Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-001.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<meta charset="UTF-8">
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="./support/csp-violations.js"></script>
<script>
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "tt-policy-name", "tt-policy-name", "C", "C"],
"header(Content-Security-Policy,trusted-types tt-policy-name,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
let duplicate = index % 2;
if (result.name === "tt-policy-name" && !duplicate) {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single enforce policy with directive "trusted-type tt-policy-name"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "tt-policy-name", "tt-policy-name", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types tt-policy-name,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
let duplicate = index % 2;
if (result.name === "tt-policy-name" && !duplicate) {
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single report-only policy with directive "trusted-type tt-policy-name"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy,trusted-types *,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
let duplicate = index % 2;
if (!duplicate) {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single enforce policy with directive "trusted-type *"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types *,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
let duplicate = index % 2;
if (!duplicate) {
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single report-only policy with directive "trusted-type *"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy,trusted-types 'none',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
});
}, `single enforce policy with directive "trusted-type 'none'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types 'none',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 1);
});
}, `single report-only policy with directive "trusted-type 'none'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy,trusted-types 'allow-duplicates',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
});
}, `single enforce policy with directive "trusted-type 'allow-duplicates'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types 'allow-duplicates',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 1);
});
}, `single report-only policy with directive "trusted-type 'allow-duplicates'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "tt-policy-name", "tt-policy-name", "C", "C"],
"header(Content-Security-Policy,trusted-types tt-policy-name 'allow-duplicates',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
if (result.name === "tt-policy-name") {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single enforce policy with directive "trusted-type tt-policy-name 'allow-duplicates'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "tt-policy-name", "tt-policy-name", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types tt-policy-name 'allow-duplicates',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
if (result.name === "tt-policy-name") {
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single report-only policy with directive "trusted-type tt-policy-name 'allow-duplicates'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy,trusted-types * 'allow-duplicates',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 0);
});
}, `single enforce policy with directive "trusted-type * 'allow-duplicates'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types * 'allow-duplicates',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 0);
});
}, `single report-only policy with directive "trusted-type * 'allow-duplicates'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy,trusted-types 'none' 'allow-duplicates',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
});
}, `single enforce policy with directive "trusted-type 'none' 'allow-duplicates'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types 'none' 'allow-duplicates',True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 1);
});
}, `single report-only policy with directive "trusted-type 'none' 'allow-duplicates'"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "tt-policy-name", "tt-policy-name", "C", "C"],
"header(Content-Security-Policy,trusted-types 'none' tt-policy-name,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
let duplicate = index % 2;
if (result.name === "tt-policy-name" && !duplicate) {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single enforce policy with directive "trusted-type 'none' tt-policy-name"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "tt-policy-name", "tt-policy-name", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types 'none' tt-policy-name,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
let duplicate = index % 2;
if (result.name === "tt-policy-name" && !duplicate) {
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single report-only policy with directive "trusted-type 'none' tt-policy-name"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy,trusted-types 'none' *,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
let duplicate = index % 2;
if (!duplicate) {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single enforce policy with directive "trusted-type 'none' *"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types 'none' *,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
let duplicate = index % 2;
if (!duplicate) {
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single report-only policy with directive "trusted-type 'none' *"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy,trusted-types tt-policy-name *,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
let duplicate = index % 2;
if (!duplicate) {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single enforce policy with directive "trusted-type tt-policy-name *"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["A", "A", "B", "B", "C", "C"],
"header(Content-Security-Policy-Report-Only,trusted-types tt-policy-name *,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
let duplicate = index % 2;
if (!duplicate) {
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single report-only policy with directive "trusted-type tt-policy-name *"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["tt-policy-name1", "tt-policy-name1", "tt-policy-name2", "tt-policy-name2", "tt-policy-name3", "tt-policy-name3"],
"header(Content-Security-Policy,trusted-types tt-policy-name1 tt-policy-name2 tt-policy-name3,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
let duplicate = index % 2;
if (!duplicate) {
assert_equals(result.exception, null);
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_true(result.exception instanceof TypeError);
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single enforce policy with directive "trusted-type tt-policy-name1 tt-policy-name2 tt-policy-name3"`);
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
["tt-policy-name1", "tt-policy-name1", "tt-policy-name2", "tt-policy-name2", "tt-policy-name3", "tt-policy-name3"],
"header(Content-Security-Policy-Report-Only,trusted-types tt-policy-name1 tt-policy-name2 tt-policy-name3,True)"
);
assert_equals(results.length, 6);
results.forEach((result, index) => {
assert_equals(result.exception, null);
let duplicate = index % 2;
if (!duplicate) {
assert_equals(result.violatedPolicies.length, 0);
} else {
assert_equals(result.violatedPolicies.length, 1);
}
});
}, `single report-only policy with directive "trusted-type tt-policy-name1 tt-policy-name2 tt-policy-name3"`);
// Verify unquoted none is treated as a tt-policy-names.
['none', 'allow-duplicates'].forEach(unquoted_keyword => {
promise_test(async t => {
let results = await tryCreatingTrustedTypePoliciesWithCSP(
[unquoted_keyword, "other-tt-policy-name"],
`header(Content-Security-Policy,trusted-types ${unquoted_keyword},True)`
);
assert_equals(results.length, 2);
assert_equals(results[0].exception, null);
assert_equals(results[0].violatedPolicies.length, 0);
assert_true(results[1].exception instanceof TypeError);
assert_equals(results[1].violatedPolicies.length, 1);
}, `Single enforce policy with directive "trusted-type ${unquoted_keyword}"`);
});
</script>