sniffing-content-type.html

Enable keyboard shortcuts

This WPT test may be referenced by the following Test IDs:
- /svg/sniffing-content-type.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<html>

<head>

    <title>SVG Content Sniffing Test</title>

    <script src="/resources/testharness.js"></script>

    <script src="/resources/testharnessreport.js"></script>

</head>

<body>

    <script>

        test(() => {

            const text = `<svg id="x" xmlns="http://www.w3.org/2000/svg"><image href="xyz" onerror="window.exploitRan = true;" /></svg>`;

            const blob = new Blob([text], { type: 'application/octet-stream' });

            const url = URL.createObjectURL(blob);

            const attackerControlledString = url + "#x";

            const svg = document.createElementNS("http://www.w3.org/2000/svg", "svg");

            const use = document.createElementNS("http://www.w3.org/2000/svg", "use");

            use.setAttribute('href', attackerControlledString);

            svg.appendChild(use);

            document.body.appendChild(svg);

            assert_false(Boolean(window.exploitRan), "The SVG content was incorrectly executed.");

        }, "SVG should not be executed when the content type is not valid");

    </script>

</body>

</html>