| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="support/helper.sub.js"></script> |
| |
| <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';"> |
| </head> |
| <body> |
| <script> |
| // TrustedURL assignments do not throw. |
| let p = createHTML_policy(window, 1); |
| test(t => { |
| document.body.innerText = ''; |
| let html = p.createHTML(INPUTS.HTML); |
| document.write(html); |
| assert_equals(document.body.innerText, RESULTS.HTML); |
| }, "document.write with html assigned via policy (successful URL transformation)."); |
| |
| // TrustedURL assignments do not throw. (Now for writeln.) |
| test(t => { |
| document.body.innerText = ''; |
| let html = p.createHTML(INPUTS.HTML); |
| document.writeln(html); |
| assert_equals(document.body.innerText, RESULTS.HTML); |
| }, "document.writeln with html assigned via policy (successful URL transformation)."); |
| |
| // String assignments throw. |
| test(t => { |
| const old = document.body.innerText; |
| assert_throws_js(TypeError, _ => { |
| document.write('A string'); |
| }); |
| assert_equals(document.body.innerText, old); |
| }, "`document.write(string)` throws"); |
| |
| // String assignments throw. (Now for writeln.) |
| test(t => { |
| const old = document.body.innerText; |
| assert_throws_js(TypeError, _ => { |
| document.writeln('A string'); |
| }); |
| assert_equals(document.body.innerText, old); |
| }, "`document.writeln(string)` throws"); |
| |
| // Null assignment throws. |
| test(t => { |
| const old = document.body.innerText; |
| assert_throws_js(TypeError, _ => { |
| document.write(null); |
| }); |
| assert_equals(document.body.innerText, old); |
| }, "`document.write(null)` throws"); |
| |
| // Null assignment throws. (Now for writeln.) |
| test(t => { |
| const old = document.body.innerText; |
| assert_throws_js(TypeError, _ => { |
| document.writeln(null); |
| }); |
| assert_equals(document.body.innerText, old); |
| }, "`document.writeln(null)` throws"); |
| |
| let default_policy = trustedTypes.createPolicy('default', |
| { createHTML: createHTMLJS }, true ); |
| |
| // Default policy works. |
| test(t => { |
| document.body.innerText = ''; |
| document.write(INPUTS.HTML); |
| assert_equals(document.body.innerText, RESULTS.HTML); |
| }, "`document.write(string)` observes default policy"); |
| |
| // Default policy works. (Now for writeln.) |
| test(t => { |
| document.body.innerText = ''; |
| document.writeln(INPUTS.HTML); |
| assert_equals(document.body.innerText, RESULTS.HTML); |
| }, "`document.writeln(string)` observes default policy"); |
| </script> |