| // Copyright 2013 The Closure Library Authors. All Rights Reserved. |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS-IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| goog.provide('goog.dom.safeTest'); |
| goog.setTestOnly('goog.dom.safeTest'); |
| |
| goog.require('goog.dom.safe'); |
| goog.require('goog.html.SafeUrl'); |
| goog.require('goog.html.testing'); |
| goog.require('goog.string.Const'); |
| goog.require('goog.testing.jsunit'); |
| |
| function testSetInnerHtml() { |
| var mockElement = { |
| 'innerHTML': 'blarg' |
| }; |
| var html = '<script>somethingTrusted();<' + '/script>'; |
| var safeHtml = goog.html.testing.newSafeHtmlForTest(html); |
| goog.dom.safe.setInnerHtml(mockElement, safeHtml); |
| assertEquals(html, mockElement.innerHTML); |
| } |
| |
| |
| function testDocumentWrite() { |
| var mockDoc = { |
| 'html': null, |
| 'write': function(html) { |
| this['html'] = html; |
| } |
| }; |
| var html = '<script>somethingTrusted();<' + '/script>'; |
| var safeHtml = goog.html.testing.newSafeHtmlForTest(html); |
| goog.dom.safe.documentWrite(mockDoc, safeHtml); |
| assertEquals(html, mockDoc.html); |
| } |
| |
| |
| function testSetLocationHref() { |
| var mockLoc = { |
| 'href': 'blarg' |
| }; |
| goog.dom.safe.setLocationHref(mockLoc, 'javascript:evil();'); |
| assertEquals('about:invalid#zClosurez', mockLoc.href); |
| |
| mockLoc = { |
| 'href': 'blarg' |
| }; |
| var safeUrl = goog.html.SafeUrl.fromConstant( |
| goog.string.Const.from('javascript:trusted();')); |
| goog.dom.safe.setLocationHref(mockLoc, safeUrl); |
| assertEquals('javascript:trusted();', mockLoc.href); |
| } |
| |
| |
| function testSetAnchorHref() { |
| var mockAnchor = { |
| 'href': 'blarg' |
| }; |
| goog.dom.safe.setAnchorHref(mockAnchor, 'javascript:evil();'); |
| assertEquals('about:invalid#zClosurez', mockAnchor.href); |
| |
| mockAnchor = { |
| 'href': 'blarg' |
| }; |
| var safeUrl = goog.html.SafeUrl.fromConstant( |
| goog.string.Const.from('javascript:trusted();')); |
| goog.dom.safe.setAnchorHref(mockAnchor, safeUrl); |
| assertEquals('javascript:trusted();', mockAnchor.href); |
| } |