| <!DOCTYPE html> |
| <html> |
| <body> |
| <script src="/resources/js-test-pre.js"></script> |
| <p id="description"></p> |
| <div id="console"></div> |
| <div id="container"> |
| <button onclick="runTest()">Copy</button> |
| <div><br></div> |
| <div id="source" contenteditable> |
| hello, <meta content="some secret"><!-- secret --> |
| <img onclick="dangerousCode()" src="resources/apple.gif"><br> |
| <iframe class="same-origin-frame" src="resources/content-to-copy.html" width=80 height=80></iframe> |
| <iframe class="cross-origin-frame" src="http://localhost:8080/security/clipboard/resources/content-to-copy.html" width="100" height="100"></iframe> |
| <iframe class="same-origin-frame-with-data-url" src="resources/data-url-content-to-copy.html" width=80 height=80></iframe> |
| <iframe class="cross-origin-frame-with-data-url" src="http://localhost:8080/security/clipboard/resources/data-url-content-to-copy.html" width=80 height=80></iframe> |
| </div> |
| <iframe id="destinationFrame" src="http://localhost:8000/security/clipboard/resources/subdirectory/paste-html.html"></iframe> |
| </div> |
| <script> |
| |
| description('This tests copying and pasting HTML by the default action. WebKit should sanitize the HTML across origin.'); |
| jsTestIsAsync = true; |
| |
| if (window.internals) |
| internals.settings.setCustomPasteboardDataEnabled(true); |
| |
| function runTest() { |
| document.getElementById('source').focus(); |
| document.execCommand('selectAll'); |
| document.execCommand('copy'); |
| getSelection().removeAllRanges(); |
| setTimeout(() => { |
| destinationFrame.contentWindow.postMessage({type: 'paste'}, '*'); |
| }, 0); |
| } |
| |
| window.onmessage = function (event) { |
| if (event.data.type == 'pasted') { |
| html = event.data.html; |
| debug('html in DataTransfer'); |
| shouldBeTrue('html.includes("hello")'); |
| shouldBeTrue('fragment = (new DOMParser).parseFromString(html, "text/html"); img = fragment.querySelector("img"); !!img'); |
| shouldBeEqualToString('new URL(img.src).protocol', 'http:'); |
| shouldBeEqualToString('new URL(fragment.querySelector(".same-origin-frame").src).protocol', 'http:'); |
| shouldBeEqualToString('new URL(fragment.querySelector(".cross-origin-frame").src).protocol', 'http:'); |
| shouldBeEqualToString('new URL(fragment.querySelector(".same-origin-frame-with-data-url").src).protocol', 'http:'); |
| shouldBeEqualToString('new URL(fragment.querySelector(".cross-origin-frame-with-data-url").src).protocol', 'http:'); |
| } else if (event.data.type == 'checkedState') { |
| frames = event.data.frames; |
| shouldBe('frames.length', '4'); |
| shouldBeEqualToString('new URL(frames[0].src).protocol', 'http:'); |
| shouldBeFalse('frames[0].canAccessContentDocument'); |
| shouldBeEqualToString('new URL(frames[0].imageSrc).protocol', 'http:'); |
| shouldBe('frames[0].imageWidth', '80'); |
| shouldBeEqualToString('new URL(frames[1].src).protocol', 'http:'); |
| shouldBeFalse('frames[1].canAccessContentDocument'); |
| shouldBeEqualToString('new URL(frames[1].imageSrc).protocol', 'http:'); |
| shouldBe('frames[1].imageWidth', '80'); |
| shouldBeEqualToString('new URL(frames[2].src).protocol', 'http:'); |
| shouldBeFalse('frames[2].canAccessContentDocument'); |
| shouldBeEqualToString('new URL(frames[2].imageSrc).protocol', 'data:'); |
| shouldBe('frames[2].imageWidth', '10'); |
| shouldBeEqualToString('new URL(frames[3].src).protocol', 'http:'); |
| shouldBeFalse('frames[3].canAccessContentDocument'); |
| shouldBeEqualToString('new URL(frames[3].imageSrc).protocol', 'data:'); |
| shouldBe('frames[3].imageWidth', '10'); |
| if (window.testRunner) |
| container.remove(); |
| finishJSTest(); |
| } |
| } |
| |
| if (window.testRunner) |
| window.onload = runTest; |
| |
| </script> |
| <script src="/resources/js-test-post.js"></script> |
| </body> |
| </html> |