Source code
Revision control
Copy as Markdown
Other Tools
<!DOCTYPE html>
<head>
</head>
<body>
<p>Support page for trusted-types-navigation-report-only.*.html tests.</p>
<a id="anchor" href="#">link</a>
<script>
const params = new URLSearchParams(location.search);
if (!!params.get("defaultpolicy")) {
trustedTypes.createPolicy("default", {
createScript: s => s.replace("continue", "defaultpolicywashere"),
});
}
function bounceEventToOpener(e) {
const msg = {};
for (const field of ["effectiveDirective", "sample", "type"]) {
msg[field] = e[field];
}
msg["uri"] = location.href;
window.opener.postMessage(msg, "*");
}
// If a navigation is blocked by Trusted Types, we expect this window to
// throw a SecurityPolicyViolationEvent. If it's not blocked, we expect the
// loaded frame to through DOMContentLoaded. In either case there should be
// _some_ event that we can expect.
document.addEventListener("DOMContentLoaded", bounceEventToOpener);
document.addEventListener("securitypolicyviolation", bounceEventToOpener);
// Navigate to the non-report-only version of the test. That has the same
// event listening setup as this, but is a different target URI.
const target_script = `location.href='${location.href.replace("-report-only", "") + "#continue"}';`;
const target = `javascript:${target_script}`;
// Navigate the anchor, but only after the content is loaded (so that we
// won't disturb delivery of that event to the opener.
const anchor = document.getElementById("anchor");
anchor.href = target;
if (!!params.get("frame")) {
const frame = document.createElement("iframe");
frame.src = "frame-without-trusted-types.html";
frames.name = "frame";
document.body.appendChild(frame);
anchor.target = "frame";
}
if (!location.hash) {
document.addEventListener("DOMContentLoaded", _ => anchor.click());
}
</script>
</body>