[Sanitizer API] Make a copy of wpt tests to the internal one

Bug: 1116418 Change-Id: I563b96f33cf86e01816aa487ecc79a6fa3efd162 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2416348 Commit-Queue: Yifan Luo <lyf@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#808293}

[Sanitizer API] Make a copy of wpt tests to the internal one
Bug: 1116418 Change-Id: I563b96f33cf86e01816aa487ecc79a6fa3efd162 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2416348 Commit-Queue: Yifan Luo <lyf@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#808293}
cc332c3c · Yifan Luo · Commit Bot · 921c36d4 · cc332c3c · cc332c3c
Commit cc332c3c authored Sep 18, 2020 by Yifan Luo Committed by Commit Bot Sep 18, 2020
9 changed files
--- a/third_party/blink/web_tests/wpt_internal/sanitizer-api/META.yml
+++ b/third_party/blink/web_tests/wpt_internal/sanitizer-api/META.yml
+spec: https://wicg.github.io/sanitizer-api/
+suggested_reviewers:
+  - ivanlish
+  - mozfreddyb
+  - otherdaniel
--- a/third_party/blink/web_tests/wpt_internal/sanitizer-api/OWNERS
+++ b/third_party/blink/web_tests/wpt_internal/sanitizer-api/OWNERS
+# TEAM: security-dev@chromium.org
+# COMPONENT: Blink>SecurityFeature>SanitizerAPI
+# WPT-NOTIFY: true
+file://third_party/blink/renderer/modules/sanitizer_api/OWNERS
--- a/third_party/blink/web_tests/wpt_internal/sanitizer-api/idlharness.tentative.window.js
+++ b/third_party/blink/web_tests/wpt_internal/sanitizer-api/idlharness.tentative.window.js
+// META: script=/resources/WebIDLParser.js
+// META: script=/resources/idlharness.js
+
+idl_test(
+  ['sanitizer-api.tentative'],
+  ['html'],
+  idl_array => {
+    idl_array.add_objects({
+      Sanitizer: ['new Sanitizer({})']
+    });
+  }
+);
--- a/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-config.tentative.html
+++ b/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-config.tentative.html
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/testcases.sub.js"></script>
+</head>
+
+<body>
+<script>
+    const default_option ={dropElements: null};
+    test(t => {
+      let s = new Sanitizer();
+      assert_true(s instanceof Sanitizer);
+      assert_object_equals(s.creationOptions, default_option);
+    }, "SanitizerAPI creator without config.");
+
+    test(t => {
+      let s = new Sanitizer({});
+      assert_true(s instanceof Sanitizer);
+      assert_object_equals(s.creationOptions, default_option);
+    }, "SanitizerAPI creator with empty config.");
+
+    test(t => {
+      let s = new Sanitizer(null);
+      assert_true(s instanceof Sanitizer);
+      assert_object_equals(s.creationOptions, default_option);
+    }, "SanitizerAPI creator with null as config.");
+
+    test(t => {
+      let s = new Sanitizer(undefined);
+      assert_true(s instanceof Sanitizer);
+      assert_object_equals(s.creationOptions, default_option);
+    }, "SanitizerAPI creator with undefined as config.");
+
+    test(t => {
+      let s = new Sanitizer({testConfig: [1,2,3], attr: ["test", "i", "am"]});
+      assert_true(s instanceof Sanitizer);
+      assert_object_equals(s.creationOptions, default_option);
+    }, "SanitizerAPI creator with config ignore unknown values.");
+
+    test(t => {
+      let options = {dropElements: ["div"]};
+      let s = new Sanitizer(options);
+      assert_true(s instanceof Sanitizer);
+      assert_object_equals(s.creationOptions, {dropElements: ["DIV"]});
+
+      options.dropElements.push("test");
+      assert_object_equals(s.creationOptions, {dropElements: ["DIV"]});
+
+      s.creationOptions = {dropElements: ["test", "t"]};
+      assert_object_equals(s.creationOptions, {dropElements: ["DIV"]});
+
+      s.creationOptions['dropElements'] = [1,2,3];
+      assert_object_equals(s.creationOptions, {dropElements: ["DIV"]});
+    }, "SanitizerAPI config is not editable.");
+
+    test(t => {
+      let s = new Sanitizer({dropElements: []});
+      assert_true(s instanceof Sanitizer);
+      assert_equals(s.sanitizeToString("<div>balabala<i>test</i></div>"), "<div>balabala<i>test</i></div>");
+    }, "SanitizerAPI creator with config {dropElements: []}.")
+
+    test(t => {
+      let s = new Sanitizer({dropElements: null});
+      assert_true(s instanceof Sanitizer);
+      assert_true(s.creationOptions instanceof Object);
+      assert_object_equals(s.creationOptions, default_option);
+    }, "SanitizerAPI creator with config {dropElements: null}.")
+
+    test(t => {
+      let s = new Sanitizer({dropElements: undefined});
+      assert_true(s instanceof Sanitizer);
+      assert_true(s.creationOptions instanceof Object);
+      assert_object_equals(s.creationOptions, default_option);
+    }, "SanitizerAPI creator with config {dropElements: undefined}.");
+
+    test(t => {
+      assert_throws_js(TypeError, _ => {let s = new Sanitizer({dropElements: 123})});
+    }, "SanitizerAPI creator with config {dropElements: 123}.");
+
+    test(t => {
+      assert_throws_js(TypeError, _ => {let s = new Sanitizer({dropElements: "div"})});
+    }, "SanitizerAPI creator with config {dropElements: div}.");
+
+</script>
+</body>
+</html>
--- a/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitize.tentative-expected.txt
+++ b/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitize.tentative-expected.txt
+This is a testharness.js-based test.
+PASS SanitizerAPI sanitize function without argument should throw an error.
+PASS SanitizerAPI with config: string, sanitize function for string
+PASS SanitizerAPI with config: html fragment, sanitize function for html fragment
+PASS SanitizerAPI with config: broken html, sanitize function for broken html
+PASS SanitizerAPI with config: empty object, sanitize function for empty object
+PASS SanitizerAPI with config: number, sanitize function for number
+PASS SanitizerAPI with config: zeros, sanitize function for zeros
+PASS SanitizerAPI with config: arithmetic, sanitize function for arithmetic
+PASS SanitizerAPI with config: empty string, sanitize function for empty string
+PASS SanitizerAPI with config: undefined, sanitize function for undefined
+PASS SanitizerAPI with config: null, sanitize function for null
+PASS SanitizerAPI with config: document, sanitize function for document
+PASS SanitizerAPI with config: html without close tag, sanitize function for html without close tag
+FAIL SanitizerAPI with config: scripts, sanitize function for scripts assert_equals: expected "" but got "<script>alert('i am a test')</script>"
+FAIL SanitizerAPI with config: onclick scripts, sanitize function for onclick scripts assert_equals: expected "<p>Click.</p>" but got "<p onclick=\"a= 123\">Click.</p>"
+PASS SanitizerAPI with config: invalid config_input, sanitize function for invalid config_input
+PASS SanitizerAPI with config: empty dropElements list, sanitize function for empty dropElements list
+PASS SanitizerAPI with config: test html without close tag with dropElements list ['div'], sanitize function for test html without close tag with dropElements list ['div']
+PASS SanitizerAPI with config: test script with ["script"] as dropElements list, sanitize function for test script with ["script"] as dropElements list
+PASS SanitizerAPI with config: dropElements list ["test", "i"]}, sanitize function for dropElements list ["test", "i"]}
+PASS SanitizerAPI with config: dropElements list ["I", "AM"]}, sanitize function for dropElements list ["I", "AM"]}
+PASS SanitizerAPI with config: dropElements list ["am", "p"]}, sanitize function for dropElements list ["am", "p"]}
+PASS SanitizerAPI with config: dropElements list with invalid values}, sanitize function for dropElements list with invalid values}
+Harness: the test ran to completion.
+
--- a/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitize.tentative.html
+++ b/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitize.tentative.html
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/testcases.sub.js"></script>
+</head>
+
+<body>
+<script>
+    function getString(fragment) {
+      d = document.createElement("div");
+      d.appendChild(fragment);
+      return d.innerHTML;
+    }
+
+    test(t => {
+      let s = new Sanitizer({});
+      assert_object_equals(s.creationOptions, {dropElements: null});
+      assert_throws_js(TypeError, _ => s.sanitize());
+    }, "SanitizerAPI sanitize function without argument should throw an error.");
+
+    testcases.forEach(c => test(t => {
+        let s = new Sanitizer(c.config_input);
+        assert_object_equals(s.creationOptions, c.config_value);
+
+        fragment = s.sanitize(c.value);
+        assert_true(fragment instanceof DocumentFragment);
+        assert_equals(getString(fragment), c.result);
+    }, "SanitizerAPI with config: " + c.message + ", sanitize function for " + c.message));
+</script>
+</body>
+</html>
--- a/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitizeToString.tentative-expected.txt
+++ b/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitizeToString.tentative-expected.txt
+This is a testharness.js-based test.
+PASS SanitizerAPI sanitize function without argument should throw an error.
+PASS SanitizerAPI config: string, sanitizeToString function for string
+PASS SanitizerAPI config: html fragment, sanitizeToString function for html fragment
+PASS SanitizerAPI config: broken html, sanitizeToString function for broken html
+PASS SanitizerAPI config: empty object, sanitizeToString function for empty object
+PASS SanitizerAPI config: number, sanitizeToString function for number
+PASS SanitizerAPI config: zeros, sanitizeToString function for zeros
+PASS SanitizerAPI config: arithmetic, sanitizeToString function for arithmetic
+PASS SanitizerAPI config: empty string, sanitizeToString function for empty string
+PASS SanitizerAPI config: undefined, sanitizeToString function for undefined
+PASS SanitizerAPI config: null, sanitizeToString function for null
+PASS SanitizerAPI config: document, sanitizeToString function for document
+PASS SanitizerAPI config: html without close tag, sanitizeToString function for html without close tag
+FAIL SanitizerAPI config: scripts, sanitizeToString function for scripts assert_equals: expected "" but got "<script>alert('i am a test')</script>"
+FAIL SanitizerAPI config: onclick scripts, sanitizeToString function for onclick scripts assert_equals: expected "<p>Click.</p>" but got "<p onclick=\"a= 123\">Click.</p>"
+PASS SanitizerAPI config: invalid config_input, sanitizeToString function for invalid config_input
+PASS SanitizerAPI config: empty dropElements list, sanitizeToString function for empty dropElements list
+PASS SanitizerAPI config: test html without close tag with dropElements list ['div'], sanitizeToString function for test html without close tag with dropElements list ['div']
+PASS SanitizerAPI config: test script with ["script"] as dropElements list, sanitizeToString function for test script with ["script"] as dropElements list
+PASS SanitizerAPI config: dropElements list ["test", "i"]}, sanitizeToString function for dropElements list ["test", "i"]}
+PASS SanitizerAPI config: dropElements list ["I", "AM"]}, sanitizeToString function for dropElements list ["I", "AM"]}
+PASS SanitizerAPI config: dropElements list ["am", "p"]}, sanitizeToString function for dropElements list ["am", "p"]}
+PASS SanitizerAPI config: dropElements list with invalid values}, sanitizeToString function for dropElements list with invalid values}
+Harness: the test ran to completion.
+
--- a/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitizeToString.tentative.html
+++ b/third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitizeToString.tentative.html
+<!DOCTYPE html>
+<html>
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="support/testcases.sub.js"></script>
+</head>
+
+<body>
+<script>
+    test(t => {
+      let s = new Sanitizer({});
+      assert_object_equals(s.creationOptions, {dropElements: null});
+      assert_throws_js(TypeError, _ => s.sanitizeToString());
+    }, "SanitizerAPI sanitize function without argument should throw an error.");
+
+    testcases.forEach(c => test(t => {
+        let s = new Sanitizer(c.config_input);
+        assert_object_equals(s.creationOptions, c.config_value);
+        assert_equals(s.sanitizeToString(c.value), c.result);
+    }, "SanitizerAPI config: " + c.message + ", sanitizeToString function for " + c.message));
+</script>
+</body>
+</html>
--- a/third_party/blink/web_tests/wpt_internal/sanitizer-api/support/testcases.sub.js
+++ b/third_party/blink/web_tests/wpt_internal/sanitizer-api/support/testcases.sub.js
+const testcases = [
+  {config_input: {}, config_value: {dropElements: null}, value: "test", result: "test", message: "string"},
+  {config_input: {}, config_value: {dropElements: null}, value: "<b>bla</b>", result: "<b>bla</b>", message: "html fragment"},
+  {config_input: {}, config_value: {dropElements: null}, value: "<a<embla", result: "", message: "broken html"},
+  {config_input: {}, config_value: {dropElements: null}, value: {}, result: "[object Object]", message: "empty object"},
+  {config_input: {}, config_value: {dropElements: null}, value: 1, result: "1", message: "number"},
+  {config_input: {}, config_value: {dropElements: null}, value: 000, result: "0", message: "zeros"},
+  {config_input: {}, config_value: {dropElements: null}, value: 1+2, result: "3", message: "arithmetic"},
+  {config_input: {}, config_value: {dropElements: null}, value: "", result: "", message: "empty string"},
+  {config_input: {}, config_value: {dropElements: null}, value: undefined, result: "undefined", message: "undefined"},
+  {config_input: {}, config_value: {dropElements: null}, value: null, result: "null", message: "null"},
+  {config_input: {}, config_value: {dropElements: null}, value: "<html><head></head><body>test</body></html>", result: "test", message: "document"},
+  {config_input: {}, config_value: {dropElements: null}, value: "<div>test", result: "<div>test</div>", message: "html without close tag"},
+  {config_input: {}, config_value: {dropElements: null}, value: "<script>alert('i am a test')<\/script>", result: "", message: "scripts"},
+  {config_input: {}, config_value: {dropElements: null}, value: "<p onclick='a= 123'>Click.</p>", result: "<p>Click.</p>", message: "onclick scripts"},
+  {config_input: {test: 123}, config_value: {dropElements: null}, value: "test", result: "test", message: "invalid config_input"},
+  {config_input: {dropElements: []}, config_value: {dropElements:[]}, value: "test", result: "test", message: "empty dropElements list"},
+  {config_input: {dropElements: ["div"]}, config_value: {dropElements:["DIV"]}, value: "<div>test</div><c>bla", result: "<c>bla</c>", message: "test html without close tag with dropElements list ['div']"},
+  {config_input: {dropElements: ["script"]}, config_value: {dropElements:["SCRIPT"]}, value: "<script>alert('i am a test')<\/script>", result: "", message: "test script with [\"script\"] as dropElements list"},
+  {config_input: {dropElements: ["test", "i"]}, config_value: {dropElements:["TEST","I"]}, value: "<div>balabala<i>test</i></div><test>t</test>", result: "<div>balabala</div>", message: "dropElements list [\"test\", \"i\"]}"},
+  {config_input: {dropElements: ["I", "AM"]}, config_value: {dropElements:["I", "AM"]}, value: "<div>balabala<am>test</am></div>", result: "<div>balabala</div>", message: "dropElements list [\"I\", \"AM\"]}"},
+  {config_input: {dropElements: ["am", "p"]}, config_value: {dropElements:["AM","P"]}, value: "<div>balabala<i>i</i><p>t</p><test>a</test></div>", result: "<div>balabala<i>i</i><test>a</test></div>", message: "dropElements list [\"am\", \"p\"]}"},
+  {config_input: {dropElements: [123, [], "test", "i"]}, config_value: {dropElements:["123","","TEST","I"]}, value: "<div>balabala<i>test</i></div><test>t</test>", result: "<div>balabala</div>", message: "dropElements list with invalid values}"}
+];