[Sanitizer API] Use <body> as context element for fragment parsing.

Bug: 1116418
Change-Id: Ifb2315d41799d02bfbe330719ca69eee502c0235
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2390649
Commit-Queue: Yifan Luo <lyf@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#804210}

third_party/blink/renderer/modules/sanitizer_api/sanitizer.cc

@@ -36,7 +36,8 @@ DocumentFragment* Sanitizer::sanitize(ScriptState* script_state,
   }
   Document* document = window->document();
   DocumentFragment* fragment = document->createDocumentFragment();
-  fragment->ParseHTML(input, document->documentElement());
+  DCHECK(document->QuerySelector("body"));
+  fragment->ParseHTML(input, document->QuerySelector("body"));
   return fragment;
 }
 

third_party/blink/web_tests/external/wpt/sanitizer-api/sanitizer.tentative.html

@@ -22,19 +22,19 @@
     test(t => {
         fragment = s.sanitize("test");
         assert_equals("[object DocumentFragment]", fragment.toString());
-        assert_equals(getString(fragment), "<head></head><body>test</body>");
+        assert_equals(getString(fragment), "test");
     }, "SanitizerAPI sanitizeToFragment works!");
 
     test(t => {
         fragment = s.sanitize("<b>bla</b>");
         assert_equals(fragment.toString(), "[object DocumentFragment]");
-        assert_equals(getString(fragment), "<head></head><body><b>bla</b></body>");
+        assert_equals(getString(fragment), "<b>bla</b>");
     }, "SanitizerAPI sanitizeToFragment with HTML codes works!");
 
     test(t => {
         fragment = s.sanitize("<a<embla");
         assert_equals(fragment.toString(), "[object DocumentFragment]");
-        assert_equals(getString(fragment), "<head></head><body></body>");
+        assert_equals(getString(fragment), "");
     }, "SanitizerAPI sanitizeToFragment with broken HTML codes works!");
 </script>
 </body>