part 6) Add javascript-url navigation via form-submission tests for T…

…rusted Types. Differential Revision: https://phabricator.services.mozilla.com/D223596 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1921008 gecko-commit: 999a70cf9b2dcc6fc81fc8fbe9f7a811f6056db5 gecko-reviewers: tschuster
web-platform-tests · Oct 15, 2024 · 4db7dc6 · 4db7dc6
1 parent 8a386d2
commit 4db7dc6
Show file tree

Hide file tree

Showing 4 changed files with 160 additions and 88 deletions.
diff --git a/trusted-types/support/navigation-report-only-support.html b/trusted-types/support/navigation-report-only-support.html
@@ -5,6 +5,9 @@
 <body>
 <p>Support page for trusted-types-navigation-report-only.*.html tests.</p>
 <a id="anchor" href="#">link</a>
+<form>
+  <input id="submit" type="submit">
+</form>
 <script>
   navigateToJavascriptURL(/* aReportOnly */ true);
 </script>

diff --git a/trusted-types/support/navigation-support.html b/trusted-types/support/navigation-support.html
@@ -5,6 +5,9 @@
 <body>
 <p>Support page for trusted-types-navigation.*.html tests.</p>
 <a id="anchor" href="#">link</a>
+<form>
+  <input id="submit" type="submit">
+</form>
 <script>
   navigateToJavascriptURL(/* aReportOnly */ false);
 </script>

diff --git a/trusted-types/support/navigation-support.js b/trusted-types/support/navigation-support.js
@@ -1,20 +1,24 @@
 const kNavigationAttempted = "navigationattempted=1";
 
 function navigateToJavascriptURL(reportOnly) {
-    const params = new URLSearchParams(location.search);
+    let params = new URLSearchParams(location.search);
+
     if (!!params.get("defaultpolicy")) {
-      trustedTypes.createPolicy("default", {
-          createScript: s => s.replace("continue", "defaultpolicywashere"),
-      });
+        trustedTypes.createPolicy("default", {
+            createScript: s => {
+                return s.replace("continue", "defaultpolicywashere")
+            },
+        });
     }
 
     function bounceEventToOpener(e) {
-      const msg = {};
-      for (const field of ["effectiveDirective", "sample", "type"]) {
-        msg[field] = e[field];
-      }
-      msg["uri"] = location.href;
-      window.opener.postMessage(msg, "*");
+        const msg = {};
+        for (const field of ["effectiveDirective", "sample", "type"]) {
+            msg[field] = e[field];
+        }
+
+        msg["uri"] = location.href;
+        window.opener.postMessage(msg, "*");
     }
 
     // If a navigation is blocked by Trusted Types, we expect this window to
@@ -29,27 +33,43 @@ function navigateToJavascriptURL(reportOnly) {
         // Navigate to the non-report-only version of the test. That has the same
         // event listening setup as this, but is a different target URI.
         target_script = `location.href='${location.href.replace("-report-only", "") +
-            (location.href.includes("?") ? "&" : "?") + kNavigationAttempted + "&continue"}';`;
+            (location.href.endsWith(".html") ? "?" : "&") + kNavigationAttempted + "&continue"}';`;
     } else {
         // We'll use a javascript:-url to navigate to ourselves, so that we can
         // re-use the messageing mechanisms above.
         target_script = `location.href='${location.href + "&" + kNavigationAttempted}&continue';`;
     }
-    const target = `javascript:${target_script}`;
 
-    const anchor = document.getElementById("anchor");
-    anchor.href = target;
+    function getAndPreparareNavigationElement(javaScriptURL) {
+        let target = "_self";
+        if (!!params.get("frame")) {
+            const frame = document.createElement("iframe");
+            frame.src = "frame-without-trusted-types.html";
+            frames.name = "frame";
+            document.body.appendChild(frame);
+            target = "frame";
+        }
+
+        if (!!params.get("form-submission")) {
+            const submit = document.getElementById("submit");
 
-    if (!!params.get("frame")) {
-      const frame = document.createElement("iframe");
-      frame.src = "frame-without-trusted-types.html";
-      frames.name = "frame";
-      document.body.appendChild(frame);
-      anchor.target = "frame";
+            // Careful, the IDL attributes are defined in camel-case.
+            submit.formAction = javaScriptURL;
+            submit.formTarget = target;
+
+            return submit;
+        }
+
+        const anchor = document.getElementById("anchor");
+        anchor.href = javaScriptURL;
+        anchor.target = target;
+        return anchor;
     }
 
+    const navigationElement = getAndPreparareNavigationElement(`javascript:${target_script}`);
+
     // Prevent loops.
     if (!location.search.includes(kNavigationAttempted)) {
-      document.addEventListener("DOMContentLoaded", _ => anchor.click());
+       document.addEventListener("DOMContentLoaded", _ => navigationElement.click());
     }
 }
diff --git a/trusted-types/trusted-types-navigation.html b/trusted-types/trusted-types-navigation.html
@@ -6,6 +6,8 @@
 </head>
 <body>
 <script>
+  "use strict";
+
   function expectMessage(filter) {
     return new Promise(resolve => {
 
@@ -50,72 +52,116 @@
     test.add_cleanup(_ => win.close());
   }
 
-  promise_test(t => {
-    openWindow(t, "support/navigation-support.html");
-    return Promise.all([
-      expectLoadedAsMessage("navigation-support.html"),
-      expectViolationAsMessage("Location href"),
-    ]);
-  }, "Navigate a window with javascript:-urls in enforcing mode.");
-
-  promise_test(t => {
-    openWindow(t, "support/navigation-support.html?defaultpolicy=1");
-    return Promise.all([
-      expectLoadedAsMessage("navigation-support.html?defaultpolicy=1"),
-      expectLoadedAsMessage("navigation-support.html?defaultpolicy=1&" + kNavigationAttempted + "&defaultpolicywashere"),
-    ]);
-  }, "Navigate a window with javascript:-urls w/ default policy in enforcing mode.");
-
-  promise_test(t => {
-    const page = "navigation-report-only-support.html"
-    openWindow(t, `support/${page}`);
-    return Promise.all([
-      expectLoadedAsMessage(page),
-      expectLoadedAsMessage("navigation-support.html?" + kNavigationAttempted + "&continue"),
-    ]);
-  }, "Navigate a window with javascript:-urls in report-only mode.");
-
-  promise_test(t => {
-    const page = "navigation-report-only-support.html?defaultpolicy=1";
-    openWindow(t, `support/${page}`);
-    return Promise.all([
-      expectLoadedAsMessage(page),
-      expectLoadedAsMessage("navigation-support.html?defaultpolicy=1&" + kNavigationAttempted + "&defaultpolicywashere"),
-    ]);
-  }, "Navigate a window with javascript:-urls w/ default policy in report-only mode.");
-
-  promise_test(t => {
-    openWindow(t, "support/navigation-support.html?frame=1");
-    return Promise.all([
-      expectLoadedAsMessage("navigation-support.html?frame=1"),
-      expectViolationAsMessage("Location href"),
-    ]);
-  }, "Navigate a frame with javascript:-urls in enforcing mode.");
-
-  promise_test(t => {
-    openWindow(t, "support/navigation-support.html?defaultpolicy=1&frame=1");
-    return Promise.all([
-      expectLoadedAsMessage("navigation-support.html?defaultpolicy=1&frame=1"),
-      expectLoadedAsMessage("navigation-support.html?defaultpolicy=1&frame=1&" + kNavigationAttempted + "&defaultpolicywashere"),
-    ]);
-  }, "Navigate a frame with javascript:-urls w/ default policy in enforcing mode.");
-
-  promise_test(t => {
-    const page = "navigation-report-only-support.html?frame=1"
-    openWindow(t, `support/${page}`);
-    return Promise.all([
-      expectLoadedAsMessage(page),
-      expectLoadedAsMessage("navigation-support.html?frame=1&" + kNavigationAttempted + "&continue"),
-    ]);
-  }, "Navigate a frame with javascript:-urls in report-only mode.");
-
-  promise_test(t => {
-    const page = "navigation-report-only-support.html?defaultpolicy=1&frame=1";
-    openWindow(t, `support/${page}`);
-    return Promise.all([
-      expectLoadedAsMessage(page),
-      expectLoadedAsMessage("navigation-support.html?defaultpolicy=1&frame=1&" + kNavigationAttempted + "&defaultpolicywashere"),
-    ]);
-  }, "Navigate a frame with javascript:-urls w/ default policy in report-only mode.");
+  const kFormSubmission = "form-submission";
+  // When adding more elements, adapt all functions consuming the existing elements.
+  const kNavigationElements =
+  [
+    "anchor",
+    kFormSubmission,
+  ];
+
+  function maybeAddFormSubmissionToSearchParams(navigationElement, searchParams) {
+    return (navigationElement == kFormSubmission) ?
+      [kFormSubmission + "=1", ...searchParams] : searchParams;
+  }
+
+  function joinToHref(searchParams, originAndPathName) {
+    if (searchParams.length > 0) {
+      return originAndPathName + "?" + searchParams.join("&");
+    }
+
+    return originAndPathName;
+  }
+
+  for (const navigationElement of kNavigationElements) {
+    promise_test(t => {
+      const page = joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement, []),
+        "navigation-support.html");
+      openWindow(t, `support/${page}`);
+      return Promise.all([
+        expectLoadedAsMessage(page),
+        expectViolationAsMessage("Location href"),
+      ]);
+    }, `Navigate a window via ${navigationElement} with javascript:-urls in enforcing mode.`);
+
+    promise_test(t => {
+      const page = joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement, ["defaultpolicy=1"]),
+        "navigation-support.html");
+      openWindow(t, `support/${page}`);
+      return Promise.all([
+        expectLoadedAsMessage(page),
+        expectLoadedAsMessage(page + "&" + kNavigationAttempted + "&defaultpolicywashere"),
+      ]);
+    }, `Navigate a window via ${navigationElement} with javascript:-urls w/ default policy in enforcing mode.`);
+
+    promise_test(t => {
+      const page = joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement, []),
+        "navigation-report-only-support.html");
+      openWindow(t, `support/${page}`);
+      return Promise.all([
+        expectLoadedAsMessage(page),
+        expectLoadedAsMessage(joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement,
+          [kNavigationAttempted, "continue"]), "navigation-support.html")),
+      ]);
+    }, `Navigate a window via ${navigationElement} with javascript:-urls in report-only mode.`);
+
+    promise_test(t => {
+      const page = joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement, ["defaultpolicy=1"]),
+        "navigation-report-only-support.html");
+      openWindow(t, `support/${page}`);
+      return Promise.all([
+        expectLoadedAsMessage(page),
+        expectLoadedAsMessage(joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement,
+            ["defaultpolicy=1", kNavigationAttempted, "defaultpolicywashere"]),
+          "navigation-support.html")),
+      ]);
+    }, `Navigate a window via ${navigationElement} with javascript:-urls w/ default policy in report-only mode.`);
+
+    promise_test(t => {
+      const page = joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement, ["frame=1"]),
+        "navigation-support.html");
+      openWindow(t, `support/${page}`);
+      return Promise.all([
+        expectLoadedAsMessage(page),
+        expectViolationAsMessage("Location href"),
+      ]);
+    }, `Navigate a frame via ${navigationElement} with javascript:-urls in enforcing mode.`);
+
+    promise_test(t => {
+      const page = joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement,
+          ["defaultpolicy=1", "frame=1"]),
+        "navigation-support.html");
+      openWindow(t, `support/${page}`);
+      return Promise.all([
+        expectLoadedAsMessage(page),
+        expectLoadedAsMessage(page + "&" + kNavigationAttempted + "&defaultpolicywashere"),
+      ]);
+    }, `Navigate a frame via ${navigationElement} with javascript:-urls w/ default policy in enforcing mode.`);
+
+    promise_test(t => {
+      const page = joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement, ["frame=1"]),
+        "navigation-report-only-support.html");
+      openWindow(t, `support/${page}`);
+      return Promise.all([
+        expectLoadedAsMessage(page),
+        expectLoadedAsMessage(joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement,
+            ["frame=1", kNavigationAttempted, "continue"]),
+          "navigation-support.html")),
+      ]);
+    }, `Navigate a frame via ${navigationElement} with javascript:-urls in report-only mode.`);
+
+    promise_test(t => {
+      const page = joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement,
+          ["defaultpolicy=1", "frame=1"]),
+          "navigation-report-only-support.html");
+      openWindow(t, `support/${page}`);
+      return Promise.all([
+        expectLoadedAsMessage(page),
+        expectLoadedAsMessage(joinToHref(maybeAddFormSubmissionToSearchParams(navigationElement,
+            ["defaultpolicy=1", "frame=1", kNavigationAttempted, "defaultpolicywashere"]),
+          "navigation-support.html")),
+      ]);
+    }, `Navigate a frame via ${navigationElement} with javascript:-urls w/ default policy in report-only mode.`);
+  }
 </script>
 </body>