third_party/blink/web_tests/external/wpt/trusted-types/default-policy.tentative.html

<!DOCTYPE html>
<html>
<head>
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
  <script src="support/helper.sub.js"></script>
</head>
<body>
<script>
// Ensure that only the right events trigger violation reports.
// The Promise will resolve, when an event including the string "done" is
// received. The last line of this test file will cause this trigger.
promise_test(t => {
  let count = { "null": 0, "undefined": 0, "nodefault": 0 };
  return new Promise((resolve, reject) => {
    document.addEventListener("securitypolicyviolation", e => {
      e.stopPropagation();
      // We count the violation reports. We expect one each for "null" and
      // "undefined", one each for the "no default" test case above, and one
      // for the "done" line at the end, which signals the end of the test run.
      if (e.sample.includes("done")) {
        resolve(count);
      } else if (e.sample.includes("null")) {
        count["null"]++;
      } else if (e.sample.includes("undefined")) {
        count["undefined"]++;
      } else if (e.sample.includes("nodefault")) {
        count["nodefault"]++;
      } else {
        reject();
      }
    });
  }).then(counters => {
    for (const counter of ["null", "undefined", "nodefault"]) {
      assert_equals(counters[counter], testCases.length,
                    "event count of " + counter);
    }
  });
}, "Count SecurityPolicyViolation events.");

const testCases = [
  [ "script", "src" ],
  [ "div", "innerHTML" ],
  [ "script", "text" ],
];

// Try each test case _without_ a default policy.
testCases.forEach(c => {
  test(t => {
    const element = document.createElement(c[0]);
    assert_throws(TypeError(), _ => element[c[1]] = "nodefault");
    assert_equals(element[c[1]], "");
  }, `${c[0]}.${c[1]} no default policy`);
});

// A trusted type policy that forces a number of edge cases.
function policy(str) {
  if (str == "throw")
    throw RangeError();
  else if (str == "null")
    return null;
  else if (str == "undefined")
    return undefined;
  else if (str == "typeerror")
    return document.bla();
  else if (str == "done")
    return null;
  else
    return "sanitized: " + str;
}

trustedTypes.createPolicy("default", {
  createScriptURL: policy,
  createHTML: policy,
  createScript: policy
});

testCases.forEach(c => {
  const name = `${c[0]}.${c[1]} `;
  test(t => {
    const element = document.createElement(c[0]);
    element[c[1]] = "abc";
    assert_equals(element[c[1]], "sanitized: abc");
  }, name + "default");
  test(t => {
    const element = document.createElement(c[0]);
    assert_throws(TypeError(), _ => element[c[1]] = "null");
    assert_equals(element[c[1]], "");
  }, name + "null");
  test(t => {
    const element = document.createElement(c[0]);
    assert_throws(RangeError(), _ => element[c[1]] = "throw");
  }, name + "throw");
  test(t => {
    const element = document.createElement(c[0]);
    assert_throws(TypeError(), _ => element[c[1]] = "undefined");
    assert_equals(element[c[1]], "");
  }, name + "undefined");
  test(t => {
    const element = document.createElement(c[0]);
    assert_throws(TypeError(), _ => element[c[1]] = "typeerror");
  }, name + "typeerror");
});

// Trigger the exit condition in the "Count" promise test above.
try { document.createElement("script").text = "done"; } catch (e) {}
</script>
</body>