the 'httpEquiv' property of the HtmlMetaElement is overridden (#2721)

package.json

@@ -1,7 +1,7 @@
 {
   "name": "testcafe-hammerhead",
   "description": "A powerful web-proxy used as a core for the TestCafe testing framework (https://github.com/DevExpress/testcafe).",
-  "version": "24.5.11",
+  "version": "24.5.12",
   "homepage": "https://github.com/DevExpress/testcafe-hammerhead",
   "bugs": {
     "url": "https://github.com/DevExpress/testcafe-hammerhead/issues"

src/client/sandbox/native-methods.ts

@@ -326,6 +326,8 @@ class NativeMethods {
     htmlManifestSetter: any;
     titleElementTextGetter: Function;
     titleElementTextSetter: Function;
+    metaHttpEquivGetter: () => HTMLMetaElement['httpEquiv'];
+    metaHttpEquivSetter: (this: HTMLMetaElement, value: HTMLMetaElement['httpEquiv']) => void;
     responseStatusGetter: any;
     responseTypeGetter: any;
     responseUrlGetter: any;
@@ -752,6 +754,7 @@ class NativeMethods {
         const anchorTextDescriptor           = win.Object.getOwnPropertyDescriptor(win.HTMLAnchorElement.prototype, 'text');
         const titleElementTextDescriptor     = win.Object.getOwnPropertyDescriptor(win.HTMLTitleElement.prototype, 'text');
         const iframeSandboxDescriptor        = win.Object.getOwnPropertyDescriptor(win.HTMLIFrameElement.prototype, 'sandbox');
+        const metaHttpEquivDescriptor        = win.Object.getOwnPropertyDescriptor(win.HTMLMetaElement.prototype, 'httpEquiv');
         const windowOriginDescriptor         = win.Object.getOwnPropertyDescriptor(win, 'origin');
 
         if (windowOriginDescriptor) {
@@ -812,6 +815,7 @@ class NativeMethods {
         this.inputFormActionSetter   = inputFormActionDescriptor.set;
         this.buttonFormActionSetter  = buttonFormActionDescriptor.set;
         this.iframeSandboxSetter     = iframeSandboxDescriptor.set;
+        this.metaHttpEquivSetter     = metaHttpEquivDescriptor.set;
         this.htmlElementOnloadSetter = win.Object.getOwnPropertyDescriptor(win.HTMLElement.prototype, 'onload').set;
 
         this.nodeTextContentSetter      = nodeTextContentDescriptor.set;
@@ -877,6 +881,7 @@ class NativeMethods {
         this.inputFormActionGetter          = inputFormActionDescriptor.get;
         this.buttonFormActionGetter         = buttonFormActionDescriptor.get;
         this.iframeSandboxGetter            = iframeSandboxDescriptor.get;
+        this.metaHttpEquivGetter            = metaHttpEquivDescriptor.get;
         this.contentWindowGetter            = win.Object.getOwnPropertyDescriptor(win.HTMLIFrameElement.prototype, 'contentWindow').get;
         this.contentDocumentGetter          = win.Object.getOwnPropertyDescriptor(win.HTMLIFrameElement.prototype, 'contentDocument').get;
         this.frameContentWindowGetter       = win.Object.getOwnPropertyDescriptor(win.HTMLFrameElement.prototype, 'contentWindow').get;

src/client/sandbox/node/window.ts

@@ -1096,6 +1096,7 @@ export default class WindowSandbox extends SandboxBase {
         ]);
 
         this._overrideAttrDescriptors('autocomplete', [window.HTMLInputElement]);
+        this._overrideAttrDescriptors('httpEquiv', [window.HTMLMetaElement]);
 
         // NOTE: Some browsers (for example, Edge, Internet Explorer 11, Safari) don't support the 'integrity' property.
         if (nativeMethods.scriptIntegrityGetter && nativeMethods.linkIntegrityGetter) {

test/client/fixtures/sandbox/node/dom-processor-test.js

@@ -879,7 +879,7 @@ test('remove the meta tag with http-equiv="Content-Security-Policy" attribute fr
     metaTag.parentNode.removeChild(metaTag);
 });
 
-test('allow to set the content attribute to meta tag via setAttribute', function () {
+test('allow to set the content attribute to meta tag', function () {
     var metaTag = document.createElement('meta');
 
     metaTag.setAttribute('http-equiv', 'refresh');
@@ -899,6 +899,12 @@ test('allow to set the content attribute to meta tag via setAttribute', function
 
     strictEqual(metaTag.getAttribute('http-equiv'), null);
     strictEqual(metaTag.getAttribute('content'), 'script-src');
+
+    metaTag.httpEquiv = 'Content-Security-Policy';
+    metaTag.content   = 'style-src';
+
+    strictEqual(metaTag.getAttribute('http-equiv'), null);
+    strictEqual(metaTag.getAttribute('content'), 'style-src');
 });
 
 test('script and style content added via a child text node must be overridden (GH-259)', function () {