author | Jakub Vrana <jakubvrana@google.com> |
Thu, 31 Jan 2019 18:30:42 +0000 | |
changeset 457949 | 4aae84fccf6e629617f0f3537b74ca819c34b77f |
parent 457948 | 230742c4c0de6bc416b9e2cccba6b6f09bda9b35 |
child 457950 | d3aea0b0ff9c3f08a931992bc9289de144c26611 |
push id | 35518 |
push user | opoprus@mozilla.com |
push date | Fri, 08 Feb 2019 09:55:14 +0000 |
treeherder | mozilla-central@3a3e393396f4 [default view] [failures only] |
perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
reviewers | testonly |
bugs | 1518578, 14753, 919107, 739170, 1400821, 621686 |
milestone | 67.0a1 |
first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.html +++ b/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.html @@ -64,28 +64,41 @@ test(t => { assert_element_accepts_trusted_html_explicit_set(window, c, t, c[0], c[1], RESULTS.HTML); assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string'); assert_throws_no_trusted_type_explicit_set(c[0], c[1], null); assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script')); }, c[0] + "." + c[1] + " accepts only TrustedHTML"); }); + // TrustedScript Assignments + const ScriptTestCases = [ + [ 'div', 'onclick' ] + ]; + + ScriptTestCases.forEach(c => { + test(t => { + assert_element_accepts_trusted_script_explicit_set(window, c, t, c[0], c[1], RESULTS.SCRIPT); + assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string'); + assert_throws_no_trusted_type_explicit_set(c[0], c[1], null); + }, c[0] + "." + c[1] + " accepts only TrustedScript"); + }); + test(t => { let el = document.createElement('iframe'); assert_throws(new TypeError(), _ => { el.setAttribute('SrC', INPUTS.URL); }); assert_equals(el.src, ''); }, "`Element.prototype.setAttribute.SrC = string` throws."); // After default policy creation string and null assignments implicitly call createXYZ - let p = window.TrustedTypes.createPolicy("default", { createURL: createURLJS, createScriptURL: createScriptURLJS, createHTML: createHTMLJS }, true); + let p = window.TrustedTypes.createPolicy("default", { createURL: createURLJS, createScriptURL: createScriptURLJS, createHTML: createHTMLJS, createScript: createScriptJS }, true); URLTestCases.forEach(c => { test(t => { assert_element_accepts_trusted_type(c[0], c[1], INPUTS.URL, RESULTS.URL); // Properties that actually parse the URLs will resort to the base URL // when given a null or empty URL. assert_element_accepts_trusted_type(c[0], c[1], null, "" + window.location); }, c[0] + "." + c[1] + " accepts string and null after default policy was created."); @@ -103,16 +116,23 @@ HTMLTestCases.forEach(c => { test(t => { assert_element_accepts_trusted_type(c[0], c[1], INPUTS.HTML, RESULTS.HTML); assert_element_accepts_trusted_type(c[0], c[1], null, "null"); }, c[0] + "." + c[1] + " accepts string and null after default policy was created."); }); + ScriptTestCases.forEach(c => { + test(t => { + assert_element_accepts_trusted_type_explicit_set(c[0], c[1], INPUTS.SCRIPT, RESULTS.SCRIPT); + assert_element_accepts_trusted_type_explicit_set(c[0], c[1], null, "null"); + }, c[0] + "." + c[1] + " accepts string and null after default policy was created."); + }); + // Other attributes can be assigned with TrustedTypes or strings or null values test(t => { assert_element_accepts_trusted_url_explicit_set(window, 'arel', t, 'a', 'rel', RESULTS.URL); }, "a.rel assigned via policy (successful URL transformation)"); test(t => { assert_element_accepts_non_trusted_type_explicit_set('a', 'rel', 'A string', 'A string'); }, "a.rel accepts strings");
--- a/testing/web-platform/tests/trusted-types/support/helper.sub.js +++ b/testing/web-platform/tests/trusted-types/support/helper.sub.js @@ -116,17 +116,19 @@ function assert_element_accepts_trusted_ let p = createURL_policy(win, c); let url = p.createURL(INPUTS.URL); assert_element_accepts_trusted_type_explicit_set(tag, attribute, url, expected); } function assert_element_accepts_trusted_type_explicit_set(tag, attribute, value, expected) { let elem = document.createElement(tag); elem.setAttribute(attribute, value); - assert_equals(elem[attribute] + "", expected); + if (!/^on/.test(attribute)) { // "on" attributes are converted to functions. + assert_equals(elem[attribute] + "", expected); + } assert_equals(elem.getAttribute(attribute), expected); } function assert_throws_no_trusted_type_explicit_set(tag, attribute, value) { let elem = document.createElement(tag); let prev = elem[attribute]; assert_throws(new TypeError(), _ => { elem.setAttribute(attribute, value);