Exclude <title> from HTML sanitization (#438)

Author: zbraniecki

fluent-dom/src/overlay.js

@@ -67,7 +67,11 @@ export default function translateElement(element, translation) {
   const {value} = translation;
 
   if (typeof value === "string") {
-    if (!reOverlay.test(value)) {
+    if (element.localName === "title" &&
+        element.namespaceURI === "http://www.w3.org/1999/xhtml") {
+      // A special case for the HTML title element whose content must be text.
+      element.textContent = value;
+    } else if (!reOverlay.test(value)) {
       // If the translation doesn't contain any markup skip the overlay logic.
       element.textContent = value;
     } else {

fluent-dom/test/overlay_test.js

@@ -0,0 +1,19 @@
+import assert from 'assert';
+import translateElement from '../src/overlay';
+import {elem} from './index';
+
+suite('Applying translations', function() {
+  test('Skipping sanitization for the title element', function() {
+    const element = elem('title')``;
+    const translation = {
+      value: '<input type="text"/> - HTML: Input Element',
+      attributes: null
+    };
+
+    translateElement(element, translation);
+    assert.strictEqual(
+      element.innerHTML,
+      '&lt;input type="text"/&gt; - HTML: Input Element'
+    );
+  });
+});