<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/helper.sub.js"></script>
<meta http-equiv="Content-Security-Policy" content="trusted-types *">
</head>
<body>
<script>
// TrustedURL Assignments
let testCases = [
[ 'a', 'href' ],
[ 'area', 'href' ],
[ 'base', 'href' ],
[ 'frame', 'src' ],
[ 'iframe', 'src' ],
[ 'img', 'src' ],
[ 'input', 'src' ],
[ 'link', 'href' ],
[ 'video', 'src' ],
[ 'object', 'data' ],
[ 'object', 'codeBase' ],
[ 'source', 'src' ],
[ 'track', 'src' ]
];
testCases.forEach(c => {
test(t => {
assert_element_accepts_trusted_url_explicit_set(window, c, t, c[0], c[1], RESULTS.URL);
assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
}, c[0] + "." + c[1] + " accepts only TrustedURL");
});
// TrustedScriptURL Assignments
let scriptTestCases = [
[ 'embed', 'src' ],
[ 'script', 'src' ]
];
scriptTestCases.forEach(c => {
test(t => {
assert_element_accepts_trusted_script_url_explicit_set(window, c, t, c[0], c[1], RESULTS.SCRIPTURL);
assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
}, c[0] + "." + c[1] + " accepts only TrustedScriptURL");
});
// TrustedHTML Assignments
let HTMLTestCases = [
[ 'iframe', 'srcdoc' ]
];
HTMLTestCases.forEach(c => {
test(t => {
assert_element_accepts_trusted_html_explicit_set(window, c, t, c[0], c[1], RESULTS.HTML);
assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
}, c[0] + "." + c[1] + " accepts only TrustedHTML");
});
// Other attributes can be assigned with TrustedTypes or strings or null values
test(t => {
assert_element_accepts_trusted_url_explicit_set(window, 'arel', t, 'a', 'rel', RESULTS.URL);
}, "a.rel assigned via policy (successful URL transformation)");
test(t => {
assert_element_accepts_non_trusted_type_explicit_set('a', 'rel', 'A string', 'A string');
}, "a.rel accepts strings");
test(t => {
assert_element_accepts_non_trusted_type_explicit_set('a', 'rel', null, 'null');
}, "a.rel accepts null");
test(t => {
let el = document.createElement('iframe');
assert_throws(new TypeError(), _ => {
el.setAttribute('SrC', INPUTS.URL);
});
assert_equals(el.src, '');
}, "`Element.prototype.setAttribute.SrC = string` throws.");
</script>