| <!DOCTYPE html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="./support/resolve-spv.js"></script> |
| <meta http-equiv="Content-Security-Policy" |
| content="require-trusted-types-for 'script'"> |
| </head> |
| <body> |
| <div id="log"></div> |
| <svg id="svg"><script id="script">"some script text";</script></svg> |
| <script> |
| const policy = trustedTypes.createPolicy("policy", { |
| createScript: x => x, createHTML: x => x, createScriptURL: x => x }); |
| |
| promise_test(t => { |
| const elem = document.createElementNS( |
| "http://www.w3.org/2000/svg", "script"); |
| assert_throws_js(TypeError, _ => { |
| elem.href.baseVal = "about:blank"; |
| }); |
| document.getElementById("svg").appendChild(elem); |
| return promise_spv(); |
| }, "Assign string to SVGScriptElement.href.baseVal."); |
| |
| promise_test(t => { |
| const elem = document.createElementNS( |
| "http://www.w3.org/2000/svg", "script"); |
| elem.href.baseVal = policy.createScriptURL("about:blank"); |
| document.getElementById("svg").appendChild(elem); |
| return Promise.resolve(); |
| }, "Assign TrustedScriptURL to SVGScriptElement.href.baseVal."); |
| |
| promise_test(t => { |
| const elem = document.createElementNS( |
| "http://www.w3.org/2000/svg", "script"); |
| assert_throws_js(TypeError, _ => { |
| elem.setAttribute("href", "about:blank"); |
| }); |
| document.getElementById("svg").appendChild(elem); |
| return promise_spv(); |
| }, "Assign string to non-attached SVGScriptElement.href via setAttribute."); |
| |
| promise_test(t => { |
| const elem = document.createElementNS( |
| "http://www.w3.org/2000/svg", "script"); |
| elem.setAttribute("href", policy.createScriptURL("about:blank")); |
| document.getElementById("svg").appendChild(elem); |
| return Promise.resolve(); |
| }, "Assign TrustedScriptURL to non-attached SVGScriptElement.href via setAttribute."); |
| |
| promise_test(t => { |
| const elem = document.createElementNS( |
| "http://www.w3.org/2000/svg", "script"); |
| document.getElementById("svg").appendChild(elem); |
| assert_throws_js(TypeError, _ => { |
| elem.setAttribute("href", "about:blank"); |
| }); |
| return promise_spv(); |
| }, "Assign string to attached SVGScriptElement.href via setAttribute."); |
| |
| promise_test(t => { |
| const elem = document.createElementNS( |
| "http://www.w3.org/2000/svg", "script"); |
| document.getElementById("svg").appendChild(elem); |
| elem.setAttribute("href", policy.createScriptURL("about:blank")); |
| return Promise.resolve(); |
| }, "Assign TrustedScriptURL to attached SVGScriptElement.href via setAttribute."); |
| |
| // Default policy test: We repate the string assignment tests above, |
| // but now expect all of them to pass. |
| promise_test(t => { |
| trustedTypes.createPolicy("default", { |
| createScript: (x, _, sink) => { |
| assert_equals(sink, 'SVGScriptElement text'); |
| return x; |
| }, |
| createHTML: (x, _, sink) => { |
| assert_equals(sink, 'Element innerHTML'); |
| return x; |
| }, |
| createScriptURL: (x, _, sink) => { |
| assert_equals(sink, 'SVGScriptElement href'); |
| return x; |
| }}); |
| |
| return Promise.resolve(); |
| }, "Setup default policy"); |
| |
| promise_test(t => { |
| document.getElementById("script").innerHTML = "'modified via innerHTML';"; |
| return Promise.resolve(); |
| }, "Assign String to SVGScriptElement.innerHTML w/ default policy."); |
| |
| promise_test(t => { |
| const elem = document.createElementNS( |
| "http://www.w3.org/2000/svg", "script"); |
| elem.href.baseVal = "about:blank"; |
| document.getElementById("svg").appendChild(elem); |
| return Promise.resolve(); |
| }, "Assign string to SVGScriptElement.href.baseVal w/ default policy."); |
| |
| promise_test(t => { |
| const elem = document.createElementNS( |
| "http://www.w3.org/2000/svg", "script"); |
| elem.setAttribute("href", "about:blank"); |
| document.getElementById("svg").appendChild(elem); |
| return Promise.resolve(); |
| }, "Assign string to non-attached SVGScriptElement.href via setAttribute w/ default policy."); |
| |
| promise_test(t => { |
| const elem = document.createElementNS( |
| "http://www.w3.org/2000/svg", "script"); |
| document.getElementById("svg").appendChild(elem); |
| elem.setAttribute("href", "about:blank"); |
| return Promise.resolve(); |
| }, "Assign string to attached SVGScriptElement.href via setAttribute w/ default policy."); |
| </script> |
| </body> |