>Click.</p>",
"message": "SanitizerAPI with config: onclick scripts, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<plaintext><p>text</p>",
"inputType": "template-content",
"output": "&lt;p&gt;text&lt;/p&gt;",
"message": "SanitizerAPI with config: plaintext, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<xmp>TEXT</xmp>",
"inputType": "template-content",
"output": "TEXT",
"message": "SanitizerAPI with config: xmp, sanitize from document fragment function for <template>"
},
{
"config": {
"test": 123
},
"input": "test",
"inputType": "template-content",
"output": "test",
"message": "SanitizerAPI with config: invalid config_input, sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": []
},
"input": "test",
"inputType": "template-content",
"output": "test",
"message": "SanitizerAPI with config: empty dropElements list, sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
"div"
]
},
"input": "<div>test</div><p>bla",
"inputType": "template-content",
"output": "<p>bla</p>",
"message": "SanitizerAPI with config: test html without close tag with dropElements list ['div'], sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<custom-element>test</custom-element>bla",
"inputType": "template-content",
"output": "bla",
"message": "SanitizerAPI with config: default behavior for custom elements, sanitize from document fragment function for <template>"
},
{
"config": {
"allowCustomElements": true
},
"input": "<custom-element>test</custom-element>bla",
"inputType": "template-content",
"output": "testbla",
"message": "SanitizerAPI with config: allow custom elements, sanitize from document fragment function for <template>"
},
{
"config": {
"allowCustomElements": true,
"allowElements": [
"custom-element"
]
},
"input": "<custom-element>test</custom-element>bla",
"inputType": "template-content",
"output": "<custom-element>test</custom-element>bla",
"message": "SanitizerAPI with config: allow custom elements with allow elements, sanitize from document fragment function for <template>"
},
{
"config": {
"allowCustomElements": false
},
"input": "<custom-element>test</custom-element>bla",
"inputType": "template-content",
"output": "bla",
"message": "SanitizerAPI with config: disallow custom elements, sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
"custom-element"
],
"allowCustomElements": true
},
"input": "<custom-element>test</custom-element>bla",
"inputType": "template-content",
"output": "bla",
"message": "SanitizerAPI with config: allow custom elements with drop list contains [\"custom-element\"], sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
"script"
]
},
"input": "<script>alert('i am a test')</script>",
"inputType": "template-content",
"output": "",
"message": "SanitizerAPI with config: test script with [\"script\"] as dropElements list, sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
"test-element",
"i"
]
},
"input": "<div>balabala<i>test</i></div><test-element>t</test-element>",
"inputType": "template-content",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements list [\"test-element\", \"i\"]}, sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
"dl",
"p"
]
},
"input": "<div>balabala<i>i</i><p>t</p></div>",
"inputType": "template-content",
"output": "<div>balabala<i>i</i></div>",
"message": "SanitizerAPI with config: dropElements list [\"dl\", \"p\"]}, sanitize from document fragment function for <template>"
},
{
"config": {
"allowElements": [
"p"
]
},
"input": "<div>test<div>p</div>tt<p>div</p></div>",
"inputType": "template-content",
"output": "testptt<p>div</p>",
"message": "SanitizerAPI with config: allowElements list [\"p\"], sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
"div"
],
"allowElements": [
"div"
]
},
"input": "<div>test</div><p>bla",
"inputType": "template-content",
"output": "bla",
"message": "SanitizerAPI with config: allowElements list has no influence to dropElements, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": [
{
"name": "style",
"elements": [
"p"
]
}
]
},
"input": "<p style='color: black'>Click.</p><div style='color: white'>div</div>",
"inputType": "template-content",
"output": "<p>Click.</p><div style=\"color: white\">div</div>",
"message": "SanitizerAPI with config: dropAttributes list {\"style\": [\"p\"]} with style attribute, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": []
},
"input": "<p id='test'>Click.</p>",
"inputType": "template-content",
"output": "<p id=\"test\">Click.</p>",
"message": "SanitizerAPI with config: empty dropAttributes list with id attribute, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": [
{
"name": "id",
"elements": "*"
}
]
},
"input": "<p id='test'>Click.</p>",
"inputType": "template-content",
"output": "<p>Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with id attribute, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": [
{
"name": "data-attribute-with-dashes",
"elements": "*"
}
]
},
"input": "<p id='p' data-attribute-with-dashes='123'>Click.</p><script>document.getElementById('p').dataset.attributeWithDashes=123;</script>",
"inputType": "template-content",
"output": "<p id=\"p\">Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"data-attribute-with-dashes\": [\"*\"]} with dom dataset js access, sanitize from document fragment function for <template>"
},
{
"config": {
"allowAttributes": [
{
"name": "id",
"elements": [
"div"
]
}
]
},
"input": "<p id='p'>P</p><div id='div'>DIV</div>",
"inputType": "template-content",
"output": "<p>P</p><div id=\"div\">DIV</div>",
"message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"div\"]} with id attribute, sanitize from document fragment function for <template>"
},
{
"config": {
"allowAttributes": [
{
"name": "id",
"elements": "*"
}
]
},
"input": "<p id='test' onclick='a= 123'>Click.</p>",
"inputType": "template-content",
"output": "<p id=\"test\">Click.</p>",
"message": "SanitizerAPI with config: allowAttributes list {\"id\": [\"*\"]} with id attribute and onclick scripts, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": [
{
"name": "style",
"elements": "*"
}
],
"allowAttributes": [
{
"name": "style",
"elements": "*"
}
]
},
"input": "<p style='color: black'>Click.</p>",
"inputType": "template-content",
"output": "<p>Click.</p>",
"message": "SanitizerAPI with config: allowAttributes list has no influence to dropAttributes, sanitize from document fragment function for <template>"
},
{
"config": {
"allowElements": [
"template",
"div"
]
},
"input": "<template><script>test</script><div>hello</div></template>",
"inputType": "template-content",
"output": "<template><div>hello</div></template>",
"message": "SanitizerAPI with config: Template element, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<a href='javascript:evil.com'>Click.</a>",
"inputType": "template-content",
"output": "<a>Click.</a>",
"message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<a href=' javascript:evil.com'>Click.</a>",
"inputType": "template-content",
"output": "<a>Click.</a>",
"message": "SanitizerAPI with config: HTMLAnchorElement with javascript protocal start with space, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<a href='http:evil.com'>Click.</a>",
"inputType": "template-content",
"output": "<a href=\"http:evil.com\">Click.</a>",
"message": "SanitizerAPI with config: HTMLAnchorElement, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<area href='javascript:evil.com'>Click.</area>",
"inputType": "template-content",
"output": "<area>Click.",
"message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<area href=' javascript:evil.com'>Click.</area>",
"inputType": "template-content",
"output": "<area>Click.",
"message": "SanitizerAPI with config: HTMLAreaElement with javascript protocal start with space, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<area href='http:evil.com'>Click.</area>",
"inputType": "template-content",
"output": "<area href=\"http:evil.com\">Click.",
"message": "SanitizerAPI with config: HTMLAreaElement, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<form action='javascript:evil.com'>Click.</form>",
"inputType": "template-content",
"output": "<form>Click.</form>",
"message": "SanitizerAPI with config: HTMLFormElement with javascript action, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<form action=' javascript:evil.com'>Click.</form>",
"inputType": "template-content",
"output": "<form>Click.</form>",
"message": "SanitizerAPI with config: HTMLFormElement with javascript action start with space, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<form action='http:evil.com'>Click.</form>",
"inputType": "template-content",
"output": "<form action=\"http:evil.com\">Click.</form>",
"message": "SanitizerAPI with config: HTMLFormElement, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<input formaction='javascript:evil.com'>Click.</input>",
"inputType": "template-content",
"output": "<input>Click.",
"message": "SanitizerAPI with config: HTMLInputElement with javascript formaction, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<input formaction=' javascript:evil.com'>Click.</input>",
"inputType": "template-content",
"output": "<input>Click.",
"message": "SanitizerAPI with config: HTMLInputElement with javascript formaction start with space, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<input formaction='http:evil.com'>Click.</input>",
"inputType": "template-content",
"output": "<input formaction=\"http:evil.com\">Click.",
"message": "SanitizerAPI with config: HTMLInputElement, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<button formaction='javascript:evil.com'>Click.</button>",
"inputType": "template-content",
"output": "<button>Click.</button>",
"message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<button formaction=' javascript:evil.com'>Click.</button>",
"inputType": "template-content",
"output": "<button>Click.</button>",
"message": "SanitizerAPI with config: HTMLButtonElement with javascript formaction start with space, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<button formaction='http:evil.com'>Click.</button>",
"inputType": "template-content",
"output": "<button formaction=\"http:evil.com\">Click.</button>",
"message": "SanitizerAPI with config: HTMLButtonElement, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<p>Some text</p></body><!-- 1 --></html><!-- 2 --><p>Some more text</p>",
"inputType": "template-content",
"output": "<p>Some text</p><p>Some more text</p>",
"message": "SanitizerAPI with config: malformed HTML, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
"inputType": "template-content",
"output": "<p>Some text</p><p>Some more text</p>",
"message": "SanitizerAPI with config: HTML with comments; comments not allowed, sanitize from document fragment function for <template>"
},
{
"config": {
"allowComments": true
},
"input": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
"inputType": "template-content",
"output": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
"message": "SanitizerAPI with config: HTML with comments; allowComments, sanitize from document fragment function for <template>"
},
{
"config": {
"allowComments": false
},
"input": "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>",
"inputType": "template-content",
"output": "<p>Some text</p><p>Some more text</p>",
"message": "SanitizerAPI with config: HTML with comments; !allowComments, sanitize from document fragment function for <template>"
},
{
"config": {},
"input": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
"inputType": "template-content",
"output": "<p>commentintext</p>",
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, sanitize from document fragment function for <template>"
},
{
"config": {
"allowComments": true
},
"input": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
"inputType": "template-content",
"output": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, allowComments, sanitize from document fragment function for <template>"
},
{
"config": {
"allowComments": false
},
"input": "<p>comment<!-- hello -->in<!-- </p> -->text</p>",
"inputType": "template-content",
"output": "<p>commentintext</p>",
"message": "SanitizerAPI with config: HTML with comments deeper in the tree, !allowComments, sanitize from document fragment function for <template>"
},
{
"config": {
"allowElements": [
"svg"
]
},
"input": "<svg></svg>",
"inputType": "template-content",
"output": "",
"message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces., sanitize from document fragment function for <template>"
},
{
"config": {
"allowElements": [
"div",
"svg"
]
},
"input": "<div><svg></svg></div>",
"inputType": "template-content",
"output": "<div></div>",
"message": "SanitizerAPI with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces when nested., sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
"I",
"DL"
]
},
"input": "<div>balabala<dl>test</dl></div>",
"inputType": "template-content",
"output": "<div>balabala<dl>test</dl></div>",
"message": "SanitizerAPI with config: dropElements list [\"I\", \"DL\"]}, sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
"i",
"dl"
]
},
"input": "<div>balabala<dl>test</dl></div>",
"inputType": "template-content",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]}, sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
"i",
"dl"
]
},
"input": "<DIV>balabala<DL>test</DL></DIV>",
"inputType": "template-content",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements list [\"i\", \"dl\"]} with uppercase HTML, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": [
{
"name": "ID",
"elements": "*"
}
]
},
"input": "<p id=\"test\">Click.</p>",
"inputType": "template-content",
"output": "<p id=\"test\">Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with id attribute, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": [
{
"name": "ID",
"elements": "*"
}
]
},
"input": "<p ID=\"test\">Click.</p>",
"inputType": "template-content",
"output": "<p id=\"test\">Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"ID\": [\"*\"]} with ID attribute, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": [
{
"name": "id",
"elements": "*"
}
]
},
"input": "<p ID=\"test\">Click.</p>",
"inputType": "template-content",
"output": "<p>Click.</p>",
"message": "SanitizerAPI with config: dropAttributes list {\"id\": [\"*\"]} with ID attribute, sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
123,
"test",
"i",
"custom-element"
]
},
"input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>",
"inputType": "template-content",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements with unknown elements and without allowUnknownMarkup, sanitize from document fragment function for <template>"
},
{
"config": {
"blockElements": [
123,
"test",
"i",
"custom-element"
]
},
"input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>",
"inputType": "template-content",
"output": "<div>balabalatest</div>",
"message": "SanitizerAPI with config: blockElements with unknown elements and without allowUnknownMarkup, sanitize from document fragment function for <template>"
},
{
"config": {
"allowElements": [
"p",
"test"
]
},
"input": "<div>test<div>p</div>tt<p>div</p></div><test>test</test>",
"inputType": "template-content",
"output": "testptt<p>div</p>",
"message": "SanitizerAPI with config: allowElements with unknown elements and without allowUnknownMarkup, sanitize from document fragment function for <template>"
},
{
"config": {
"dropElements": [
123,
"test",
"i",
"custom-element"
],
"allowUnknownMarkup": true
},
"input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>",
"inputType": "template-content",
"output": "<div>balabala</div>",
"message": "SanitizerAPI with config: dropElements with unknown elements and with allowUnknownMarkup, sanitize from document fragment function for <template>"
},
{
"config": {
"blockElements": [
123,
"test",
"i",
"custom-element"
],
"allowUnknownMarkup": true
},
"input": "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>",
"inputType": "template-content",
"output": "<div>balabalatest</div>t",
"message": "SanitizerAPI with config: blockElements with unknown elements and with allowUnknownMarkup, sanitize from document fragment function for <template>"
},
{
"config": {
"allowElements": [
"p",
"test"
],
"allowUnknownMarkup": true
},
"input": "<div>test<div>p</div>tt<p>div</p><test>test</test></div>",
"inputType": "template-content",
"output": "testptt<p>div</p><test>test</test>",
"message": "SanitizerAPI with config: allowElements with unknown elements and with allowUnknownMarkup, sanitize from document fragment function for <template>"
},
{
"config": {
"allowAttributes": [
{
"name": "hello",
"elements": "*"
},
{
"name": "world",
"elements": [
"b"
]
}
]
},
"input": "<div hello='1' world='2'><b hello='3' world='4'>",
"inputType": "template-content",
"output": "<div><b></b></div>",
"message": "SanitizerAPI with config: allowAttributes unknown attributes and without allowUnknownMarkup, sanitize from document fragment function for <template>"
},
{
"config": {
"allowAttributes": [
{
"name": "hello",
"elements": "*"
},
{
"name": "world",
"elements": [
"b"
]
}
],
"allowUnknownMarkup": true
},
"input": "<div hello='1' world='2'><b hello='3' world='4'>",
"inputType": "template-content",
"output": "<div hello=\"1\"><b hello=\"3\" world=\"4\"></b></div>",
"message": "SanitizerAPI with config: allowAttributes unknown attributes and with allowUnknownMarkup, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": [
{
"name": "hello",
"elements": "*"
},
{
"name": "world",
"elements": [
"b"
]
}
]
},
"input": "<div hello='1' world='2'><b hello='3' world='4'>",
"inputType": "template-content",
"output": "<div><b></b></div>",
"message": "SanitizerAPI with config: dropAttributes unknown attributes and without allowUnknownMarkup, sanitize from document fragment function for <template>"
},
{
"config": {
"dropAttributes": [
{
"name": "hello",
"elements": "*"
},
{
"name": "world",
"elements": [
"b"
]
}
],
"allowUnknownMarkup": true
},
"input": "<div hello='1' world='2'><b hello='3' world='4'>",
"inputType": "template-content",
"output": "<div><b></b></div>",
"message": "SanitizerAPI with config: dropAttributes unknown attributes and with allowUnknownMarkup, sanitize from document fragment function for <template>"
}
]
Reference in a new issue View git blame Copy permalink