4 <script src=
"/resources/testharness.js"></script>
5 <script src=
"/resources/testharnessreport.js"></script>
6 <script src=
"support/helper.sub.js"></script>
8 <meta http-equiv=
"Content-Security-Policy" content=
"require-trusted-types-for 'script';">
13 assert_element_accepts_trusted_html_set_ns(window
, '0', t
, 'a', 'b', RESULTS
.HTML
);
14 }, "Element.setAttributeNS assigned via policy (successful HTML transformation)");
17 assert_element_accepts_trusted_script_set_ns(window
, '1', t
, 'a', 'b', RESULTS
.SCRIPT
);
18 }, "Element.setAttributeNS assigned via policy (successful Script transformation)");
21 assert_element_accepts_trusted_script_url_set_ns(window
, '2', t
, 'a', 'b', RESULTS
.SCRIPTURL
);
22 }, "Element.setAttributeNS assigned via policy (successful ScriptURL transformation)");
24 // Unknown attributes should not be TT checked:
26 assert_element_accepts_non_trusted_type_set_ns('a', 'b', 'A string', 'A string');
27 }, "Element.setAttributeNS accepts untrusted string for non-specced accessor");
30 assert_element_accepts_non_trusted_type_set_ns('a', 'b', null, 'null');
31 }, "Element.setAttributeNS accepts null for non-specced accessor");
33 // Setup trusted values for use in subsequent tests.
34 const script_url
= createScriptURL_policy(window
, '5').createScriptURL(INPUTS
.ScriptURL
);
35 const html
= createHTML_policy(window
, '6').createHTML(INPUTS
.HTML
);
36 const script
= createScript_policy(window
, '7').createScript(INPUTS
.Script
);
38 const xlink
= "http://www.w3.org/1999/xlink";
39 const svg
= "http://www.w3.org/2000/svg";
41 // svg:script xlink:href=... expects a TrustedScriptURL.
42 // Assigning a TrustedScriptURL works.
44 let elem
= document
.createElementNS(svg
, "script");
45 elem
.setAttributeNS(xlink
, "href", script_url
);
46 assert_equals("" + RESULTS
.ScriptURL
,
47 elem
.getAttributeNodeNS(xlink
, "href").value
);
48 }, "Assigning TrustedScriptURL to <svg:script xlink:href=...> works");
50 // Assigning things that ought to not work.
52 let elem
= document
.createElementNS(svg
, "script");
53 const values
= [ "abc", null, html
, script
];
54 for (const v
of values
) {
55 assert_throws_js(TypeError
, _
=> {
56 elem
.setAttributeNS(xlink
, "href", v
);
59 }, "Blocking non-TrustedScriptURL assignment to <svg:script xlink:href=...> works");