Google Git
Sign in
chromium / ios-chromium-mirror / 196492d56705215f0c92d34dac02b269c8a06179 / . / third_party / blink / web_tests / external / wpt / trusted-types / block-string-assignment-to-Element-setAttributeNS.tentative.html
blob: 76a639a622799dcb9769ad4781104d17be8439bc [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/helper.sub.js"></script>
<meta http-equiv="Content-Security-Policy" content="trusted-types *">
</head>
<body>
<script>
test(t => {
assert_element_accepts_trusted_html_set_ns(window, '0', t, 'a', 'b', RESULTS.HTML);
}, "Element.setAttributeNS assigned via policy (successful HTML transformation)");
test(t => {
assert_element_accepts_trusted_script_set_ns(window, '1', t, 'a', 'b', RESULTS.SCRIPT);
}, "Element.setAttributeNS assigned via policy (successful Script transformation)");
test(t => {
assert_element_accepts_trusted_script_url_set_ns(window, '2', t, 'a', 'b', RESULTS.SCRIPTURL);
}, "Element.setAttributeNS assigned via policy (successful ScriptURL transformation)");
test(t => {
assert_element_accepts_trusted_url_set_ns(window, '3', t, 'a', 'b', RESULTS.URL);
}, "Element.setAttributeNS assigned via policy (successful URL transformation)");
// Unknown, namespaced attributes should not be TT checked:
test(t => {
assert_element_accepts_non_trusted_type_set_ns('a', 'b', 'A string', 'A string');
}, "Element.setAttributeNS accepts untrusted string for non-specced accessor");
test(t => {
assert_element_accepts_non_trusted_type_set_ns('a', 'b', null, 'null');
}, "Element.setAttributeNS accepts null for non-specced accessor");
// Setup trusted values for use in subsequent tests.
const url = createURL_policy(window, '4').createURL(INPUTS.URL);
const script_url = createScriptURL_policy(window, '5').createScriptURL(INPUTS.ScriptURL);
const html = createHTML_policy(window, '6').createHTML(INPUTS.HTML);
const script = createScript_policy(window, '7').createScript(INPUTS.Script);
// SVG elements that use xlink:href (SVGURIReference) and that expect
// TrustedURL.
// There a number of affected elements, and there are several ways to set
// a namespaced attribute. Let's iterate over all combinations.
const xlink = "http://www.w3.org/1999/xlink";
const svg = "http://www.w3.org/2000/svg";
const elems = [ "a", "animate", "animateMotion", "animateTransform",
"discard", "feImage", "filter", "image", "linearGradient",
"mpath", "pattern", "radialGradient", "set", "textPath",
"use" ];
// There are multiple ways to set a namespaced attribute. Let's encapsulate
// each in a function.
const variants = {
"setAttributeNS with prefix": (element_name, value) => {
let elem = document.createElementNS(svg, element_name);
elem.setAttributeNS(xlink, "xlink:href", value);
return elem;
},
"setAttributeNS without prefix": (element_name, value) => {
let elem = document.createElementNS(svg, element_name);
elem.setAttributeNS(xlink, "href", value);
return elem;
},
"setAttribute with prefix": (element_name, value) => {
let elem = document.createElementNS(svg, element_name);
// Create the namespaced attribute with setAttributeNS. Then refer
// to it with the prefix in setAttribute. This test will break
// if either setAttributeNS or setAttribtue functionality it broken.
elem.setAttributeNS(xlink, "xlink:href", url);
elem.setAttribute("xlink:href", value);
return elem;
}
};
for (const e of elems) {
for (const variant in variants) {
// Assigning a TrustedURL works.
test(t => {
let elem = variants[variant](e, url);
assert_equals("" + RESULTS.URL,
elem.getAttributeNodeNS(xlink, "href").value);
}, "Assigning TrustedURL to <svg:" + e + "> works via " + variant);
// Assigning things that ought to not work.
const values = ["abc", null, script_url, html, script];
values.forEach((value, index) => {
test(t => {
assert_throws(new TypeError(), _ => { variants[variant](e, value); });
}, "Blocking non-TrustedURL assignment to <svg:" + e + "> via " +
variant + " value no " + index);
});
}
}
// Test 'synchronization' of 'xlink:href'.
test(t => {
// ..setAttribute("xlink:href") will behave differently, depending on
// whether the element already has an attribute by that name. Make sure
// that Trusted Type handling respects that difference.
// Case 1: "xlink:href" on an empty element: This is an unknown attribute
// not processed by SVG, and string assignment should work.
let elem1 = document.createElementNS(svg, "a");
elem1.setAttribute("xlink:href", "abc");
// Case 2: "xlink:href", after a namespaced attribute has been set: Now
// this mirrors the SVG attribute, and string assignment should fail.
let elem2 = document.createElementNS(svg, "a");
elem2.setAttributeNS(xlink, "xlink:href", url);
assert_throws(new TypeError(), _ => {
elem2.setAttribute("xlink:href", "abc");
});
}, "Test synchronized, namespaced attributes.");
// svg:script xlink:href=... expects a TrustedScriptURL.
// Assigning a TrustedScriptURL works.
test(t => {
let elem = document.createElementNS(svg, "script");
elem.setAttributeNS(xlink, "href", script_url);
assert_equals("" + RESULTS.ScriptURL,
elem.getAttributeNodeNS(xlink, "href").value);
}, "Assigning TrustedScriptURL to <svg:script xlink:href=...> works");
// Assigning things that ought to not work.
test(t => {
let elem = document.createElementNS(svg, "script");
const values = [ "abc", null, url, html, script ];
for (const v of values) {
assert_throws(new TypeError(), _ => {
elem.setAttributeNS(xlink, "href", v);
});
}
}, "Blocking non-TrustedScriptURL assignment to <svg:script xlink:href=...> works");
</script>