1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
<!DOCTYPE html>
<head>
</head>
<body>
<p>Support page for trusted-types-navigation-report-only.*.html tests.</p>
<a id="anchor" href="#">link</a>
<script>
const params = new URLSearchParams(location.search);
if (!!params.get("defaultpolicy")) {
trustedTypes.createPolicy("default", {
createScript: s => s.replace("continue", "defaultpolicywashere"),
});
}
function bounceEventToOpener(e) {
const msg = {};
for (const field of ["effectiveDirective", "sample", "type"]) {
msg[field] = e[field];
}
msg["uri"] = location.href;
window.opener.postMessage(msg, "*");
}
// If a navigation is blocked by Trusted Types, we expect this window to
// throw a SecurityPolicyViolationEvent. If it's not blocked, we expect the
// loaded frame to through DOMContentLoaded. In either case there should be
// _some_ event that we can expect.
document.addEventListener("DOMContentLoaded", bounceEventToOpener);
document.addEventListener("securitypolicyviolation", bounceEventToOpener);
// Navigate to the non-report-only version of the test. That has the same
// event listening setup as this, but is a different target URI.
const target_script = `location.href='${location.href.replace("-report-only", "") + "#continue"}';`;
const target = `javascript:${target_script}`;
// Navigate the anchor, but only after the content is loaded (so that we
// won't disturb delivery of that event to the opener.
const anchor = document.getElementById("anchor");
anchor.href = target;
if (!!params.get("frame")) {
const frame = document.createElement("iframe");
frame.src = "frame-without-trusted-types.html";
frames.name = "frame";
document.body.appendChild(frame);
anchor.target = "frame";
}
if (!location.hash) {
document.addEventListener("DOMContentLoaded", _ => anchor.click());
}
</script>
</body>
|