| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="support/helper.sub.js"></script> |
| </head> |
| <body> |
| <script> |
| // Ensure that only the right events trigger violation reports. |
| // The Promise will resolve, when an event including the string "done" is |
| // received. The last line of this test file will cause this trigger. |
| promise_test(t => { |
| let count = { "null": 0, "undefined": 0, "nodefault": 0 }; |
| return new Promise((resolve, reject) => { |
| document.addEventListener("securitypolicyviolation", e => { |
| e.stopPropagation(); |
| // We count the violation reports. We expect one each for "null" and |
| // "undefined", one each for the "no default" test case above, and one |
| // for the "done" line at the end, which signals the end of the test run. |
| if (e.sample.includes("done")) { |
| resolve(count); |
| } else if (e.sample.includes("null")) { |
| count["null"]++; |
| } else if (e.sample.includes("undefined")) { |
| count["undefined"]++; |
| } else if (e.sample.includes("nodefault")) { |
| count["nodefault"]++; |
| } else { |
| reject(); |
| } |
| }); |
| }).then(counters => { |
| for (const counter of ["null", "undefined", "nodefault"]) { |
| assert_equals(counters[counter], testCases.length, |
| "event count of " + counter); |
| } |
| }); |
| }, "Count SecurityPolicyViolation events."); |
| |
| const testCases = [ |
| [ "script", "src" ], |
| [ "div", "innerHTML" ], |
| [ "script", "text" ], |
| ]; |
| |
| // Try each test case _without_ a default policy. |
| testCases.forEach(c => { |
| test(t => { |
| const element = document.createElement(c[0]); |
| assert_throws(TypeError(), _ => element[c[1]] = "nodefault"); |
| assert_equals(element[c[1]], ""); |
| }, `${c[0]}.${c[1]} no default policy`); |
| }); |
| |
| // A trusted type policy that forces a number of edge cases. |
| function policy(str) { |
| if (str == "throw") |
| throw RangeError(); |
| else if (str == "null") |
| return null; |
| else if (str == "undefined") |
| return undefined; |
| else if (str == "typeerror") |
| return document.bla(); |
| else if (str == "done") |
| return null; |
| else |
| return "sanitized: " + str; |
| } |
| |
| trustedTypes.createPolicy("default", { |
| createScriptURL: policy, |
| createHTML: policy, |
| createScript: policy |
| }); |
| |
| testCases.forEach(c => { |
| const name = `${c[0]}.${c[1]} `; |
| test(t => { |
| const element = document.createElement(c[0]); |
| element[c[1]] = "abc"; |
| assert_equals(element[c[1]], "sanitized: abc"); |
| }, name + "default"); |
| test(t => { |
| const element = document.createElement(c[0]); |
| assert_throws(TypeError(), _ => element[c[1]] = "null"); |
| assert_equals(element[c[1]], ""); |
| }, name + "null"); |
| test(t => { |
| const element = document.createElement(c[0]); |
| assert_throws(RangeError(), _ => element[c[1]] = "throw"); |
| }, name + "throw"); |
| test(t => { |
| const element = document.createElement(c[0]); |
| assert_throws(TypeError(), _ => element[c[1]] = "undefined"); |
| assert_equals(element[c[1]], ""); |
| }, name + "undefined"); |
| test(t => { |
| const element = document.createElement(c[0]); |
| assert_throws(TypeError(), _ => element[c[1]] = "typeerror"); |
| }, name + "typeerror"); |
| }); |
| |
| // Trigger the exit condition in the "Count" promise test above. |
| try { document.createElement("script").text = "done"; } catch (e) {} |
| </script> |
| </body> |