Bug 1621656 [wpt PR 22189] - [Trusted Types] Ignore `require-trusted-types-for` in non-secure contexts., a=testonly
authorMike West <mkwst@chromium.org>
Sat, 14 Mar 2020 11:27:46 +0000
changeset 518830 9388adba44f0b536b7a4d58fcf0e50d61e5d884c
parent 518829 95ce2ba147c6bfa5da943e8d190d28c97c038279
child 518831 5fb4974c00e3cb5410826591128681287baed2a0
push id37217
push userccoroiu@mozilla.com
push dateSun, 15 Mar 2020 21:37:59 +0000
treeherdermozilla-central@f9fc9427476e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1621656, 22189, 1059554, 2098076, 749697
milestone76.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1621656 [wpt PR 22189] - [Trusted Types] Ignore `require-trusted-types-for` in non-secure contexts., a=testonly Automatic update from web-platform-tests [Trusted Types] Ignore `require-trusted-types-for` in non-secure contexts. Bug: 1059554 Change-Id: Ib92e3ebfb3148aa4634a4f1f29cbbfd8d45fdfdb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2098076 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/master@{#749697} -- wpt-commits: 525cdf91d59303beb0d542f347b8330c3d6ee077 wpt-pr: 22189
testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.html
testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html
testing/web-platform/tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html
testing/web-platform/tests/trusted-types/no-require-trusted-types-for.tentative.https.html
testing/web-platform/tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html
testing/web-platform/tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html.headers
rename from testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.html
rename to testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html
--- a/testing/web-platform/tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html
+++ b/testing/web-platform/tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html
@@ -9,19 +9,19 @@
     ["script", "src"],
     ["div", "innerHTML"],
     ["script", "text"],
   ];
 
   testCases.forEach(c => {
     const name = `${c[0]}.${c[1]} `;
     test(t => {
-      s = document.createElement("script");
-      s.innerText = "1";
-      assert_equals("1", s.innerText.toString());
+      s = document.createElement(c[0]);
+      s[c[1]] = "https://example.com/";
+      assert_equals("https://example.com/", s[c[1]].toString());
     }, name + "without trusted types");
   });
 
   p = trustedTypes.createPolicy("policyA",
       {createScript: s => s + 1, createHTML: s => s + 1, createScriptURL: s => s + 1});
   testCases.forEach(c => {
     const name = `${c[0]}.${c[1]} `;
     test(t => {
@@ -36,9 +36,9 @@
   testCases.forEach(c => {
     const name = `${c[0]}.${c[1]} `;
     test(t => {
       s = document.createElement("script");
       s.innerText = "1";
       assert_equals(s.innerText.toString(), "1");
     }, name + "empty default");
   });
-</script>
\ No newline at end of file
+</script>
--- a/testing/web-platform/tests/trusted-types/no-require-trusted-types-for.tentative.https.html
+++ b/testing/web-platform/tests/trusted-types/no-require-trusted-types-for.tentative.https.html
@@ -9,19 +9,19 @@
     ["script", "src"],
     ["div", "innerHTML"],
     ["script", "text"],
   ];
 
   testCases.forEach(c => {
     const name = `${c[0]}.${c[1]} `;
     test(t => {
-      s = document.createElement("script");
-      s.innerText = "1";
-      assert_equals("1", s.innerText.toString());
+      s = document.createElement(c[0]);
+      s[c[1]] = "https://example.com/";
+      assert_equals("https://example.com/", s[c[1]].toString());
     }, name + "without trusted types");
   });
 
   p = trustedTypes.createPolicy("policyA",
       {createScript: s => s + 1, createHTML: s => s + 1, createScriptURL: s => s + 1});
   testCases.forEach(c => {
     const name = `${c[0]}.${c[1]} `;
     test(t => {
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<script>
+  const testCases = [
+    ["script", "src"],
+    ["div", "innerHTML"],
+    ["script", "text"],
+  ];
+
+  testCases.forEach(c => {
+    const name = `${c[0]}.${c[1]} `;
+    test(t => {
+      s = document.createElement(c[0]);
+      s[c[1]] = "https://example.com/";
+      assert_equals("https://example.com/", s[c[1]].toString());
+    }, name + "without trusted types is not blocked by require-trusted-types-for on non-secure pages");
+  });
+</script>
+</body>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: require-trusted-types-for 'script'