From 58c24608210c9a9a264a38746628ebc26823f59b Mon Sep 17 00:00:00 2001
From: Frederic Hemberger <mail@frederic-hemberger.de>
Date: Tue, 9 Dec 2014 15:13:46 -0500
Subject: Core: use document.implemenation.createHTMLDocument in
 jQuery.parseHTML

Close gh-1505
---
 test/unit/core.js    | 18 ++++++++++++++++++
 test/unit/support.js |  8 ++++++++
 2 files changed, 26 insertions(+)

(limited to 'test')

diff --git a/test/unit/core.js b/test/unit/core.js
index 66c02ac57..783a7462e 100644
--- a/test/unit/core.js
+++ b/test/unit/core.js
@@ -1367,6 +1367,24 @@ test("jQuery.parseHTML", function() {
 	ok( jQuery.parseHTML("<#if><tr><p>This is a test.</p></tr><#/if>") || true, "Garbage input should not cause error" );
 });
 
+// This XSS test is optional, as it will only pass when `document.implementation.createHTMLDocument`
+// is implemented. This might not be the case for older Android browsers (<= 2.x).
+if ( document.implementation.createHTMLDocument ) {
+	asyncTest("jQuery.parseHTML", function() {
+		expect ( 1 );
+
+		Globals.register("parseHTMLError");
+
+		jQuery.globalEval("parseHTMLError = false;");
+		jQuery.parseHTML( "<img src=x onerror='parseHTMLError = true'>" );
+
+		window.setTimeout(function() {
+			start();
+			equal( window.parseHTMLError, false, "onerror eventhandler has not been called." );
+		}, 2000);
+	});
+}
+
 test("jQuery.parseJSON", function() {
 	expect( 20 );
 
diff --git a/test/unit/support.js b/test/unit/support.js
index 11f15a33b..bed2c0414 100644
--- a/test/unit/support.js
+++ b/test/unit/support.js
@@ -61,6 +61,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
 			"checkOn": true,
 			"clearCloneStyle": true,
 			"cors": true,
+			"createHTMLDocument": true,
 			"focusinBubbles": false,
 			"noCloneChecked": true,
 			"optDisabled": true,
@@ -77,6 +78,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
 			"checkOn": true,
 			"clearCloneStyle": false,
 			"cors": true,
+			"createHTMLDocument": true,
 			"focusinBubbles": true,
 			"noCloneChecked": false,
 			"optDisabled": true,
@@ -93,6 +95,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
 			"checkOn": true,
 			"clearCloneStyle": false,
 			"cors": false,
+			"createHTMLDocument": true,
 			"focusinBubbles": true,
 			"noCloneChecked": false,
 			"optDisabled": true,
@@ -109,6 +112,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
 			"checkOn": true,
 			"clearCloneStyle": true,
 			"cors": true,
+			"createHTMLDocument": true,
 			"focusinBubbles": false,
 			"noCloneChecked": true,
 			"optDisabled": true,
@@ -125,6 +129,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
 			"checkOn": true,
 			"clearCloneStyle": true,
 			"cors": true,
+			"createHTMLDocument": true,
 			"focusinBubbles": false,
 			"noCloneChecked": true,
 			"optDisabled": true,
@@ -141,6 +146,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
 			"checkOn": true,
 			"clearCloneStyle": true,
 			"cors": true,
+			"createHTMLDocument": true,
 			"focusinBubbles": false,
 			"noCloneChecked": true,
 			"optDisabled": true,
@@ -157,6 +163,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
 			"checkOn": false,
 			"clearCloneStyle": true,
 			"cors": true,
+			"createHTMLDocument": true,
 			"focusinBubbles": false,
 			"noCloneChecked": true,
 			"optDisabled": true,
@@ -173,6 +180,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
 			"checkOn": false,
 			"clearCloneStyle": false,
 			"cors": true,
+			"createHTMLDocument": true,
 			"focusinBubbles": false,
 			"noCloneChecked": true,
 			"optDisabled": false,
-- 
cgit v1.2.3