1 files changed, 108 insertions, 0 deletions
diff --git a/testing/web-platform/tests/trusted-types/default-policy.tentative.html b/testing/web-platform/tests/trusted-types/default-policy.tentative.html
new file mode 100644
index 0000000000..debde85cda
--- /dev/null
+++ b/testing/web-platform/tests/trusted-types/default-policy.tentative.html
@@ -0,0 +1,108 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="support/helper.sub.js"></script>
+</head>
+<body>
+<script>
+// Ensure that only the right events trigger violation reports.
+// The Promise will resolve, when an event including the string "done" is
+// received. The last line of this test file will cause this trigger.
+promise_test(t => {
+  let count = { "null": 0, "undefined": 0, "nodefault": 0 };
+  return new Promise((resolve, reject) => {
+    document.addEventListener("securitypolicyviolation", e => {
+      e.stopPropagation();
+      // We count the violation reports. We expect one each for "null" and
+      // "undefined", one each for the "no default" test case above, and one
+      // for the "done" line at the end, which signals the end of the test run.
+      if (e.sample.includes("done")) {
+        resolve(count);
+      } else if (e.sample.includes("null")) {
+        count["null"]++;
+      } else if (e.sample.includes("undefined")) {
+        count["undefined"]++;
+      } else if (e.sample.includes("nodefault")) {
+        count["nodefault"]++;
+      } else {
+        reject();
+      }
+    });
+  }).then(counters => {
+    for (const counter of ["null", "undefined", "nodefault"]) {
+      assert_equals(counters[counter], testCases.length,
+                    "event count of " + counter);
+    }
+  });
+}, "Count SecurityPolicyViolation events.");
+
+const testCases = [
+  [ "script", "src" ],
+  [ "div", "innerHTML" ],
+  [ "script", "text" ],
+];
+
+// Try each test case _without_ a default policy.
+testCases.forEach(c => {
+  test(t => {
+    const element = document.createElement(c[0]);
+    assert_throws_js(TypeError, _ => element[c[1]] = "nodefault");
+    assert_equals(element[c[1]], "");
+  }, `${c[0]}.${c[1]} no default policy`);
+});
+
+// A trusted type policy that forces a number of edge cases.
+function policy(str) {
+  if (str == "throw")
+    throw RangeError();
+  else if (str == "null")
+    return null;
+  else if (str == "undefined")
+    return undefined;
+  else if (str == "typeerror")
+    return document.bla();
+  else if (str == "done")
+    return null;
+  else
+    return "sanitized: " + str;
+}
+
+trustedTypes.createPolicy("default", {
+  createScriptURL: policy,
+  createHTML: policy,
+  createScript: policy
+});
+
+testCases.forEach(c => {
+  const name = `${c[0]}.${c[1]} `;
+  test(t => {
+    const element = document.createElement(c[0]);
+    element[c[1]] = "abc";
+    assert_equals(element[c[1]], "sanitized: abc");
+  }, name + "default");
+  test(t => {
+    const element = document.createElement(c[0]);
+    assert_throws_js(TypeError, _ => element[c[1]] = "null");
+    assert_equals(element[c[1]], "");
+  }, name + "null");
+  test(t => {
+    const element = document.createElement(c[0]);
+    assert_throws_js(RangeError, _ => element[c[1]] = "throw");
+  }, name + "throw");
+  test(t => {
+    const element = document.createElement(c[0]);
+    assert_throws_js(TypeError, _ => element[c[1]] = "undefined");
+    assert_equals(element[c[1]], "");
+  }, name + "undefined");
+  test(t => {
+    const element = document.createElement(c[0]);
+    assert_throws_js(TypeError, _ => element[c[1]] = "typeerror");
+  }, name + "typeerror");
+});
+
+// Trigger the exit condition in the "Count" promise test above.
+try { document.createElement("script").text = "done"; } catch (e) {}
+</script>
+</body>