testing/web-platform/tests/clipboard-apis/async-navigator-clipboard-read-sanitize.https.html

   1 <!doctype html>
   2 <meta charset="utf-8">
   3 <title>Async Clipboard.read() should sanitize text/html</title>
   4 <link rel="help" href="https://w3c.github.io/clipboard-apis/#dom-clipboard-read">
   5 <link rel="help" href="https://bugs.chromium.org/p/chromium/issues/detail?id=1315563">
   6 <script src="/resources/testharness.js"></script>
   7 <script src="/resources/testharnessreport.js"></script>
   8 <script src="/resources/testdriver.js"></script>
   9 <script src="/resources/testdriver-vendor.js"></script>
  10 <script src="resources/user-activation.js"></script>
  11
  12 <body>Body needed for test_driver.click()
  13 <p><button id="button">Put payload in the clipboard</button></p>
  14 <div id="output"></div>
  15
  16 <script>
  17 let testFailed = false;
  18 function fail() {
  19   testFailed = true;
  20 }
  21
  22 button.onclick = () => document.execCommand('copy');
  23 document.oncopy = ev => {
  24   ev.preventDefault();
  25   ev.clipboardData.setData(
  26       'text/html',
  27       `<form><math><mtext></form><form><mglyph><xmp></math><img src=invalid onerror=fail()></xmp>`);
  28 };
  29
  30 promise_test(async test => {
  31   await test_driver.set_permission({name: 'clipboard-read'}, 'granted');
  32   await test_driver.click(button);
  33
  34   await waitForUserActivation();
  35   const items = await navigator.clipboard.read();
  36   const htmlBlob = await items[0].getType("text/html");
  37   const html = await htmlBlob.text();
  38
  39   // This inserts an image with `onerror` handler if `html` is not properly sanitized
  40   output.innerHTML = html;
  41
  42   // Allow the 'error' event to be dispatched asynchronously
  43   await new Promise(resolve => test.step_timeout(resolve, 100));
  44
  45   assert_false(testFailed);
  46 });
  47 </script>
  48 </body>