Bug 1738434 [wpt PR 31437] - [Sanitizer] Implement setHTML options dictionary., a=testonly

Automatic update from web-platform-tests [Sanitizer] Implement setHTML options dictionary. Implement an options dictionary for the Element::setHTML method. This brings us back into compliance with the WPT test suite, so we can delete the expectations file. We'll leave the old (now deprecated) method in place so we don't disturb the ongoing dev trials, but will remove it before default-enabling the Sanitizer. Spec: https://github.com/WICG/sanitizer-api/issues/121 Bug: 1254369 Change-Id: If4e6de7b471c4f199b85015e45abe99c5068b47c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3234209 Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/main@{#936430} -- wpt-commits: eb141a48e1ae5b4640de723bccdf1c1362611490 wpt-pr: 31437
2021-11-01 16:34:11 +00:00 · 2021-11-01 16:34:11 +00:00 · 445cbae679
--- a/testing/web-platform/tests/sanitizer-api/element-set-sanitized-html.https.tentative.html
+++ b/testing/web-platform/tests/sanitizer-api/element-set-sanitized-html.https.tentative.html
@ -52,6 +52,60 @@
      assert_node_equals(buildNode(element.localName, testcase.result), element);
    }, "Sanitizer: Element.setHTML with config: " + testcase.message);
  }
+
+  [
+    undefined,
+    {},
+    { sanitizer: new Sanitizer() },
+    { sanitizer: undefined },
+    { avocado: new Sanitizer() },
+  ].forEach((options, index) => {
+    test(t => {
+      const e = document.createElement("div");
+      e.setHTML("<em>bla</em><script>bla<" + "/script>", options);
+      assert_equals(e.innerHTML, "<em>bla</em>");
+    }, `Sanitizer: Element.setHTML options dictionary #${index} uses default.`);
+  });
+
+  [
+    "tomato",
+    { sanitizer: null },
+    { sanitizer: "avocado" },
+    { sanitizer: { allowElements: [ "a", "b", "c" ] } },
+  ].forEach((options, index) => {
+    test(t => {
+      assert_throws_js(TypeError, _ => {
+        document.createElement("div").setHTML("bla", options);
+      });
+    }, `Sanitizer: Element.setHTML invalid options dictionary #${index}`);
+  });
+
+  test(t => {
+    const sanitizer = new Sanitizer({allowElements: ["b"]});
+    const element = document.createElement("div");
+
+    // WebIDL magic: An IDL dictionary is mapped to a JS object. Thus, a plain
+    // Sanitizer instance will be accepted as an options dictionary. However,
+    // it will then try to read the .sanitizer property of the Sanitizer, and
+    // since that doesn't usually exist will treat it as an empty dictionary.
+    //
+    // Ref: https://webidl.spec.whatwg.org/#es-dictionary
+
+    // Sanitizer instance in the dictionary: Config is applied.
+    element.setHTML("<em>celery</em>", {sanitizer: sanitizer});
+    assert_equals(element.innerHTML, "celery");
+
+    // Same Sanitizer instance, passed directly: Is like an empty dictionary
+    // and config is not applied.
+    element.setHTML("<em>celery</em>", sanitizer);
+    assert_equals(element.innerHTML, "<em>celery</em>");
+
+    // Sanitizer-ception: Set the Sanitizer as the .sanitizer property on itself.
+    // Now the config is applied. It's magic. Just not the good kind of magic.
+    sanitizer.sanitizer = sanitizer;
+    element.setHTML("<em>celery</em>", sanitizer);
+    assert_equals(element.innerHTML, "celery");
+  }, "Sanitizer: Element.setHTML with sanitizer instance.");
 </script>
 </body>
 </html>