honeymoose
/
angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test(security): tests for HTML5 elements, srcset. 

Part of #9572.
This commit is contained in:
Martin Probst 2016-06-27 12:18:48 -07:00
parent 6605eb30e9
commit db66509e66
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/@angular/platform-browser/test/security/html_sanitizer_spec.ts
View File

@ -42,6 +42,14 @@ export function main() {
t.expect(sanitizeHtml('<a xlink:href="javascript:foo()">t</a>')) t.expect(sanitizeHtml('<a xlink:href="javascript:foo()">t</a>'))
.toEqual('<a xlink:href="unsafe:javascript:foo()">t</a>'); .toEqual('<a xlink:href="unsafe:javascript:foo()">t</a>');
}); });
t.it('supports HTML5 elements', () => {
t.expect(sanitizeHtml('<main><summary>Works</summary></main>'))
.toEqual('<main><summary>Works</summary></main>');
});
t.it('sanitizes srcset attributes', () => {
t.expect(sanitizeHtml('<img srcset="/foo.png 400px, javascript:evil() 23px">'))
.toEqual('<img srcset="/foo.png 400px, unsafe:javascript:evil() 23px">');
});
t.it('supports sanitizing plain text', () => { t.it('supports sanitizing plain text', () => {
t.expect(sanitizeHtml('Hello, World')).toEqual('Hello, World'); t.expect(sanitizeHtml('Hello, World')).toEqual('Hello, World');