mozilla-central: changeset 457949:4aae84fccf6e629617f0f3537b74ca819c34b77f

author	Jakub Vrana <jakubvrana@google.com>
	Thu, 31 Jan 2019 18:30:42 +0000
changeset 457949	4aae84fccf6e629617f0f3537b74ca819c34b77f
parent 457948	230742c4c0de6bc416b9e2cccba6b6f09bda9b35
child 457950	d3aea0b0ff9c3f08a931992bc9289de144c26611
push id	35518
push user	opoprus@mozilla.com
push date	Fri, 08 Feb 2019 09:55:14 +0000
treeherder	mozilla-central@3a3e393396f4 [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	testonly
bugs	1518578, 14753, 919107, 739170, 1400821, 621686
milestone	67.0a1
first release with	nightly linux32 3a3e393396f4 / 67.0a1 / 20190208095514 / files nightly linux64 3a3e393396f4 / 67.0a1 / 20190208095514 / files nightly mac 3a3e393396f4 / 67.0a1 / 20190208095514 / files nightly win32 3a3e393396f4 / 67.0a1 / 20190208095514 / files nightly win64 3a3e393396f4 / 67.0a1 / 20190208095514 / files
last release without	nightly linux32 4e98200ee530 / 67.0a1 / 20190207214423 / files nightly linux64 4e98200ee530 / 67.0a1 / 20190207214423 / files nightly mac 4e98200ee530 / 67.0a1 / 20190207214423 / files nightly win32 4e98200ee530 / 67.0a1 / 20190207214423 / files nightly win64 4e98200ee530 / 67.0a1 / 20190207214423 / files

--- a/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.html
+++ b/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.html
@@ -64,28 +64,41 @@
     test(t => {
       assert_element_accepts_trusted_html_explicit_set(window, c, t, c[0], c[1], RESULTS.HTML);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script'));
     }, c[0] + "." + c[1] + " accepts only TrustedHTML");
   });
 
+  // TrustedScript Assignments
+  const ScriptTestCases = [
+    [ 'div', 'onclick' ]
+  ];
+
+  ScriptTestCases.forEach(c => {
+    test(t => {
+      assert_element_accepts_trusted_script_explicit_set(window, c, t, c[0], c[1], RESULTS.SCRIPT);
+      assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
+      assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
+    }, c[0] + "." + c[1] + " accepts only TrustedScript");
+  });
+
   test(t => {
     let el = document.createElement('iframe');
 
     assert_throws(new TypeError(), _ => {
       el.setAttribute('SrC', INPUTS.URL);
     });
 
     assert_equals(el.src, '');
   }, "`Element.prototype.setAttribute.SrC = string` throws.");
 
   // After default policy creation string and null assignments implicitly call createXYZ
-  let p = window.TrustedTypes.createPolicy("default", { createURL: createURLJS, createScriptURL: createScriptURLJS, createHTML: createHTMLJS }, true);
+  let p = window.TrustedTypes.createPolicy("default", { createURL: createURLJS, createScriptURL: createScriptURLJS, createHTML: createHTMLJS, createScript: createScriptJS }, true);
   URLTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_type(c[0], c[1], INPUTS.URL, RESULTS.URL);
 
       // Properties that actually parse the URLs will resort to the base URL
       // when given a null or empty URL.
       assert_element_accepts_trusted_type(c[0], c[1], null, "" + window.location);
     }, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
@@ -103,16 +116,23 @@
 
   HTMLTestCases.forEach(c => {
     test(t => {
       assert_element_accepts_trusted_type(c[0], c[1], INPUTS.HTML, RESULTS.HTML);
       assert_element_accepts_trusted_type(c[0], c[1], null, "null");
     }, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
   });
 
+  ScriptTestCases.forEach(c => {
+    test(t => {
+      assert_element_accepts_trusted_type_explicit_set(c[0], c[1], INPUTS.SCRIPT, RESULTS.SCRIPT);
+      assert_element_accepts_trusted_type_explicit_set(c[0], c[1], null, "null");
+    }, c[0] + "." + c[1] + " accepts string and null after default policy was created.");
+  });
+
   // Other attributes can be assigned with TrustedTypes or strings or null values
   test(t => {
     assert_element_accepts_trusted_url_explicit_set(window, 'arel', t, 'a', 'rel', RESULTS.URL);
   }, "a.rel assigned via policy (successful URL transformation)");
 
   test(t => {
     assert_element_accepts_non_trusted_type_explicit_set('a', 'rel', 'A string', 'A string');
   }, "a.rel accepts strings");

--- a/testing/web-platform/tests/trusted-types/support/helper.sub.js
+++ b/testing/web-platform/tests/trusted-types/support/helper.sub.js
@@ -116,17 +116,19 @@ function assert_element_accepts_trusted_
   let p = createURL_policy(win, c);
   let url = p.createURL(INPUTS.URL);
   assert_element_accepts_trusted_type_explicit_set(tag, attribute, url, expected);
 }
 
 function assert_element_accepts_trusted_type_explicit_set(tag, attribute, value, expected) {
   let elem = document.createElement(tag);
   elem.setAttribute(attribute, value);
-  assert_equals(elem[attribute] + "", expected);
+  if (!/^on/.test(attribute)) { // "on" attributes are converted to functions.
+    assert_equals(elem[attribute] + "", expected);
+  }
   assert_equals(elem.getAttribute(attribute), expected);
 }
 
 function assert_throws_no_trusted_type_explicit_set(tag, attribute, value) {
   let elem = document.createElement(tag);
   let prev = elem[attribute];
   assert_throws(new TypeError(), _ => {
     elem.setAttribute(attribute, value);

testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.html		file \| annotate \| diff \| comparison \| revisions
testing/web-platform/tests/trusted-types/support/helper.sub.js		file \| annotate \| diff \| comparison \| revisions