Fix #2424 (#2450)

* Fix #2424

* Add PR ref

render/tests/test-attributes.js

@@ -648,7 +648,7 @@ o.spec("attributes", function() {
 			o(d.dom.value).equals("2")
 		})
 	})
-	o.spec("contenteditable throws on untrusted children", function() {
+	o.spec("contenteditable attr throws on untrusted children", function() {
 		o("including text nodes", function() {
 			var div = {tag: "div", attrs: {contenteditable: true}, text: ""}
 			var succeeded = false
@@ -699,6 +699,60 @@ o.spec("attributes", function() {
 			}
 			catch(e){/* ignore */}
 
+			o(succeeded).equals(true)
+		})
+	})
+	o.spec("contentEditable prop throws on untrusted children", function() {
+		o("including text nodes", function() {
+			var div = {tag: "div", attrs: {contentEditable: true}, text: ""}
+			var succeeded = false
+
+			try {
+				render(root, div)
+
+				succeeded = true
+			}
+			catch(e){/* ignore */}
+
+			o(succeeded).equals(false)
+		})
+		o("including elements", function() {
+			var div = {tag: "div", attrs: {contentEditable: true}, children: [{tag: "script", attrs: {src: "http://evil.com"}}]}
+			var succeeded = false
+
+			try {
+				render(root, div)
+
+				succeeded = true
+			}
+			catch(e){/* ignore */}
+
+			o(succeeded).equals(false)
+		})
+		o("tolerating empty children", function() {
+			var div = {tag: "div", attrs: {contentEditable: true}, children: []}
+			var succeeded = false
+
+			try {
+				render(root, div)
+
+				succeeded = true
+			}
+			catch(e){/* ignore */}
+
+			o(succeeded).equals(true)
+		})
+		o("tolerating trusted content", function() {
+			var div = {tag: "div", attrs: {contentEditable: true}, children: [{tag: "<", children: "<a></a>"}]}
+			var succeeded = false
+
+			try {
+				render(root, div)
+
+				succeeded = true
+			}
+			catch(e){/* ignore */}
+
 			o(succeeded).equals(true)
 		})
 	})