[Trusted Types] Support 'allow-duplicates' in trusted-types directive.

Implements 'allow-duplicates' according to w3c/trusted-types#245 Also updates policy name checking to follow the spec. Bug: 1030259 Change-Id: I74a1a12d5e36b642cfbcf2517a6ee8f0d7f000e7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1950529 Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#723780}
web-platform-tests · Dec 11, 2019 · af8e392 · af8e392
1 parent 57f28f8
commit af8e392
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 7 deletions.
diff --git a/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.html b/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.html
@@ -21,7 +21,8 @@
 
   scriptURLTestCases.forEach(c => {
     test(t => {
-      assert_element_accepts_trusted_script_url_explicit_set(window, c, t, c[0], c[1], RESULTS.SCRIPTURL);
+      assert_element_accepts_trusted_script_url_explicit_set(window,
+          c[0] + "-" + c[1], t, c[0], c[1], RESULTS.SCRIPTURL);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script'));
@@ -35,7 +36,7 @@
 
   HTMLTestCases.forEach(c => {
     test(t => {
-      assert_element_accepts_trusted_html_explicit_set(window, c, t, c[0], c[1], RESULTS.HTML);
+      assert_element_accepts_trusted_html_explicit_set(window, c[0] + "-" + c[1], t, c[0], c[1], RESULTS.HTML);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], nullPolicy.createScript('script'));
@@ -49,7 +50,7 @@
 
   ScriptTestCases.forEach(c => {
     test(t => {
-      assert_element_accepts_trusted_script_explicit_set(window, c, t, c[0], c[1], RESULTS.SCRIPT);
+      assert_element_accepts_trusted_script_explicit_set(window, c[0] + "-" + c[1], t, c[0], c[1], RESULTS.SCRIPT);
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], 'A string');
       assert_throws_no_trusted_type_explicit_set(c[0], c[1], null);
     }, c[0] + "." + c[1] + " accepts only TrustedScript");

diff --git a/trusted-types/trusted-types-createHTMLDocument.tentative.html b/trusted-types/trusted-types-createHTMLDocument.tentative.html
@@ -2,7 +2,7 @@
 <head>
   <script src="/resources/testharness.js"></script>
   <script src="/resources/testharnessreport.js"></script>
-  <meta http-equiv="Content-Security-Policy" content="trusted-types *">
+  <meta http-equiv="Content-Security-Policy" content="trusted-types * 'allow-duplicates'">
 </head>
 <body>
 <script>

diff --git a/trusted-types/trusted-types-duplicate-names.tentative.html b/trusted-types/trusted-types-duplicate-names.tentative.html
@@ -2,14 +2,24 @@
 <head>
   <script src="/resources/testharness.js"></script>
   <script src="/resources/testharnessreport.js"></script>
-  <meta http-equiv="Content-Security-Policy" content="trusted-types *">
+  <meta http-equiv="Content-Security-Policy"
+        content="trusted-types 'allow-duplicates' duplicatename default">
 </head>
 <body>
 <script>
 test(t => {
   // We expect neither of these to throw.
-  trustedTypes.createPolicy("duplicatename", {});
-  trustedTypes.createPolicy("duplicatename", {});
+  let a = trustedTypes.createPolicy("duplicatename", { createHTML: _ => "a" });
+  let b = trustedTypes.createPolicy("duplicatename", { createHTML: _ => "b" });
+
+  // Both should have worked. They should still be separate functions.
+  assert_not_equals(a, b);
+  assert_equals("" + a.createHTML(""), "a");
+  assert_equals("" + b.createHTML(""), "b");
+
+  let def = trustedTypes.createPolicy("default", {});
+  assert_throws(new TypeError(),
+                _ => trustedTypes.createPolicy("default", {}));
 }, "policy - duplicate names");
 </script>
 </body>