1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
<!DOCTYPE html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta http-equiv="Content-Security-Policy"
content="require-trusted-types-for 'script'">
</head>
<body>
<div id="log"></div>
<svg id="svg"><script id="script">"some script text";</script></svg>
<script>
// Returns a promise that resolves with a Security Policy Violation (spv)
// even when it is received.
function promise_spv() {
return new Promise((resolve, reject) => {
window.addEventListener("securitypolicyviolation", e => {
resolve(e);
}, { once: true });
});
}
const policy = trustedTypes.createPolicy("policy", {
createScript: x => x, createHTML: x => x, createScriptURL: x => x });
promise_test(t => {
assert_throws_js(TypeError, _ => {
document.getElementById("script").innerHTML = "'modified via innerHTML';";
});
return promise_spv();
}, "Assign String to SVGScriptElement.innerHTML.");
promise_test(t => {
document.getElementById("script").innerHTML = policy.createHTML("'modified via innerHTML';");
return Promise.resolve();
}, "Assign TrustedHTML to SVGScriptElement.innerHTML.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
elem.innerHTML = policy.createHTML("'modified via innerHTML';");
document.getElementById("svg").appendChild(elem);
return promise_spv();
}, "Assign TrustedHTML to SVGScriptElement.innerHTML and execute it.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
elem.insertBefore(document.createTextNode("modified via DOM"), null);
document.getElementById("svg").appendChild(elem);
return promise_spv();
}, "Modify SVGScriptElement via DOM manipulation.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
assert_throws_js(TypeError, _ => {
elem.href.baseVal = "about:blank";
});
document.getElementById("svg").appendChild(elem);
return promise_spv();
}, "Assign string to SVGScriptElement.href.baseVal.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
elem.href.baseVal = policy.createScriptURL("about:blank");
document.getElementById("svg").appendChild(elem);
return Promise.resolve();
}, "Assign TrustedScriptURL to SVGScriptElement.href.baseVal.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
assert_throws_js(TypeError, _ => {
elem.setAttribute("href", "about:blank");
});
document.getElementById("svg").appendChild(elem);
return promise_spv();
}, "Assign string to non-attached SVGScriptElement.href via setAttribute.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
elem.setAttribute("href", policy.createScriptURL("about:blank"));
document.getElementById("svg").appendChild(elem);
return Promise.resolve();
}, "Assign TrustedScriptURL to non-attached SVGScriptElement.href via setAttribute.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
document.getElementById("svg").appendChild(elem);
assert_throws_js(TypeError, _ => {
elem.setAttribute("href", "about:blank");
});
return promise_spv();
}, "Assign string to attached SVGScriptElement.href via setAttribute.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
document.getElementById("svg").appendChild(elem);
elem.setAttribute("href", policy.createScriptURL("about:blank"));
return Promise.resolve();
}, "Assign TrustedScriptURL to attached SVGScriptElement.href via setAttribute.");
// Default policy test: We repate the string assignment tests above,
// but now expect all of them to pass.
promise_test(t => {
trustedTypes.createPolicy("default", {
createScript: x => x, createHTML: x => x, createScriptURL: x => x });
return Promise.resolve();
}, "Setup default policy");
promise_test(t => {
document.getElementById("script").innerHTML = "'modified via innerHTML';";
return Promise.resolve();
}, "Assign String to SVGScriptElement.innerHTML w/ default policy.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
elem.href.baseVal = "about:blank";
document.getElementById("svg").appendChild(elem);
return Promise.resolve();
}, "Assign string to SVGScriptElement.href.baseVal w/ default policy.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
elem.setAttribute("href", "about:blank");
document.getElementById("svg").appendChild(elem);
return Promise.resolve();
}, "Assign string to non-attached SVGScriptElement.href via setAttribute w/ default policy.");
promise_test(t => {
const elem = document.createElementNS(
"http://www.w3.org/2000/svg", "script");
document.getElementById("svg").appendChild(elem);
elem.setAttribute("href", "about:blank");
return Promise.resolve();
}, "Assign string to attached SVGScriptElement.href via setAttribute w/ default policy.");
</script>
</body>
|
