Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /trusted-types/TrustedTypePolicy-createXXX.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<script src="/resources/testharness.js" ></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/helper.sub.js"></script>
<body>
<script>
test(t => {
const p1 = trustedTypes.createPolicy("policyHTMLAndScript", {
createHTML: s => s,
createScript: s => s
});
assert_throws_js(TypeError, _ => { p1.createScriptURL("foo"); });
const p2 = trustedTypes.createPolicy("policyURLAndScriptURL", {
createScriptURL: s => s
});
assert_throws_js(TypeError, _ => { p2.createHTML("foo"); });
assert_throws_js(TypeError, _ => { p2.createScript("foo"); });
}, "calling undefined callbacks throws");
test(t => {
const noopPolicy = {
createHTML: (s) => s,
createScriptURL: (s) => s,
createScript: (s) => s,
};
policy = trustedTypes.createPolicy(Math.random(), noopPolicy, true);
let el = document.createElement("div");
el.title = policy.createHTML(INPUTS.SCRIPTURL);
assert_equals(el.title, INPUTS.SCRIPTURL);
}, "Attributes without type constraints will work as before.");
test(t => {
const policy = trustedTypes.createPolicy("nullpolicy", null);
assert_throws_js(TypeError, _ => { policy.createScriptURL("foo"); });
assert_throws_js(TypeError, _ => { policy.createHTML("foo"); });
assert_throws_js(TypeError, _ => { policy.createScript("foo"); });
}, "trustedTypes.createPolicy(.., null) creates empty policy.");
// testCases contains a list of policy functions and expected results (when
// called with a given default argument). They also use various helper
// variables (declared just below) to test side effects or interactions of
// global vars/functions with policy callbacks.
let aGlobalVarForSideEffectTesting = "global";
var aGlobalObject = { "foo": "well," };
function aGlobalFunction(s) { return this.foo + " " + s; }
function anotherGlobalFunction(s) { return s + "#" + this.foo; }
var foo = "a global var named foo";
const stringTestCases = [
[ s => s, "whatever" ],
[ s => null, "" ],
[ s => "well, " + s, "well, whatever" ],
[ s => { throw new Error() }, Error ],
[ s => { aGlobalVarForSideEffectTesting = s; return s }, "whatever" ],
[ s => aGlobalVarForSideEffectTesting + s, "whateverwhatever" ],
[ aGlobalFunction.bind(aGlobalObject), "well, whatever" ],
[ s => aGlobalFunction(s), "a global var named foo whatever" ],
];
const urlTestCases = [
[ s => s, INPUTS.SCRIPTURL ],
[ s => null, "" ],
[ s => s + "#duck", INPUTS.SCRIPTURL + "#duck" ],
[ s => { throw new Error() }, Error ],
[ s => s + "#" + aGlobalVarForSideEffectTesting,
INPUTS.SCRIPTURL + "#global" ],
[ anotherGlobalFunction.bind(aGlobalObject), INPUTS.SCRIPTURL + "#well," ],
[ s => anotherGlobalFunction(s),
INPUTS.SCRIPTURL + "#a global var named foo" ],
];
function policyBuilder(trustedMethodName, trustedType, defaultArg) {
return function(name, fn) {
let options = {};
options[trustedMethodName] = fn;
let policy = window.trustedTypes.createPolicy(name, options);
let result = policy[trustedMethodName](defaultArg);
assert_true(result instanceof trustedType);
return result;
}
}
const testCases = [
[TrustedHTML, "createHTML", "whatever", stringTestCases],
[TrustedScript, "createScript", "whatever", stringTestCases],
[TrustedScriptURL, "createScriptURL", INPUTS.SCRIPTURL, urlTestCases],
];
// Iterate over all trusted types, iterate over all test cases.
// For each, build the suitable policy and check the result.
for (let [trusted_class, trusted_method, default_arg, test_cases] of testCases) {
aGlobalVarForSideEffectTesting = "global";
let builder = policyBuilder(trusted_method, trusted_class, default_arg);
for (let [index, [policy_fn, value]] of test_cases.entries()) {
let subtest_name = "TestPolicy" + trusted_class.name + index;
test(t => {
if (typeof value == "object" || typeof value == "function") {
assert_throws_js(value, () => builder(subtest_name, policy_fn));
} else {
assert_equals("" + builder(subtest_name, policy_fn), value);
}
}, subtest_name + " (" + trusted_class.name + ": " +
policy_fn.toString() + ")");
}
}
</script>