3 <title>Async Clipboard.read() should sanitize text/html
</title>
4 <link rel=
"help" href=
"https://w3c.github.io/clipboard-apis/#dom-clipboard-read">
5 <link rel=
"help" href=
"https://bugs.chromium.org/p/chromium/issues/detail?id=1315563">
6 <script src=
"/resources/testharness.js"></script>
7 <script src=
"/resources/testharnessreport.js"></script>
8 <script src=
"/resources/testdriver.js"></script>
9 <script src=
"/resources/testdriver-vendor.js"></script>
10 <script src=
"resources/user-activation.js"></script>
12 <body>Body needed for test_driver.click()
13 <p><button id=
"button">Put payload in the clipboard
</button></p>
14 <div id=
"output"></div>
17 let testFailed
= false;
22 button
.onclick
= () => document
.execCommand('copy');
23 document
.oncopy
= ev
=> {
25 ev
.clipboardData
.setData(
27 `<form><math><mtext></form><form><mglyph><xmp></math><img src=invalid onerror=fail()></xmp>`);
30 promise_test(async test
=> {
31 await test_driver
.set_permission({name
: 'clipboard-read'}, 'granted');
32 await test_driver
.click(button
);
34 await
waitForUserActivation();
35 const items
= await navigator
.clipboard
.read();
36 const htmlBlob
= await items
[0].getType("text/html");
37 const html
= await htmlBlob
.text();
39 // This inserts an image with `onerror` handler if `html` is not properly sanitized
40 output
.innerHTML
= html
;
42 // Allow the 'error' event to be dispatched asynchronously
43 await
new Promise(resolve
=> test
.step_timeout(resolve
, 100));
45 assert_false(testFailed
);