blob: 1ccf14e5c91d09b524b4938007bd4392b4c9ebc6 [file] [log] [blame]
<!DOCTYPE html>
<html>
<body>
<script src="/resources/js-test-pre.js"></script>
<p id="description"></p>
<div id="console"></div>
<div id="container">
<button onclick="runTest()">Copy</button>
<div><br></div>
<div id="source" contenteditable>
hello, <meta content="some secret"><!-- secret -->
<img onclick="dangerousCode()" src="resources/apple.gif"><br>
<iframe class="same-origin-frame" src="resources/content-to-copy.html" width=80 height=80></iframe>
<iframe class="cross-origin-frame" src="http://localhost:8080/security/clipboard/resources/content-to-copy.html" width="100" height="100"></iframe>
<iframe class="same-origin-frame-with-data-url" src="resources/data-url-content-to-copy.html" width=80 height=80></iframe>
<iframe class="cross-origin-frame-with-data-url" src="http://localhost:8080/security/clipboard/resources/data-url-content-to-copy.html" width=80 height=80></iframe>
</div>
<iframe id="destinationFrame" src="http://localhost:8000/security/clipboard/resources/subdirectory/paste-html.html"></iframe>
</div>
<script>
description('This tests copying and pasting HTML by the default action. WebKit should sanitize the HTML across origin.');
jsTestIsAsync = true;
if (window.internals)
internals.settings.setCustomPasteboardDataEnabled(true);
function runTest() {
document.getElementById('source').focus();
document.execCommand('selectAll');
document.execCommand('copy');
getSelection().removeAllRanges();
setTimeout(() => {
destinationFrame.contentWindow.postMessage({type: 'paste'}, '*');
}, 0);
}
window.onmessage = function (event) {
if (event.data.type == 'pasted') {
html = event.data.html;
debug('html in DataTransfer');
shouldBeTrue('html.includes("hello")');
shouldBeTrue('fragment = (new DOMParser).parseFromString(html, "text/html"); img = fragment.querySelector("img"); !!img');
shouldBeEqualToString('new URL(img.src).protocol', 'http:');
shouldBeEqualToString('new URL(fragment.querySelector(".same-origin-frame").src).protocol', 'http:');
shouldBeEqualToString('new URL(fragment.querySelector(".cross-origin-frame").src).protocol', 'http:');
shouldBeEqualToString('new URL(fragment.querySelector(".same-origin-frame-with-data-url").src).protocol', 'http:');
shouldBeEqualToString('new URL(fragment.querySelector(".cross-origin-frame-with-data-url").src).protocol', 'http:');
} else if (event.data.type == 'checkedState') {
frames = event.data.frames;
shouldBe('frames.length', '4');
shouldBeEqualToString('new URL(frames[0].src).protocol', 'http:');
shouldBeFalse('frames[0].canAccessContentDocument');
shouldBeEqualToString('new URL(frames[0].imageSrc).protocol', 'http:');
shouldBe('frames[0].imageWidth', '80');
shouldBeEqualToString('new URL(frames[1].src).protocol', 'http:');
shouldBeFalse('frames[1].canAccessContentDocument');
shouldBeEqualToString('new URL(frames[1].imageSrc).protocol', 'http:');
shouldBe('frames[1].imageWidth', '80');
shouldBeEqualToString('new URL(frames[2].src).protocol', 'http:');
shouldBeFalse('frames[2].canAccessContentDocument');
shouldBeEqualToString('new URL(frames[2].imageSrc).protocol', 'data:');
shouldBe('frames[2].imageWidth', '10');
shouldBeEqualToString('new URL(frames[3].src).protocol', 'http:');
shouldBeFalse('frames[3].canAccessContentDocument');
shouldBeEqualToString('new URL(frames[3].imageSrc).protocol', 'data:');
shouldBe('frames[3].imageWidth', '10');
if (window.testRunner)
container.remove();
finishJSTest();
}
}
if (window.testRunner)
window.onload = runTest;
</script>
<script src="/resources/js-test-post.js"></script>
</body>
</html>