1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/helper.sub.js"></script>
<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
</head>
<body>
<script>
// TrustedURL assignments do not throw.
let p = createHTML_policy(window, 1);
test(t => {
document.body.innerText = '';
let html = p.createHTML(INPUTS.HTML);
document.write(html);
assert_equals(document.body.innerText, RESULTS.HTML);
}, "document.write with html assigned via policy (successful URL transformation).");
// TrustedURL assignments do not throw. (Now for writeln.)
test(t => {
document.body.innerText = '';
let html = p.createHTML(INPUTS.HTML);
document.writeln(html);
assert_equals(document.body.innerText, RESULTS.HTML);
}, "document.writeln with html assigned via policy (successful URL transformation).");
// String assignments throw.
test(t => {
const old = document.body.innerText;
assert_throws_js(TypeError, _ => {
document.write('A string');
});
assert_equals(document.body.innerText, old);
}, "`document.write(string)` throws");
// String assignments throw. (Now for writeln.)
test(t => {
const old = document.body.innerText;
assert_throws_js(TypeError, _ => {
document.writeln('A string');
});
assert_equals(document.body.innerText, old);
}, "`document.writeln(string)` throws");
// Null assignment throws.
test(t => {
const old = document.body.innerText;
assert_throws_js(TypeError, _ => {
document.write(null);
});
assert_equals(document.body.innerText, old);
}, "`document.write(null)` throws");
// Null assignment throws. (Now for writeln.)
test(t => {
const old = document.body.innerText;
assert_throws_js(TypeError, _ => {
document.writeln(null);
});
assert_equals(document.body.innerText, old);
}, "`document.writeln(null)` throws");
let default_policy = trustedTypes.createPolicy('default',
{ createHTML: createHTMLJS }, true );
// Default policy works.
test(t => {
document.body.innerText = '';
document.write(INPUTS.HTML);
assert_equals(document.body.innerText, RESULTS.HTML);
}, "`document.write(string)` observes default policy");
// Default policy works. (Now for writeln.)
test(t => {
document.body.innerText = '';
document.writeln(INPUTS.HTML);
assert_equals(document.body.innerText, RESULTS.HTML);
}, "`document.writeln(string)` observes default policy");
</script>
|