diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2022-03-05 15:54:53 +0100 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2022-03-05 15:54:53 +0100 |
| commit | 96efcc335bbd9f2ad098e694d6cff6c1c22b4ce8 (patch) | |
| tree | cf8120ca6658c04c62e63dc66a8a5b39dbec4c2d /test/haketilo_test/data/pages | |
| parent | 709238294ea83525e62476ce59d734c57c11fd3f (diff) | |
| download | browser-extension-96efcc335bbd9f2ad098e694d6cff6c1c22b4ce8.tar.gz browser-extension-96efcc335bbd9f2ad098e694d6cff6c1c22b4ce8.zip | |
improve script blocking in non-HTML documents (XML)
Diffstat (limited to 'test/haketilo_test/data/pages')
| -rw-r--r-- | test/haketilo_test/data/pages/scripts_to_block_1.html | 33 | ||||
| -rw-r--r-- | test/haketilo_test/data/pages/scripts_to_block_2.xml | 71 |
2 files changed, 91 insertions, 13 deletions
diff --git a/test/haketilo_test/data/pages/scripts_to_block_1.html b/test/haketilo_test/data/pages/scripts_to_block_1.html index e7793ee..67bff5e 100644 --- a/test/haketilo_test/data/pages/scripts_to_block_1.html +++ b/test/haketilo_test/data/pages/scripts_to_block_1.html @@ -29,18 +29,25 @@ </script> </head> <body> - <button id="clickme1" - onclick="window.__run = [...(window.__run || []), 'on'];" - blocked-onclick="some useful data"> - Click Meee! - </button> - <a id="clickme2" - href="javascript:window.__run = [...(window.__run || []), 'href'];void(0);"> - Click Meee! - </a> - <iframe src="javascript:void(window.parent.__run = [...(window.parent.__run || []), 'src']);"> - </iframe> - <object data="javascript:window.__run = [...(window.__run || []), 'data'];"> - </object> + <!-- + Put all objects under a <div> to make sure the Mutation Observer does + indeed correctly report changes in subtrees (there are problems with + this in XML documents). + --> + <div> + <button id="clickme1" + onclick="window.__run = [...(window.__run || []), 'on'];" + blocked-onclick="some useful data"> + Click Meee! + </button> + <a id="clickme2" + href="javascript:window.__run = [...(window.__run || []), 'href'];void(0);"> + Click Meee! + </a> + <iframe src="javascript:void(window.parent.__run = [...(window.parent.__run || []), 'src']);"> + </iframe> + <object data="javascript:window.__run = [...(window.__run || []), 'data'];"> + </object> + </div> </body> </html> diff --git a/test/haketilo_test/data/pages/scripts_to_block_2.xml b/test/haketilo_test/data/pages/scripts_to_block_2.xml new file mode 100644 index 0000000..6433a1d --- /dev/null +++ b/test/haketilo_test/data/pages/scripts_to_block_2.xml @@ -0,0 +1,71 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + SPDX-License-Identifier: CC0-1.0 + + A testing XML document with various scripts that need to get blocked. + + This file is part of Haketilo. + + Copyright (C) 2021, 2022 Wojtek Kosior <koszko@koszko.org> + + This program is free software: you can redistribute it and/or modify + it under the terms of the CC0 1.0 Universal License as published by + the Creative Commons Corporation. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + CC0 1.0 Universal License for more details. + --> + +<fruits> + + <!-- + The following will not execute since it is not recognized as either HTML + or SVG script. + --> + <script> + window.__run = [...(window.__run || []), 'banana']; + </script> + + <html:img xmlns:html="http://www.w3.org/1999/xhtml" + src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==" + onload="window.__run = [...(window.__run || []), 'melon'];console.log('delme melon')"> + </html:img> + + <!-- Will execute --> + <html:script xmlns:html="http://www.w3.org/1999/xhtml"> + window.__run = [...(window.__run || []), 'grape']; + </html:script> + + <!-- Will also execute --> + <vector-graphics:script xmlns:vector-graphics="http://www.w3.org/2000/svg"> + window.__run = [...(window.__run || []), 'raspberry']; + </vector-graphics:script> + + <apple> + <svg viewBox="0 0 10 14" xmlns="http://www.w3.org/2000/svg"> + <!-- Will run when clicked --> + <circle id="idaret_circle" cx="5" cy="5" r="4" + onclick="window.__run = [...(window.__run || []), 'idaret'];" /> + <!-- Will *NOT* run when clicked --> + <circle id="nowamak_circle" cx="5" cy="13" r="4" + some-unknown:onclick="window.__run = [...(window.__run || []), 'nowamak'];" + xmlns:some-unknown="https://example.org/blah/blah" /> + </svg> + </apple> + <!-- + In case of wrong namespace URI (or lack thereof), svg subtree will not + be recognized as SVG at all + --> + <svg> + <!-- Will neither run nor be drawn by the browser --> + <circle id="mango_circle" cx="5" cy="5" r="4" + onclick="window.__run = [...(window.__run || []), 'mango'];" /> + </svg> + <svg viewBox="0 0 10" xmlns="http://www.w3.org/2000/sv"> + <!-- Will neither run nor be drawn by the browser --> + <circle id="annoying_circle" cx="5" cy="5" r="4" + onclick="window.__run = [...(window.__run || []), 'orange'];" /> + </svg> +</fruits> |