Bug 1556384 [wpt PR 17135] - [Trusted Types] Handle Trusted Types in xlink:href for SVG elements., a=testonly

Automatic update from web-platform-tests
[Trusted Types] Handle Trusted Types in xlink:href for SVG elements.

Bug: 933300
Change-Id: I58e72faa9f5cdbd0390c84842cc5d5641d0b7d21
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1634880
Reviewed-by: Fredrik Söderquist <fs@opera.com>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#670100}

--

wpt-commits: f64ccd6f3956e0d593393a4868838c9489928882
wpt-pr: 17135

testing/web-platform/tests/trusted-types/Element-setAttributeNS.tentative.html

@@ -21,4 +21,15 @@
     test(t => {
       assert_element_accepts_trusted_url_set_ns(window, '3', t, 'a', 'b', RESULTS.URL);
     }, "Element.setAttributeNS assigned via policy (successful URL transformation)");
+
+    test(t => {
+      let p = createURL_policy(window, '5');
+      let url = p.createURL(INPUTS.URL);
+
+      let elem = document.createElementNS("http://www.w3.org/2000/svg", "image");
+      elem.setAttributeNS("http://www.w3.org/1999/xlink", "href", url);
+      let attr_node = elem.getAttributeNodeNS("http://www.w3.org/1999/xlink", "href");
+      assert_equals(attr_node.value + "", RESULTS.URL);
+    }, "Element.setAttributeNS accepts a URL on <svg:image xlink:href/>");
+
 </script>

testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttributeNS.tentative.html

@@ -25,11 +25,110 @@
       assert_element_accepts_trusted_url_set_ns(window, '3', t, 'a', 'b', RESULTS.URL);
     }, "Element.setAttributeNS assigned via policy (successful URL transformation)");
 
+    // Unknown, namespaced attributes should not be TT checked:
     test(t => {
-      assert_throws_no_trusted_type_set_ns('a', 'b', 'A string');
+      assert_element_accepts_non_trusted_type_set_ns('a', 'b', 'A string', 'A string');
-    }, "`Element.setAttributeNS = string` throws");
+    }, "Element.setAttributeNS accepts untrusted string for non-specced accessor");
 
     test(t => {
-      assert_throws_no_trusted_type_set_ns('a', 'b', null);
+      assert_element_accepts_non_trusted_type_set_ns('a', 'b', null, 'null');
-    }, "`Element.setAttributeNS = null` throws");
+    }, "Element.setAttributeNS accepts null for non-specced accessor");
+
+    // Setup trusted values for use in subsequent tests.
+    const url = createURL_policy(window, '4').createURL(INPUTS.URL);
+    const script_url = createScriptURL_policy(window, '5').createScriptURL(INPUTS.ScriptURL);
+    const html = createHTML_policy(window, '6').createHTML(INPUTS.HTML);
+    const script = createScript_policy(window, '7').createScript(INPUTS.Script);
+
+    // SVG elements that use xlink:href (SVGURIReference) and that expect
+    // TrustedURL.
+    // There a number of affected elements, and there are several ways to set
+    // a namespaced attribute. Let's iterate over all combinations.
+    // TODO(vogelheim): Also SMIL timed elements.
+    const xlink = "http://www.w3.org/1999/xlink";
+    const svg = "http://www.w3.org/2000/svg";
+    const elems = [ "a", "feImage", "filter", "image", "linearGradient",
+                    "mpath", "pattern", "radialGradient", "textPath", "use" ];
+
+    // There are multiple ways to set a namespaced attribute. Let's encapsulate
+    // each in a function.
+    const variants = {
+      "setAttributeNS with prefix": (element_name, value) => {
+        let elem = document.createElementNS(svg, element_name);
+        elem.setAttributeNS(xlink, "xlink:href", value);
+        return elem;
+      },
+      "setAttributeNS without prefix": (element_name, value) => {
+        let elem = document.createElementNS(svg, element_name);
+        elem.setAttributeNS(xlink, "href", value);
+        return elem;
+      },
+      "setAttribute with prefix": (element_name, value) => {
+        let elem = document.createElementNS(svg, element_name);
+        // Create the namespaced attribute with setAttributeNS. Then refer
+        // to it with the prefix in setAttribute. This test will break
+        // if either setAttributeNS or setAttribtue functionality it broken.
+        elem.setAttributeNS(xlink, "xlink:href", url);
+        elem.setAttribute("xlink:href", value);
+        return elem;
+      }
+    };
+    for (const e of elems) {
+      for (const variant in variants) {
+        // Assigning a TrustedURL works.
+        test(t => {
+          let elem = variants[variant](e, url);
+          assert_equals("" + RESULTS.URL,
+                        elem.getAttributeNodeNS(xlink, "href").value);
+        }, "Assigning TrustedURL to <svg:" + e + "> works via " + variant);
+
+        // Assigning things that ought to not work.
+        const values = ["abc", null, script_url, html, script];
+        values.forEach((value, index) => {
+          test(t => {
+            assert_throws(new TypeError(), _ => { variants[variant](e, value); });
+          }, "Blocking non-TrustedURL assignment to <svg:" + e + "> via " +
+             variant + " value no " + index);
+        });
+      }
+    }
+
+    // Test 'synchronization' of 'xlink:href'.
+    test(t => {
+      // ..setAttribute("xlink:href") will behave differently, depending on
+      // whether the element already has an attribute by that name. Make sure
+      // that Trusted Type handling respects that difference.
+
+      // Case 1: "xlink:href" on an empty element: This is an unknown attribute
+      // not processed by SVG, and string assignment should work.
+      let elem1 = document.createElementNS(svg, "a");
+      elem1.setAttribute("xlink:href", "abc");
+
+      // Case 2: "xlink:href", after a namespaced attribute has been set: Now
+      // this mirrors the SVG attribute, and string assignment should fail.
+      let elem2 = document.createElementNS(svg, "a");
+      elem2.setAttributeNS(xlink, "xlink:href", url);
+      assert_throws(new TypeError(), _ => {
+        elem2.setAttribute("xlink:href", "abc");
+      });
+    }, "Test synchronized, namespaced attributes.");
+
+    // svg:script xlink:href=... expects a TrustedScriptURL.
+    let elem = document.createElementNS(svg, "script");
+    // Assigning a TrustedScriptURL works.
+    test(t => {
+      elem.setAttributeNS(xlink, "href", script_url);
+      assert_equals("" + RESULTS.ScriptURL,
+                    elem.getAttributeNodeNS(xlink, "href").value);
+    }, "Assigning TrustedScriptURL to <svg:script xlink:href=...> works");
+
+    // Assigning things that ought to not work.
+    test(t => {
+      const values = [ "abc", null, url, html, script ];
+      for (const v of values) {
+        assert_throws(new TypeError(), _ => {
+          elem.setAttributeNS(xlink, "href", v);
+        });
+      }
+    }, "Blocking non-TrustedScriptURL assignment to <svg:script xlink:href=...> works");
 </script>