[Sanitizer API] Sanitize to fragment

Bug: 1116418
Change-Id: I617f6cf6565c723a12bda5c942a6153b41ed9f97
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2387760Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Yifan Luo <lyf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#803828}

third_party/blink/renderer/modules/sanitizer_api/sanitizer.cc

@@ -4,7 +4,11 @@
 
 #include "sanitizer.h"
 
+#include "third_party/blink/renderer/core/dom/document_fragment.h"
+#include "third_party/blink/renderer/core/frame/local_dom_window.h"
+#include "third_party/blink/renderer/platform/bindings/exception_messages.h"
 #include "third_party/blink/renderer/platform/bindings/exception_state.h"
+#include "third_party/blink/renderer/platform/bindings/script_state.h"
 
 namespace blink {
 
@@ -21,4 +25,19 @@ String Sanitizer::sanitizeToString(const String& input) {
   return sanitizedString;
 }
 
+DocumentFragment* Sanitizer::sanitize(ScriptState* script_state,
+                                      const String& input,
+                                      ExceptionState& exception_state) {
+  LocalDOMWindow* window = LocalDOMWindow::From(script_state);
+  if (!window) {
+    exception_state.ThrowDOMException(DOMExceptionCode::kInvalidStateError,
+                                      "Cannot find current DOM window.");
+    return nullptr;
+  }
+  Document* document = window->document();
+  DocumentFragment* fragment = document->createDocumentFragment();
+  fragment->ParseHTML(input, document->documentElement());
+  return fragment;
+}
+
 }  // namespace blink

third_party/blink/renderer/modules/sanitizer_api/sanitizer.h

@@ -11,7 +11,9 @@
 
 namespace blink {
 
+class DocumentFragment;
 class ExceptionState;
+class ScriptState;
 
 class MODULES_EXPORT Sanitizer final : public ScriptWrappable {
   DEFINE_WRAPPERTYPEINFO();
@@ -22,6 +24,8 @@ class MODULES_EXPORT Sanitizer final : public ScriptWrappable {
   ~Sanitizer() override;
 
   String sanitizeToString(const String&);
+
+  DocumentFragment* sanitize(ScriptState*, const String&, ExceptionState&);
 };
 
 }  // namespace blink

third_party/blink/renderer/modules/sanitizer_api/sanitizer.idl

@@ -10,4 +10,5 @@
 ] interface Sanitizer {
   [RaisesException] constructor();
   DOMString sanitizeToString(DOMString input);
+  [CallWith=ScriptState, RaisesException] DocumentFragment sanitize(DOMString input);
 };

third_party/blink/web_tests/external/wpt/sanitizer-api/sanitizer.tentative.html

@@ -8,10 +8,34 @@
 
 <body>
 <script>
+    function getString(fragment) {
+      d = document.createElement("div");
+      d.appendChild(fragment);
+      return d.innerHTML;
+    }
+    s = new Sanitizer();
+
     test(t => {
-        s = new Sanitizer();
-        assert_equals("test", s.sanitizeToString("test"));
+        assert_equals(s.sanitizeToString("test"), "test");
     }, "SanitizerAPI exists!");
+
+    test(t => {
+        fragment = s.sanitize("test");
+        assert_equals("[object DocumentFragment]", fragment.toString());
+        assert_equals(getString(fragment), "<head></head><body>test</body>");
+    }, "SanitizerAPI sanitizeToFragment works!");
+
+    test(t => {
+        fragment = s.sanitize("<b>bla</b>");
+        assert_equals(fragment.toString(), "[object DocumentFragment]");
+        assert_equals(getString(fragment), "<head></head><body><b>bla</b></body>");
+    }, "SanitizerAPI sanitizeToFragment with HTML codes works!");
+
+    test(t => {
+        fragment = s.sanitize("<a<embla");
+        assert_equals(fragment.toString(), "[object DocumentFragment]");
+        assert_equals(getString(fragment), "<head></head><body></body>");
+    }, "SanitizerAPI sanitizeToFragment with broken HTML codes works!");
 </script>
 </body>
 </html>

third_party/blink/web_tests/webexposed/global-interface-listing-expected.txt

@@ -7930,6 +7930,7 @@ interface SVGViewElement : SVGElement
 interface Sanitizer
     attribute @@toStringTag
     method constructor
+    method sanitize
     method sanitizeToString
 interface Scheduler
     attribute @@toStringTag