Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/helper.sub.js"></script>
<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
test(t => {
assert_element_accepts_trusted_html_set_ns(window, '0', t, 'a', 'b', RESULTS.HTML);
}, "Element.setAttributeNS assigned via policy (successful HTML transformation)");
test(t => {
assert_element_accepts_trusted_script_set_ns(window, '1', t, 'a', 'b', RESULTS.SCRIPT);
}, "Element.setAttributeNS assigned via policy (successful Script transformation)");
test(t => {
assert_element_accepts_trusted_script_url_set_ns(window, '2', t, 'a', 'b', RESULTS.SCRIPTURL);
}, "Element.setAttributeNS assigned via policy (successful ScriptURL transformation)");
// Unknown, namespaced attributes should not be TT checked:
test(t => {
assert_element_accepts_non_trusted_type_set_ns('a', 'b', 'A string', 'A string');
}, "Element.setAttributeNS accepts untrusted string for non-specced accessor");
test(t => {
assert_element_accepts_non_trusted_type_set_ns('a', 'b', null, 'null');
}, "Element.setAttributeNS accepts null for non-specced accessor");
// Setup trusted values for use in subsequent tests.
const script_url = createScriptURL_policy(window, '5').createScriptURL(INPUTS.ScriptURL);
const html = createHTML_policy(window, '6').createHTML(INPUTS.HTML);
const script = createScript_policy(window, '7').createScript(INPUTS.Script);
const xlink = "";
// svg:script xlink:href=... expects a TrustedScriptURL.
// Assigning a TrustedScriptURL works.
test(t => {
let elem = document.createElementNS(svg, "script");
elem.setAttributeNS(xlink, "href", script_url);
assert_equals("" + RESULTS.ScriptURL,
elem.getAttributeNodeNS(xlink, "href").value);
}, "Assigning TrustedScriptURL to <svg:script xlink:href=...> works");
// Assigning things that ought to not work.
test(t => {
let elem = document.createElementNS(svg, "script");
const values = [ "abc", null, html, script ];
for (const v of values) {
assert_throws_js(TypeError, _ => {
elem.setAttributeNS(xlink, "href", v);
}, "Blocking non-TrustedScriptURL assignment to <svg:script xlink:href=...> works");