[Trusted Types] JS event tracking for policy creation
Add a new event listener `beforecreatepolicy` to
TrustedTypePolicyFactory::createPolicy which allow
people to track or block the creation process for
Trusted Types.
Bug: 1075601
Change-Id: Ib885e7adc740999ba0e39037b7f4a90af6ff6aef
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2260594
Commit-Queue: Yifan Luo <lyf@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#789409}
diff --git a/interfaces/trusted-types.tentative.idl b/interfaces/trusted-types.tentative.idl
index f2318d6..4e469c1 100644
--- a/interfaces/trusted-types.tentative.idl
+++ b/interfaces/trusted-types.tentative.idl
@@ -28,7 +28,7 @@
[
Exposed=(Window, Worker),
SecureContext
-] interface TrustedTypePolicyFactory {
+] interface TrustedTypePolicyFactory : EventTarget {
TrustedTypePolicy createPolicy(DOMString policyName, optional TrustedTypePolicyOptions policyOptions = {});
// All the policy object names that have been created
};
diff --git a/trusted-types/TrustedTypePolicyFactory-blocking.html b/trusted-types/TrustedTypePolicyFactory-blocking.html
new file mode 100644
index 0000000..6ae71b6
--- /dev/null
+++ b/trusted-types/TrustedTypePolicyFactory-blocking.html
@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="support/helper.sub.js"></script>
+<meta http-equiv="Content-Security-Policy" content="trusted-types *">
+
+<body>
+<script>
+
+ test(t => {
+ event_listener = (e) => {
+ assert_equals(e.policyName, "default");
+ e.preventDefault(); // don't let this policy be created.
+ };
+ trustedTypes.addEventListener('beforecreatepolicy', event_listener, {once:true});
+ assert_throws_dom("NotAllowedError", () => trustedTypes.createPolicy("default", {}));
+ }, 'Block Trusted Type policy creation by event listener.');
+
+ test(t => {
+ let flag = false;
+ event_listener = (e) => {
+ assert_equals(e.policyName, "myPolicy");
+ flag = true;
+ };
+ trustedTypes.addEventListener('beforecreatepolicy', event_listener, {once:true});
+ trustedTypes.createPolicy("myPolicy", {});
+ assert_equals(flag, true);
+ }, 'Trusted Type policy creation.');
+
+ test(t => {
+ event_listener = (e) => {
+ if (e.policyName === "default")
+ e.preventDefault();
+ };
+ trustedTypes.addEventListener('beforecreatepolicy', event_listener, {once:true});
+ assert_throws_dom("NotAllowedError", () => trustedTypes.createPolicy("default", {}));
+ trustedTypes.createPolicy("newPolicy", {});
+ }, 'Block only default Trusted Type policy creation.');
+
+ test(t => {
+ event_listener = (e) => {
+ assert_unreached();
+ };
+ trustedTypes.createPolicy("test", {});
+ trustedTypes.addEventListener('beforecreatepolicy', event_listener, {once:true});
+ }, 'Policy creation called before addEventListener function will not reached the listener.');
+
+</script>
\ No newline at end of file
