2 files changed, 21 insertions, 5 deletions

diff --git a/dom/security/test/gtest/TestCSPParser.cpp b/dom/security/test/gtest/TestCSPParser.cpp
index 19ba0548de..388055f388 100644
--- a/dom/security/test/gtest/TestCSPParser.cpp
+++ b/dom/security/test/gtest/TestCSPParser.cpp
@@ -152,9 +152,14 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount,
 
   // Add prefs you need to set to parse CSP here, see comments for example
   // bool examplePref = false;
+  bool trustedTypesEnabled = false;
+  constexpr auto kTrustedTypesEnabledPrefName =
+      "dom.security.trusted_types.enabled";
   if (prefs) {
     // prefs->GetBoolPref("security.csp.examplePref", &examplePref);
     // prefs->SetBoolPref("security.csp.examplePref", true);
+    prefs->GetBoolPref(kTrustedTypesEnabledPrefName, &trustedTypesEnabled);
+    prefs->SetBoolPref(kTrustedTypesEnabledPrefName, true);
   }
 
   for (uint32_t i = 0; i < aPolicyCount; i++) {
@@ -165,6 +170,7 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount,
 
   if (prefs) {
     // prefs->SetBoolPref("security.csp.examplePref", examplePref);
+    prefs->SetBoolPref(kTrustedTypesEnabledPrefName, trustedTypesEnabled);
   }
 
   return NS_OK;
@@ -220,6 +226,11 @@ TEST(CSPParser, Directives)
       "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com" },
     { "script-src 'unsafe-allow-redirects' http://example.com",
       "script-src http://example.com"},
+    { "require-trusted-types-for 'script'",
+      "require-trusted-types-for 'script'" },
+    { "trusted-types somePolicyName", "trusted-types somePolicyName" },
+    { "trusted-types somePolicyName anotherPolicyName 1 - # = _ / @ . % *",
+      "trusted-types somePolicyName anotherPolicyName 1 - # = _ / @ . % *" },
       // clang-format on
   };
 
@@ -247,6 +258,11 @@ TEST(CSPParser, Keywords)
       "script-src 'wasm-unsafe-eval'" },
     { "img-src 'none'; script-src 'unsafe-eval' 'unsafe-inline'; default-src 'self'",
       "img-src 'none'; script-src 'unsafe-eval' 'unsafe-inline'; default-src 'self'" },
+    { "trusted-types somePolicyName 'allow-duplicates'",
+      "trusted-types somePolicyName 'allow-duplicates'" },
+    { "trusted-types 'none'", "trusted-types 'none'" },
+    { "trusted-types", "trusted-types 'none'" },
+    { "trusted-types *", "trusted-types *" },
       // clang-format on
   };
 
@@ -589,6 +605,7 @@ TEST(CSPParser, BadPolicies)
     { "report-uri http://:foo", ""},
     { "require-sri-for", ""},
     { "require-sri-for style", ""},
+    { "trusted-types $", ""},
       // clang-format on
   };
 
diff --git a/dom/security/test/https-first/browser_httpsfirst.js b/dom/security/test/https-first/browser_httpsfirst.js
index c4437f6051..e0bba26f73 100644
--- a/dom/security/test/https-first/browser_httpsfirst.js
+++ b/dom/security/test/https-first/browser_httpsfirst.js
@@ -99,11 +99,10 @@ add_task(async function () {
   is(Glean.httpsfirst.downgradedOnTimerSchemeless.testGetValue(), null);
   const downgradeSeconds =
     Glean.httpsfirst.downgradeTime.testGetValue().sum / 1_000_000_000;
-  ok(
-    downgradeSeconds > 2 && downgradeSeconds < 30,
-    `Summed downgrade time should be above 2 and below 30 seconds (is ${downgradeSeconds.toFixed(
-      2
-    )}s)`
+  Assert.less(
+    downgradeSeconds,
+    10,
+    "Summed downgrade time should be below 10 seconds"
   );
   is(null, Glean.httpsfirst.downgradeTimeSchemeless.testGetValue());
 });