part 9) Extend WPT to check sink value of "Document parseHTMLUnsafe".

One step towards fixing w3c/trusted-types#494. Differential Revision: https://phabricator.services.mozilla.com/D232363 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1907849 gecko-commit: c006cb26e155686ac4c27d2a0797ff2ce03e39a8 gecko-reviewers: smaug
web-platform-tests · Jan 14, 2025 · 77270dd · 77270dd
1 parent 13e2c9e
commit 77270dd
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/trusted-types/block-string-assignment-to-Document-parseHTMLUnsafe.html b/trusted-types/block-string-assignment-to-Document-parseHTMLUnsafe.html
@@ -7,6 +7,8 @@
   <script src="support/helper.sub.js"></script>
 
   <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
+
+  <link rel="help" href="https://html.spec.whatwg.org/#dom-parsehtmlunsafe">
 </head>
 <body>
 <script>
@@ -33,7 +35,12 @@
 
   // After default policy creation string assignment implicitly calls createHTML.
   test(t => {
-    let p = window.trustedTypes.createPolicy("default", { createHTML: createHTMLJS }, true);
+    let p = window.trustedTypes.createPolicy("default", { createHTML:
+      (value, _, sink) => {
+        assert_equals(sink, "Document parseHTMLUnsafe");
+        return createHTMLJS(value);
+      }
+    });
     let doc = Document.parseHTMLUnsafe(INPUTS.HTML);
     assert_equals(doc.body.innerText, RESULTS.HTML);
   }, "'Document.parseHTMLUnsafe(string)' assigned via default policy (successful HTML transformation).");