Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test for importing a srcdoc attribute node from a non-TT realm to a TT iframe element throws #44323

Merged
merged 10 commits into from
Apr 15, 2024
Merged

Add test for importing a srcdoc attribute node from a non-TT realm to a TT iframe element throws #44323

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
3bd4d23
Add test for importing a `srcdoc` attribute node from a non-TT realm …
mbrodesser-Igalia Jan 31, 2024
d120fc8
Schedule the new test before a default policy is created and simplify…
mbrodesser-Igalia Feb 1, 2024
2c2ea19
Move test to <block-string-assignment-to-Element-setAttributeNode.htm…
mbrodesser-Igalia Feb 1, 2024
aeed729
Add TODO
mbrodesser-Igalia Feb 1, 2024
f484397
Add remaining tests for the DOM integration of TT when attribute node…
mbrodesser-Igalia Feb 1, 2024
4a9e49c
Change test to check `aTestElement`'s `ownerDocument` equals `document`
mbrodesser-Igalia Feb 20, 2024
d615169
Refactor test to use the XLink namespace for SVG's script element
mbrodesser-Igalia Feb 21, 2024
26c25f9
Remove unnecessary assertions and explain in a comment that `aTestEle…
mbrodesser-Igalia Feb 22, 2024
b617318
Change test to check `setAttributeNode` and `setAttribute` respect th…
mbrodesser-Igalia Mar 28, 2024
dfd95a9
Use `sourceFrame.contentWindow`'s `TyperError` constructor
mbrodesser-Igalia Apr 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
125 changes: 125 additions & 0 deletions trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta
http-equiv="Content-Security-Policy"
content="require-trusted-types-for 'script';"
/>
<title>
trusted-types (TT): `setAttribute`/`setAttributeNode` for an element
adopted from a non-TT realm respects TT's Content-Security-Policy (CSP)
</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<div id="nonSVGTestElements">
<iframe srcdoc="v"></iframe>
<embed src="v" />
<script src="v"></script>
<object data="v"></object>
<object codebase="v"></object>
</div>
<svg id="svgTestElements">
<script href="v"></script>
<script xlink:href="v"></script>
</svg>
<script>
const passThroughPolicy = trustedTypes.createPolicy("passThrough", {
createHTML: (s) => s,
});

function runTest(aTestElement) {
const testAttr = aTestElement.attributes[0];

async_test(
(t) => {
const sourceFrame = document.createElement("iframe");

// The markup requires the parent element to ensure the attribute is associated with the
// correct namespace.
sourceFrame.srcdoc = passThroughPolicy.createHTML(
`<!DOCTYPE html>
<head>
<meta charset="utf-8">
</head>
<body>
<` +
aTestElement.parentElement.localName +
`>
<` +
aTestElement.localName +
` ` +
testAttr.name +
`="` +
testAttr.value +
`">
</` +
aTestElement.localName +
`>
</` +
aTestElement.parentElement.localName +
`>
doc without TT CSP.
</body>`
);

t.add_cleanup(() => {
sourceFrame.remove();
});

sourceFrame.addEventListener(
"load",
t.step_func_done(() => {
// A window is a global object which has 1-to-1 mapping to a realm, see the first
// note of <https://html.spec.whatwg.org/#realms-settings-objects-global-objects>
// and its following paragraph. Here, `sourceElement`'s node document's global
// belongs to a non-TT realm.

const sourceElement =
sourceFrame.contentDocument.body.querySelector(
aTestElement.localName
);
const sourceAttr = sourceElement.getAttributeNode(
testAttr.name
);
sourceElement.removeAttributeNode(sourceAttr);

document.body.append(sourceElement);
// Now `sourceElement`'s node document's global belongs to a TT-realm.

assert_throws_js(sourceFrame.contentWindow.TypeError, () => {
sourceElement.setAttributeNode(sourceAttr);
mbrodesser-Igalia marked this conversation as resolved.
Show resolved Hide resolved
});
assert_throws_js(sourceFrame.contentWindow.TypeError, () => {
sourceElement.setAttributeNS(
sourceAttr.namespaceURI,
sourceAttr.name,
sourceAttr.value
);
});
})
);

document.body.append(sourceFrame);
},
`setAttribute and setAttributeNode respect the element's node document's global's CSP;
Element=${aTestElement.localName}; Parent=${aTestElement.parentElement.localName}; Attribute=${testAttr.name}`
);
}

for (const testElement of document.querySelectorAll(
"#nonSVGTestElements *"
)) {
runTest(testElement);
}

for (const testElement of document.querySelectorAll(
"#svgTestElements *"
)) {
runTest(testElement);
}
</script>
</body>
</html>