Rework sanitizer-config WPT test.

Bug: 1184655
Change-Id: Ifd0b1b89594a6d651466aa422a1b34978c8c6953
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2784838
Reviewed-by: Yifan Luo <lyf@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#872414}

third_party/blink/web_tests/external/wpt/sanitizer-api/sanitizer-config.https.tentative.html

@@ -17,22 +17,66 @@
       assert_true(s instanceof Sanitizer);
     }, "SanitizerAPI creator with empty config.");
 
+    test(t => {
+      let s = new Sanitizer(null);
+      assert_true(s instanceof Sanitizer);
+    }, "SanitizerAPI creator with null as config.");
+
+    test(t => {
+      let s = new Sanitizer(undefined);
+      assert_true(s instanceof Sanitizer);
+    }, "SanitizerAPI creator with undefined as config.");
+
     test(t => {
       let s = new Sanitizer({testConfig: [1,2,3], attr: ["test", "i", "am"]});
       assert_true(s instanceof Sanitizer);
     }, "SanitizerAPI creator with config ignore unknown values.");
 
-    const config_names = ["dropElements", "blockElements", "allowElements", "dropAttributes", "blockAttributes", "allowAttributes"];
-    config_names.forEach(cname => {
-      let options = {};
-      options[cname] = [];
+    // In-depth testing of sanitization is handled in other tests. Here we
+    // do presence testing for each of the config options and test 3 things:
+    // - One case where our test string is modified,
+    // - one where it's unaffected,
+    // - that a config can't be changed afterwards.
+    //   (I.e., that the Sanitizer won't hold on to a reference of the options.)
+
+    const probe = "<div id=\"i\">balabala</div><p>test</p>";
+    const should_stay_the_same = {
+      allowElements: [ "div", "p" ],
+      blockElements: [ "test" ],
+      dropElements: [ "test" ],
+      allowAttributes: { "id": ["*"]},
+      dropAttributes: { "bla": ["blubb"]},
+    };
+    const should_modify = {
+      allowElements: [ "div", "span" ],
+      blockElements: [ "div" ],
+      dropElements: [ "p" ],
+      allowAttributes: { "id": ["p"]},
+      dropAttributes: { "id": ["div"]},
+    };
+    assert_array_equals(Object.keys(should_stay_the_same), Object.keys(should_modify));
+    Object.keys(should_stay_the_same).forEach(option_key => {
       test(t => {
-        let s = new Sanitizer(options);
+        const options = {};
+        options[option_key] = should_stay_the_same[option_key];
+        const s = new Sanitizer(options);
         assert_true(s instanceof Sanitizer);
-        assert_equals(s.sanitizeToString("<div>balabala<i>test</i></div>"), "<div>balabala<i>test</i></div>");
-      }, "SanitizerAPI creator with config " + JSON.stringify(options) + ".");
-  });
+        assert_equals(s.sanitizeToString(probe), probe);
+      }, `SanitizerAPI: ${option_key} stays is okay.`);
 
+      const options = {};
+      options[option_key] = should_modify[option_key];
+      const s = new Sanitizer(options);
+      test(t => {
+        assert_true(s instanceof Sanitizer);
+        assert_not_equals(s.sanitizeToString(probe), probe);
+      }, `SanitizerAPI: ${option_key} modify is okay.`);
+
+      options[option_key] = should_stay_the_same[option_key];
+      test(t => {
+        assert_not_equals(s.sanitizeToString(probe), probe);
+      }, `SanitizerAPI: ${option_key} config is not kept as reference.`);
+    });
 </script>
 </body>
 </html>

third_party/blink/web_tests/external/wpt/sanitizer-api/sanitizer-sanitize.https.tentative.html

@@ -14,13 +14,52 @@
       return d.innerHTML;
     }
 
+    test(t => {
+      let s = new Sanitizer({});
+      assert_throws_js(TypeError, _ => s.sanitize());
+    }, "SanitizerAPI sanitize function without argument should throw an error.");
+
+    test(t => {
+      let s = new Sanitizer({});
+      fragment = s.sanitize(null);
+      assert_true(fragment instanceof DocumentFragment);
+      assert_equals(getString(fragment), "null");
+    }, "SanitizerAPI sanitize function for null.");
+
     testcases.forEach(c => test(t => {
         let s = new Sanitizer(c.config_input);
-
         fragment = s.sanitize(c.value);
         assert_true(fragment instanceof DocumentFragment);
         assert_equals(getString(fragment), c.result);
-    }, "SanitizerAPI sanitize function for " + c.message));
+    }, "SanitizerAPI with config: " + c.message + ", sanitize from string function for " + c.message));
+
+    async_test(t => {
+      let s = new Sanitizer();
+      fragment = s.sanitize("<img src='http://bla/'>");
+      t.step_timeout(_ => {
+        assert_equals(performance.getEntriesByName("http://bla/").length, 0);
+        t.done();
+      }, 1000);
+    }, "SanitizerAPI sanitize function shouldn't load the image.");
+
+    testcases.forEach(c => test(t => {
+        let s = new Sanitizer(c.config_input);
+        var dom = new DOMParser().parseFromString("<!DOCTYPE html><body>" + c.value, "text/html");
+        fragment = s.sanitize(dom);
+        assert_true(fragment instanceof DocumentFragment);
+
+        let result = getString(fragment);
+        assert_equals(result, c.result);
+    }, "SanitizerAPI with config: " + c.message + ", sanitize from document function for " + c.message));
+
+    testcases.forEach(c => test(t => {
+        let s = new Sanitizer(c.config_input);
+        let tpl = document.createElement("template");
+        tpl.innerHTML = c.value;
+        fragment = s.sanitize(tpl.content);
+        assert_true(fragment instanceof DocumentFragment);
+        assert_equals(getString(fragment), c.result);
+    }, "SanitizerAPI with config: " + c.message + ", sanitize from document fragment function for " + c.message));
 </script>
 </body>
 </html>

third_party/blink/web_tests/external/wpt/sanitizer-api/sanitizer-sanitizeToString.https.tentative.html

@@ -8,10 +8,36 @@
 
 <body>
 <script>
+    test(t => {
+      let s = new Sanitizer({});
+      assert_throws_js(TypeError, _ => s.sanitizeToString());
+    }, "SanitizerAPI sanitize function without argument should throw an error.");
+
+    test(t => {
+      let s = new Sanitizer({});
+      fragment = s.sanitize(null);
+        assert_equals(s.sanitizeToString(null), "null");
+    }, "SanitizerAPI sanitizeToString function for null.");
+
     testcases.forEach(c => test(t => {
         let s = new Sanitizer(c.config_input);
         assert_equals(s.sanitizeToString(c.value), c.result);
-    }, "SanitizerAPI sanitizeToString function for " + c.message));
+    }, "SanitizerAPI config: " + c.message + ", sanitizeToString from string function for " + c.message));
+
+    testcases.forEach(c => test(t => {
+        let s = new Sanitizer(c.config_input);
+        var dom = new DOMParser().parseFromString("<!DOCTYPE html><body>" + c.value, "text/html");
+        let result = s.sanitizeToString(dom);
+
+        assert_equals(result, c.result);
+    }, "SanitizerAPI with config: " + c.message + ", sanitizeToString from document function for " + c.message));
+
+    testcases.forEach(c => test(t => {
+        let s = new Sanitizer(c.config_input);
+        let tpl = document.createElement("template");
+        tpl.innerHTML = c.value;
+        assert_equals(s.sanitizeToString(tpl.content), c.result);
+    }, "SanitizerAPI with config: " + c.message + ", sanitizeToString from document fragment function for " + c.message));
 </script>
 </body>
 </html>