Automated g4 rollback of changelist 214621663.

*** Reason for rollback ***

This introduced an XSS in GWS. b/125799080

*** Original change description ***

Fix(safedomtreeprocessor): closing empty element using XML style /> not valid on IE cause by IE's XMLSerializer

- use innerHTML instead of XMLSerializer to get string version of sanitized HTML tree
- added test for this issue
- updated affected test http://sponge/54fb1dcf-8d59-4b42-9faf-9702b24466c1

demo: http://pmelendez.pit.corp.google.com:8888/search?q=nintendo+switch&e=4197585

RELNOTES: Fix safedomtreeprocessor.processToString closing empty element using /> on IE.

***

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235204275

Author: sirdarckcat

closure/goog/html/sanitizer/htmlsanitizer_test.js

@@ -1648,11 +1648,11 @@ function testUrlWithCredentials() {
 
 
 function testClobberedForm() {
-  var input = '<form><input name="nodeType"></form>';
+  var input = '<form><input name="nodeType" /></form>';
   // Passing a string in assertSanitizedHtml uses assertHtmlMatches, which is
   // also vulnerable to clobbering. We use a regexp to fall back to simple
   // string matching.
-  var expected = new RegExp('<form><input name="nodeType"></form>');
+  var expected = new RegExp('<form><input name="nodeType" /></form>');
   assertSanitizedHtml(
       input, expected,
       new goog.html.sanitizer.HtmlSanitizer.Builder()

closure/goog/html/sanitizer/safedomtreeprocessor.js

@@ -108,9 +108,12 @@ SafeDomTreeProcessor.prototype.processToString = function(html) {
     newRoot.appendChild(newTree);
     newTree = newRoot;
   }
-
-  // Serialized string of the sanitized DOM without root span tag
-  return newTree.innerHTML;
+  // The XMLSerializer will add a spurious xmlns attribute to the root node.
+  var serializedNewTree = new XMLSerializer().serializeToString(newTree);
+  // Remove the outer span before returning the string representation of the
+  // processed copy.
+  return serializedNewTree.slice(
+      serializedNewTree.indexOf('>') + 1, serializedNewTree.lastIndexOf('</'));
 };
 
 /**

closure/goog/html/sanitizer/safedomtreeprocessor_test.js

@@ -73,17 +73,6 @@ testSuite({
         input, new NoopProcessor().processToString(input));
   },
 
-  testEmptyTag() {
-    var input = '<div></div>';
-    var actual = new NoopProcessor().processToString(input);
-
-    if (SafeDomTreeProcessor.SAFE_PARSING_SUPPORTED) {
-      assertEquals(input, actual);
-    } else {
-      assertEquals('', actual);
-    }
-  },
-
   testTagChanged() {
     var processor = new NoopProcessor();
     processor.createElementWithoutAttributes = anchorToFoo;