Source code

Revision control

Copy as Markdown

Other Tools

<!DOCTYPE html>
<p>Support page for trusted-types-navigation-report-only.*.html tests.</p>
<a id="anchor" href="#">link</a>
const params = new URLSearchParams(;
if (!!params.get("defaultpolicy")) {
trustedTypes.createPolicy("default", {
createScript: s => s.replace("continue", "defaultpolicywashere"),
function bounceEventToOpener(e) {
const msg = {};
for (const field of ["effectiveDirective", "sample", "type"]) {
msg[field] = e[field];
msg["uri"] = location.href;
window.opener.postMessage(msg, "*");
// If a navigation is blocked by Trusted Types, we expect this window to
// throw a SecurityPolicyViolationEvent. If it's not blocked, we expect the
// loaded frame to through DOMContentLoaded. In either case there should be
// _some_ event that we can expect.
document.addEventListener("DOMContentLoaded", bounceEventToOpener);
document.addEventListener("securitypolicyviolation", bounceEventToOpener);
// Navigate to the non-report-only version of the test. That has the same
// event listening setup as this, but is a different target URI.
const target_script = `location.href='${location.href.replace("-report-only", "") + "#continue"}';`;
const target = `javascript:"<script>${target_script}</scri${""}pt>"`;
// Navigate the anchor, but only after the content is loaded (so that we
// won't disturb delivery of that event to the opener.
const anchor = document.getElementById("anchor");
anchor.href = target;
if (!!params.get("frame")) {
const frame = document.createElement("iframe");
frame.src = "frame-without-trusted-types.html"; = "frame";
document.body.appendChild(frame); = "frame";
if (!location.hash) {
document.addEventListener("DOMContentLoaded", _ =>;