1 files changed, 35 insertions, 10 deletions

diff --git a/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttributeNS.html b/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttributeNS.html
index 346e077a66..b7f74be6b7 100644
--- a/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttributeNS.html
+++ b/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttributeNS.html
@@ -21,13 +21,15 @@
       assert_element_accepts_trusted_script_url_set_ns(window, '2', t, 'a', 'b', RESULTS.SCRIPTURL);
     }, "Element.setAttributeNS assigned via policy (successful ScriptURL transformation)");
 
-    // Unknown, namespaced attributes should not be TT checked:
+    const htmlNamespace = "http://www.w3.org/1999/xhtml";
+
+    // Unknown attributes should not be TT checked:
     test(t => {
-      assert_element_accepts_non_trusted_type_set_ns('a', 'b', 'A string', 'A string');
+      assert_element_accepts_non_trusted_type_set_ns('a', 'b', 'A string', 'A string', htmlNamespace, null);
     }, "Element.setAttributeNS accepts untrusted string for non-specced accessor");
 
     test(t => {
-      assert_element_accepts_non_trusted_type_set_ns('a', 'b', null, 'null');
+      assert_element_accepts_non_trusted_type_set_ns('a', 'b', null, 'null', htmlNamespace, null);
     }, "Element.setAttributeNS accepts null for non-specced accessor");
 
     // Setup trusted values for use in subsequent tests.
@@ -35,26 +37,49 @@
     const html = createHTML_policy(window, '6').createHTML(INPUTS.HTML);
     const script = createScript_policy(window, '7').createScript(INPUTS.Script);
 
-    const xlink = "http://www.w3.org/1999/xlink";
-    const svg = "http://www.w3.org/2000/svg";
+    const xlinkNamespace = "http://www.w3.org/1999/xlink";
+    const svgNamespace = "http://www.w3.org/2000/svg";
 
     // svg:script xlink:href=... expects a TrustedScriptURL.
     // Assigning a TrustedScriptURL works.
     test(t => {
-      let elem = document.createElementNS(svg, "script");
-      elem.setAttributeNS(xlink, "href", script_url);
+      let elem = document.createElementNS(svgNamespace, "script");
+      elem.setAttributeNS(xlinkNamespace, "href", script_url);
       assert_equals("" + RESULTS.ScriptURL,
-                    elem.getAttributeNodeNS(xlink, "href").value);
+                    elem.getAttributeNodeNS(xlinkNamespace, "href").value);
     }, "Assigning TrustedScriptURL to <svg:script xlink:href=...> works");
 
     // Assigning things that ought to not work.
     test(t => {
-      let elem = document.createElementNS(svg, "script");
+      let elem = document.createElementNS(svgNamespace, "script");
       const values = [ "abc", null, html, script ];
       for (const v of values) {
         assert_throws_js(TypeError, _ => {
-          elem.setAttributeNS(xlink, "href", v);
+          elem.setAttributeNS(xlinkNamespace, "href", v);
         });
       }
     }, "Blocking non-TrustedScriptURL assignment to <svg:script xlink:href=...> works");
+
+    // <https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation>.
+    const nonLowerCaseTests = [
+      { element: "iframe", attribute: "SRCDOC", elementNamespace: htmlNamespace },
+      { element: "embed", attribute: "SRC", elementNamespace: htmlNamespace },
+      { element: "script", attribute: "SRC", elementNamespace: htmlNamespace },
+      { element: "object", attribute: "DATA", elementNamespace: htmlNamespace },
+      { element: "object", attribute: "CODEBASE", elementNamespace: htmlNamespace },
+      { element: "script", attribute: "HREF", elementNamespace: svgNamespace },
+      { element: "script", attribute: "HREF", elementNamespace: svgNamespace,
+        attributeNamespace: xlinkNamespace },
+    ];
+
+    for (const testData of nonLowerCaseTests) {
+      const attributeNamespace = testData.attributeNamespace ?? null;
+
+      test(t => {
+        assert_element_accepts_non_trusted_type_set_ns(testData.element, testData.attribute, "v",
+        "v", testData.elementNamespace, attributeNamespace);
+      }, "Check `setAttributeNS` allows setting non-trusted string for non-lowercase attribute \"" +
+         testData.attribute + "\" (ns=" + attributeNamespace + ") for \"" + testData.element +
+         "\" element (ns=" + testData.elementNamespace + ").");
+    }
 </script>