Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /trusted-types/GlobalEventHandlers-onclick.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/helper.sub.js"></script>
<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
<body>
<div id="container"></div>
<script>
var container = document.querySelector('#container');
const policy = createScript_policy(window, 'onclick');
const policy_html = createHTML_policy(window, 'onclick-html');
// Trusted Type assignments do not throw.
async_test(t => {
window.onclickDone1 = t.step_func_done();
let script = policy.createScript("window.onclickDone1();");
let el = document.createElement('a');
el.setAttribute('onclick', script);
container.appendChild(el);
el.click();
}, "a.setAttribute('onclick') sets a trusted script.");
// Unsuitable TrustedType assignments do throw.
test(t => {
window.onclickFail1 = t.unreached_func();
let script = policy_html.createHTML("window.onclickFail1();");
let el = document.createElement('a');
assert_throws_js(TypeError, () => {
el.setAttribute('onclick', script);
container.appendChild(el);
el.click();
});
}, "a.setAttribute('onclick') sets an unsuitable trusted type.");
// So do plain test assignments.
test(t => {
window.onclickFail2 = t.unreached_func();
let el = document.createElement('a');
assert_throws_js(TypeError, () => {
el.setAttribute("onclick", "window.onclickFail2();");
container.appendChild(el);
el.click();
});
}, "a.setAttribute('click') sets a test string.");
</script>