blob: f540befec9f6f7045fe17f4aa59022d637127f4e [file] [log] [blame]
This tests getData strips away secrets and dangerous code when copying inside a null origin document.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
PASS JSON.stringify(typesInNullOrigin) is "[\"text/html\"]"
PASS htmlInNullOrigin.includes("secret") is false
PASS htmlInNullOrigin.includes("dangerousCode") is false
PASS b = (new DOMParser).parseFromString(htmlInNullOrigin, "text/html").querySelector("b"); b.textContent is "hello"
PASS b.parentNode.textContent is "hello, world"
PASS JSON.stringify(itemsInNullOrigin) is "[{\"kind\":\"string\",\"type\":\"text/html\"}]"
PASS event.clipboardData.getData("text/html") is "<meta content=\"secret\"><b onmouseover=\"dangerousCode()\">hello</b><!-- secret-->, world<script>dangerousCode()</script>"
PASS JSON.stringify(event.clipboardData.types) is "[\"text/html\"]"
PASS JSON.stringify(Array.from(event.clipboardData.items).map((item) => ({kind: item.kind, type: item.type}))) is "[{\"kind\":\"string\",\"type\":\"text/html\"}]"
PASS successfullyParsed is true
TEST COMPLETE