third_party/blink/web_tests/external/wpt/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.html - ios-chromium-mirror - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
   <script src="/resources/testharness.js"></script>
   <script src="/resources/testharnessreport.js"></script>
   <script src="support/helper.sub.js"></script>

   <meta http-equiv="Content-Security-Policy" content="trusted-types *">
 </head>
 <body>
 <script>
   const nullPolicy = TrustedTypes.createPolicy('NullPolicy', {createScript: s => s});

   // TrustedURL Assignments
   const URLTestCases = [
     [ 'a', 'href' ],
     [ 'area', 'href' ],
     [ 'base', 'href' ],
     [ 'button', 'formAction' ],
     [ 'form', 'action' ],
     [ 'frame', 'src' ],
     [ 'iframe', 'src' ],
     [ 'img', 'src' ],
     [ 'input', 'formAction' ],
     [ 'input', 'src' ],
     [ 'link', 'href' ],
     [ 'video', 'src' ],
     [ 'source', 'src' ],
     [ 'track', 'src' ]
   ];

   URLTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_url_explicit_set(window, c, t, c[0], c[1], RESULTS.URL);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script'));
     }, c[0] + "." + c[1] + " accepts only TrustedURL");
   });

   // TrustedScriptURL Assignments
   const scriptURLTestCases = [
     [ 'embed', 'src' ],
     [ 'object', 'data' ],
     [ 'object', 'codeBase' ],
     [ 'script', 'src' ]
   ];

   scriptURLTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_script_url_explicit_set(window, c, t, c[0], c[1], RESULTS.SCRIPTURL);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script'));
     }, c[0] + "." + c[1] + " accepts only TrustedScriptURL");
   });

   // TrustedHTML Assignments
   const HTMLTestCases = [
     [ 'iframe', 'srcdoc' ]
   ];

   HTMLTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_html_explicit_set(window, c, t, c[0], c[1], RESULTS.HTML);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script'));
     }, c[0] + "." + c[1] + " accepts only TrustedHTML");
   });

   // TrustedScript Assignments
   const ScriptTestCases = [
     [ 'div', 'onclick' ]
   ];

   ScriptTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_script_explicit_set(window, c, t, c[0], c[1], RESULTS.SCRIPT);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
     }, c[0] + "." + c[1] + " accepts only TrustedScript");
   });

   test(t => {
     let el = document.createElement('iframe');

     assert_throws(new TypeError(), _ => {
       el.setAttribute('SrC', INPUTS.URL);
     });

     assert_equals(el.src, '');
   }, "`Element.prototype.setAttribute.SrC = string` throws.");

   // After default policy creation string and null assignments implicitly call createXYZ
   let p = window.TrustedTypes.createPolicy("default", { createURL: createURLJS, createScriptURL: createScriptURLJS, createHTML: createHTMLJS, createScript: createScriptJS }, true);
   URLTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_type(c[0], c[1], INPUTS.URL, RESULTS.URL);
       assert_element_accepts_trusted_type(c[0], c[1], null, window.location.toString().replace(/[^\/]*$/, "null"));
     }, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
   });

   scriptURLTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_type(c[0], c[1], INPUTS.SCRIPTURL, RESULTS.SCRIPTURL);
       assert_element_accepts_trusted_type(c[0], c[1], null, window.location.toString().replace(/[^\/]*$/, "null"));
     }, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
   });

   HTMLTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_type(c[0], c[1], INPUTS.HTML, RESULTS.HTML);
       assert_element_accepts_trusted_type(c[0], c[1], null, "null");
     }, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
   });

   ScriptTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_type_explicit_set(c[0], c[1], INPUTS.SCRIPT, RESULTS.SCRIPT);
       assert_element_accepts_trusted_type_explicit_set(c[0], c[1], null, "null");
     }, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
   });

   // Other attributes can be assigned with TrustedTypes or strings or null values
   test(t => {
     assert_element_accepts_trusted_url_explicit_set(window, 'arel', t, 'a', 'rel', RESULTS.URL);
   }, "a.rel assigned via policy (successful URL transformation)");

   test(t => {
     assert_element_accepts_non_trusted_type_explicit_set('a', 'rel', 'A string', 'A string');
   }, "a.rel accepts strings");

   test(t => {
     assert_element_accepts_non_trusted_type_explicit_set('a', 'rel', null, 'null');
   }, "a.rel accepts null");

   test(t => {
     let div = document.createElement('div');
     let span = document.createElement('span');

     div.setAttribute('src', INPUTS.URL);
     let attr = div.getAttributeNode('src');
     div.removeAttributeNode(attr);
     span.setAttributeNode(attr);

     assert_equals(span.getAttribute('src'), INPUTS.URL);
   }, "`span.src = setAttributeNode(div.src)` with string works.");
 </script>
	<!DOCTYPE html>
	<html>
	<head>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="support/helper.sub.js"></script>

	<meta http-equiv="Content-Security-Policy" content="trusted-types *">
	</head>
	<body>
	<script>
	const nullPolicy = TrustedTypes.createPolicy('NullPolicy', {createScript: s => s});

	// TrustedURL Assignments
	const URLTestCases = [
	[ 'a', 'href' ],
	[ 'area', 'href' ],
	[ 'base', 'href' ],
	[ 'button', 'formAction' ],
	[ 'form', 'action' ],
	[ 'frame', 'src' ],
	[ 'iframe', 'src' ],
	[ 'img', 'src' ],
	[ 'input', 'formAction' ],
	[ 'input', 'src' ],
	[ 'link', 'href' ],
	[ 'video', 'src' ],
	[ 'source', 'src' ],
	[ 'track', 'src' ]
	];

	URLTestCases.forEach(c => {
	test(t => {
	assert_element_accepts_trusted_url_explicit_set(window, c, t, c[0], c[1], RESULTS.URL);
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script'));
	}, c[0] + "." + c[1] + " accepts only TrustedURL");
	});

	// TrustedScriptURL Assignments
	const scriptURLTestCases = [
	[ 'embed', 'src' ],
	[ 'object', 'data' ],
	[ 'object', 'codeBase' ],
	[ 'script', 'src' ]
	];

	scriptURLTestCases.forEach(c => {
	test(t => {
	assert_element_accepts_trusted_script_url_explicit_set(window, c, t, c[0], c[1], RESULTS.SCRIPTURL);
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script'));
	}, c[0] + "." + c[1] + " accepts only TrustedScriptURL");
	});

	// TrustedHTML Assignments
	const HTMLTestCases = [
	[ 'iframe', 'srcdoc' ]
	];

	HTMLTestCases.forEach(c => {
	test(t => {
	assert_element_accepts_trusted_html_explicit_set(window, c, t, c[0], c[1], RESULTS.HTML);
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script'));
	}, c[0] + "." + c[1] + " accepts only TrustedHTML");
	});

	// TrustedScript Assignments
	const ScriptTestCases = [
	[ 'div', 'onclick' ]
	];

	ScriptTestCases.forEach(c => {
	test(t => {
	assert_element_accepts_trusted_script_explicit_set(window, c, t, c[0], c[1], RESULTS.SCRIPT);
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
	assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
	}, c[0] + "." + c[1] + " accepts only TrustedScript");
	});

	test(t => {
	let el = document.createElement('iframe');

	assert_throws(new TypeError(), _ => {
	el.setAttribute('SrC', INPUTS.URL);
	});

	assert_equals(el.src, '');
	}, "`Element.prototype.setAttribute.SrC = string` throws.");

	// After default policy creation string and null assignments implicitly call createXYZ
	let p = window.TrustedTypes.createPolicy("default", { createURL: createURLJS, createScriptURL: createScriptURLJS, createHTML: createHTMLJS, createScript: createScriptJS }, true);
	URLTestCases.forEach(c => {
	test(t => {
	assert_element_accepts_trusted_type(c[0], c[1], INPUTS.URL, RESULTS.URL);
	assert_element_accepts_trusted_type(c[0], c[1], null, window.location.toString().replace(/[^\/]*$/, "null"));
	}, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
	});

	scriptURLTestCases.forEach(c => {
	test(t => {
	assert_element_accepts_trusted_type(c[0], c[1], INPUTS.SCRIPTURL, RESULTS.SCRIPTURL);
	assert_element_accepts_trusted_type(c[0], c[1], null, window.location.toString().replace(/[^\/]*$/, "null"));
	}, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
	});

	HTMLTestCases.forEach(c => {
	test(t => {
	assert_element_accepts_trusted_type(c[0], c[1], INPUTS.HTML, RESULTS.HTML);
	assert_element_accepts_trusted_type(c[0], c[1], null, "null");
	}, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
	});

	ScriptTestCases.forEach(c => {
	test(t => {
	assert_element_accepts_trusted_type_explicit_set(c[0], c[1], INPUTS.SCRIPT, RESULTS.SCRIPT);
	assert_element_accepts_trusted_type_explicit_set(c[0], c[1], null, "null");
	}, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
	});

	// Other attributes can be assigned with TrustedTypes or strings or null values
	test(t => {
	assert_element_accepts_trusted_url_explicit_set(window, 'arel', t, 'a', 'rel', RESULTS.URL);
	}, "a.rel assigned via policy (successful URL transformation)");

	test(t => {
	assert_element_accepts_non_trusted_type_explicit_set('a', 'rel', 'A string', 'A string');
	}, "a.rel accepts strings");

	test(t => {
	assert_element_accepts_non_trusted_type_explicit_set('a', 'rel', null, 'null');
	}, "a.rel accepts null");

	test(t => {
	let div = document.createElement('div');
	let span = document.createElement('span');

	div.setAttribute('src', INPUTS.URL);
	let attr = div.getAttributeNode('src');
	div.removeAttributeNode(attr);
	span.setAttributeNode(attr);

	assert_equals(span.getAttribute('src'), INPUTS.URL);
	}, "`span.src = setAttributeNode(div.src)` with string works.");
	</script>