LayoutTests/http/tests/security/clipboard/copy-paste-html-cross-origin-iframe-in-same-origin.html - WebKit - Git at Google

 <!DOCTYPE html>
 <html>
 <body>
 <script src="/resources/js-test-pre.js"></script>
 <p id="description"></p>
 <div id="console"></div>
 <div id="container">
 <button onclick="runTest()">Copy</button>
 <div><br></div>
 <div id="source" contenteditable>
     hello, <meta content="some secret"><!-- secret -->
     <img onclick="dangerousCode()" src="resources/apple.gif"><br>
     <iframe src="http://localhost:8000/security/clipboard/resources/content-to-copy.html"></iframe>
 </div>
 <div id="destination" onpaste="doPaste(event)" contenteditable>Paste here</div>
 </div>
 <script>

 description('This tests copying and pasting HTML by the default action. WebKit should not sanitize the HTML in the same document.');
 jsTestIsAsync = true;

 if (window.internals)
     internals.settings.setCustomPasteboardDataEnabled(true);

 function runTest() {
     document.getElementById('source').focus();
     document.execCommand('selectAll');
     document.execCommand('copy');
     setTimeout(() => {
         document.getElementById('destination').focus();
         document.execCommand('selectAll');
         if (window.testRunner)
             document.execCommand('paste');
     }, 0);
 }

 function doPaste(event) {
     shouldBeTrue('html = event.clipboardData.getData("text/html"); html.includes("hello")');
     shouldBeTrue('destination.innerHTML = html; img = destination.querySelector("img"); !!img');
     shouldBeEqualToString('new URL(img.src).protocol', 'http:');
     shouldBeTrue('html.includes("http://localhost:8000/security/clipboard/resources/content-to-copy.html")');
     shouldBeFalse('html.includes("secret")');
     evalAndLog('destination.innerHTML = ""');

     const observer = new MutationObserver((recordList) => {
         for (const record of recordList) {
             for (const node of record.addedNodes) {
                 if (node.nodeValue === null)
                     continue;
                 if (node.nodeValue.includes('secret'))
                     testFailed(`Saw secret in a node ${node}`);
                 if (node.nodeValue.includes('dangerousCode'))
                     testFailed(`Saw dangerous code in a node ${node}`);
             }
         }
     });
     observer.observe(destination, {childList: true, subtree: true});

     window.onmessage = checkFrameAccess;
 }

 function checkFrameAccess() {
     shouldBeTrue('destination.textContent.includes("hello")');
     shouldBeFalse('destination.innerHTML.includes("secret")');
     shouldBeFalse('destination.innerHTML.includes("dangerousCode")');
     shouldBeTrue('destination.querySelector("img"); !!img');
     shouldBeEqualToString('new URL(img.src).protocol', 'http:');
     shouldBeNull('source.querySelector("iframe").contentDocument');
     shouldBeNull('destination.querySelector("iframe").contentDocument');
     container.remove();
     finishJSTest();
 }

 if (window.testRunner)
     window.onload = runTest;

 var successfullyParsed = true;

 </script>
 <script src="/resources/js-test-post.js"></script>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<body>
	<script src="/resources/js-test-pre.js"></script>
	<p id="description"></p>
	<div id="console"></div>
	<div id="container">
	<button onclick="runTest()">Copy</button>
	<div><br></div>
	<div id="source" contenteditable>
	hello, <meta content="some secret"><!-- secret -->
	<img onclick="dangerousCode()" src="resources/apple.gif"><br>
	<iframe src="http://localhost:8000/security/clipboard/resources/content-to-copy.html"></iframe>
	</div>
	<div id="destination" onpaste="doPaste(event)" contenteditable>Paste here</div>
	</div>
	<script>

	description('This tests copying and pasting HTML by the default action. WebKit should not sanitize the HTML in the same document.');
	jsTestIsAsync = true;

	if (window.internals)
	internals.settings.setCustomPasteboardDataEnabled(true);

	function runTest() {
	document.getElementById('source').focus();
	document.execCommand('selectAll');
	document.execCommand('copy');
	setTimeout(() => {
	document.getElementById('destination').focus();
	document.execCommand('selectAll');
	if (window.testRunner)
	document.execCommand('paste');
	}, 0);
	}

	function doPaste(event) {
	shouldBeTrue('html = event.clipboardData.getData("text/html"); html.includes("hello")');
	shouldBeTrue('destination.innerHTML = html; img = destination.querySelector("img"); !!img');
	shouldBeEqualToString('new URL(img.src).protocol', 'http:');
	shouldBeTrue('html.includes("http://localhost:8000/security/clipboard/resources/content-to-copy.html")');
	shouldBeFalse('html.includes("secret")');
	evalAndLog('destination.innerHTML = ""');

	const observer = new MutationObserver((recordList) => {
	for (const record of recordList) {
	for (const node of record.addedNodes) {
	if (node.nodeValue === null)
	continue;
	if (node.nodeValue.includes('secret'))
	testFailed(`Saw secret in a node ${node}`);
	if (node.nodeValue.includes('dangerousCode'))
	testFailed(`Saw dangerous code in a node ${node}`);
	}
	}
	});
	observer.observe(destination, {childList: true, subtree: true});

	window.onmessage = checkFrameAccess;
	}

	function checkFrameAccess() {
	shouldBeTrue('destination.textContent.includes("hello")');
	shouldBeFalse('destination.innerHTML.includes("secret")');
	shouldBeFalse('destination.innerHTML.includes("dangerousCode")');
	shouldBeTrue('destination.querySelector("img"); !!img');
	shouldBeEqualToString('new URL(img.src).protocol', 'http:');
	shouldBeNull('source.querySelector("iframe").contentDocument');
	shouldBeNull('destination.querySelector("iframe").contentDocument');
	container.remove();
	finishJSTest();
	}

	if (window.testRunner)
	window.onload = runTest;

	var successfullyParsed = true;

	</script>
	<script src="/resources/js-test-post.js"></script>
	</body>
	</html>