diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /testing/web-platform/tests/trusted-types/GlobalEventHandlers-onclick.tentative.html | |
parent | Initial commit. (diff) | |
download | thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.tar.xz thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/trusted-types/GlobalEventHandlers-onclick.tentative.html')
-rw-r--r-- | testing/web-platform/tests/trusted-types/GlobalEventHandlers-onclick.tentative.html | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/testing/web-platform/tests/trusted-types/GlobalEventHandlers-onclick.tentative.html b/testing/web-platform/tests/trusted-types/GlobalEventHandlers-onclick.tentative.html new file mode 100644 index 0000000000..0fdde778cc --- /dev/null +++ b/testing/web-platform/tests/trusted-types/GlobalEventHandlers-onclick.tentative.html @@ -0,0 +1,92 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="support/helper.sub.js"></script> + +<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'"> +<body> +<div id="container"></div> +<script> +var container = document.querySelector('#container'); +const policy = createScript_policy(window, 'onclick'); +const policy_html = createHTML_policy(window, 'onclick-html'); + +// Trusted Type assignments do not throw. +async_test(t => { + window.onclickDone1 = t.step_func_done(); + let script = policy.createScript("window.onclickDone1();"); + let el = document.createElement('a'); + el.setAttribute('onclick', script); + container.appendChild(el); + el.click(); +}, "a.setAttribte('onclick') sets a trusted script."); + +// Unsuitable TrustedType assignments do throw. +async_test(t => { + window.onclickFail1 = t.unreached_func(); + let script = policy_html.createHTML("window.onclickFail1();"); + let el = document.createElement('a'); + try { + el.setAttribute('onclick', script); + container.appendChild(el); + el.click(); + } catch (e) { + t.done(); + } + assert_unreached(); +}, "a.setAttribute('onclick') sets an unsuitable trusted type."); + +// So do plain test assignments. +async_test(t => { + window.onclickFail2 = t.unreached_func(); + let el = document.createElement('a'); + try { + el.setAttribute("onclick", "window.onclickFail2();"); + container.appendChild(el); + el.click(); + } catch (e) { + t.done(); + } + assert_unreached(); +}, "a.setAttribute('click') sets a test string."); +/* +// Trusted Type assignments via property access does not throw. +async_test(t => { + window.onclickDone2 = t.step_func_done(); + let script = policy.createScript("window.onclickDone2();"); + let el = document.createElement('a'); + el.onclick = script; + container.appendChild(el); + el.click(); +}, "a.onclick assigned via policy (successful Script transformation)."); + +// Unsuitable TrustedType assignments do throw. +async_test(t => { + window.onclickFail3 = t.unreached_func(); + let script = policy_html.createHTML("window.onclickFail3();"); + let el = document.createElement('a'); + try { + el.onclick = script; + container.appendChild(el); + el.click(); + } catch (e) { + t.done(); + } + assert_unreached(); +}, "a.onclick assigned via an unsuitable policy."); + +// So do plain test assignments. +async_test(t => { + window.onclickFail4 = t.unreached_func(); + let el = document.createElement('a'); + try { + el.onclick = window.onclickFail4(); + container.appendChild(el); + el.click(); + } catch (e) { + t.done(); + } + assert_unreached(); +}, "a.onclick assigned a test string."); +*/ +</script> |