-
Notifications
You must be signed in to change notification settings - Fork 3.3k
/
Copy pathblock-string-assignment-to-ShadowRoot-setHTMLUnsafe.html
84 lines (76 loc) · 2.84 KB
/
block-string-assignment-to-ShadowRoot-setHTMLUnsafe.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<!DOCTYPE html>
<html>
<head>
<meta name="author" title="Luke Warlow" href="mailto:lwarlow@igalia.com">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/helper.sub.js"></script>
<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
</head>
<body>
<div id="container"></div>
<script>
var container = document.querySelector('#container')
const cleanupPolicy =
trustedTypes.createPolicy('cleanup', { createHTML: _ => "" });
function cleanup() { container.innerHTML = cleanupPolicy.createHTML(""); }
// TrustedHTML assignments do not throw.
test(t => {
t.add_cleanup(cleanup);
let p = createHTML_policy(window, 1);
let html = p.createHTML(INPUTS.HTML);
let d = document.createElement('div');
let s = d.attachShadow({mode: 'open'});
document.querySelector('#container').appendChild(d);
s.setHTMLUnsafe(html);
assert_equals(s.innerHTML, RESULTS.HTML);
}, "shadowRoot.setHTMLUnsafe(html) assigned via policy (successful HTML transformation).");
// String assignments throw.
test(t => {
t.add_cleanup(cleanup);
let d = document.createElement('div');
let s = d.attachShadow({mode: 'open'});
container.appendChild(d);
assert_throws_js(TypeError, _ => {
s.setHTMLUnsafe("Fail");
});
assert_equals(s.innerHTML, "");
}, "`shadowRoot.setHTMLUnsafe(string)` throws.");
// Null assignment throws.
test(t => {
t.add_cleanup(cleanup);
let d = document.createElement('div');
let s = d.attachShadow({mode: 'open'});
container.appendChild(d);
assert_throws_js(TypeError, _ => {
s.setHTMLUnsafe(null);
});
assert_equals(s.innerHTML, "");
}, "`shadowRoot.setHTMLUnsafe(null)` throws.");
// After default policy creation string assignment implicitly calls createHTML.
test(t => {
t.add_cleanup(cleanup);
let p = window.trustedTypes.createPolicy("default", { createHTML:
(value, type, sink) => {
assert_equals(sink, "ShadowRoot setHTMLUnsafe");
return createHTMLJS(value);
}
});
let d = document.createElement('div');
let s = d.attachShadow({mode: 'open'});
document.querySelector('#container').appendChild(d);
s.setHTMLUnsafe(INPUTS.HTML);
assert_equals(s.innerHTML, RESULTS.HTML);
}, "`shadowRoot.setHTMLUnsafe(string)` assigned via default policy (successful HTML transformation).");
// After default policy creation null assignment implicitly calls createHTML.
test(t => {
t.add_cleanup(cleanup);
let d = document.createElement('div');
let s = d.attachShadow({mode: 'open'});
container.appendChild(d);
s.setHTMLUnsafe(null);
assert_equals(s.innerHTML, "null");
}, "`shadowRoot.setHTMLUnsafe(string)` assigned via default policy does not throw");
</script>
</body>
</html>