sethtml-with-trustedtypes-immutable.tentative.html

Enable keyboard shortcuts

This test has a WPT meta file that expects 4 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /sanitizer-api/sethtml-with-trustedtypes-immutable.tentative.html - WPT Dashboard Interop Dashboard

<!doctype html>

<html>

  <head>

    <script src="/resources/testharness.js"></script>

    <script src="/resources/testharnessreport.js"></script>

    <script src="/trusted-types/support/helper.sub.js"></script>

    <meta

      http-equiv="Content-Security-Policy"

      content="require-trusted-types-for 'script';"

/>

  </head>

  <body>

    <div id="container"></div>

    <script>

      const container = document.querySelector("#container");

      // We have to replace this global because we are overriding the default policy from within the test.

      trustedTypes.createPolicy("default", {

        createHTML: (html) => html,

        createParserOptions: (options) => {

          options.modified = true;

          if (options.sanitizer instanceof Sanitizer) {

            options.sanitizer.removeElement("span");

            options.sanitizer.allowAttribute("id");

          } else if (

            options.sanitizer &&

            typeof options.sanitizer === "object"

) {

            options.sanitizer.removeElements = ["span"];

          return options;

},

});

      for (const method of ["setHTML", "setHTMLUnsafe"]) {

        test((t) => {

          let d = document.createElement("div");

          document.querySelector("#container").appendChild(d);

          t.add_cleanup(() => d.remove());

          const options = { sanitizer: {}, modified: false };

          d[method](

            "<div id='allowed'><span id=forbidden></span></div>",

            options,

);

          assert_false(

            options.modified,

            "trusted types policy should not modify given options",

);

          assert_false(

            "removeElements" in options.sanitizer,

            "trusted types policy should not modify sanitizer",

);

          assert_equals(d.querySelector("#forbidden"), null);

          assert_not_equals(d.querySelector("#allowed"), null);

        }, `${method}: createParserOptions doesn't mutate original object`);

        test((t) => {

          let d = document.createElement("div");

          document.querySelector("#container").appendChild(d);

          t.add_cleanup(() => d.remove());

          const options = { sanitizer: new Sanitizer() };

          d[method](

            "<div id=allowed><span id=forbidden></span></div>",

            options,

);

          assert_false(

            "removeElements" in options.sanitizer.get(),

            "trusted types policy should not modify sanitizer",

);

          assert_equals(d.querySelector("#forbidden"), null);

          assert_not_equals(d.querySelector("#allowed"), null);

        }, `${method}: createParserOptions doesn't mutate sanitizer object`);

    </script>

  </body>

</html>