bower.json for polymer-resin and script to run tests

This requires a bunch of test fixup so that tests run via the
open-source web-component-tester without all of the directory
reworking and JS dependency glomming that the internal BUILD
web_component_test_suite rules do.

I also replace goog.module with goog.require because goog.module
for test suites requires a closure pass while goog.provide does not.

Polygerrit prefers bower to NPM for package management so I will
publish that way via
https://bower.io/docs/creating-packages/#register

The bower.json file was based on polymer/bower.json but without
the deprecated version line which is redundant with the version tag
name.
All the non-test dependencies are identical to that.
The polymer dependency version is the same as that used by
polygerrit-ui.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=154895606

a-tag-test.html

@@ -16,8 +16,11 @@
 <html>
 <head>
   <meta charset="utf-8">
-  <script src="imports.js"></script>
-  <link rel="import" href="polymer-resin/polymer-resin.html" />
+  <script src="/components/webcomponentsjs/webcomponents-lite.js"></script>
+  <script src="/components/web-component-tester/browser.js"></script>
+  <link rel="import" href="/components/polymer/polymer.html" />
+  <script src="polymer-resin.js"></script>
+  <script src="a-tag-test.js"></script>
   <title>A Tag Tests</title>
 </head>
 <body>

a-tag-test.js

@@ -12,10 +12,10 @@
  * http://polymer.github.io/PATENTS.txt
  */
 
-goog.module('a_tag_tests');
+goog.provide('a_tag_tests');
 
-var Const = goog.require('goog.string.Const');
-var SafeUrl = goog.require('goog.html.SafeUrl');
+goog.require('goog.html.SafeUrl');
+goog.require('goog.string.Const');
 
 suite(
     'ATagtests',
@@ -38,8 +38,8 @@ suite(
       });
 
       test('safe_url', function() {
-        toCheck.safeUrl = SafeUrl.fromConstant(
-            Const.from('javascript:safe()'));
+        toCheck.safeUrl = goog.html.SafeUrl.fromConstant(
+            goog.string.Const.from('javascript:safe()'));
 
         assert.equal(
             getA('a2').href,

attr-property-aliasing-test.html

@@ -16,8 +16,11 @@
 <html>
 <head>
   <meta charset="utf-8" />
-  <script src="imports.js"></script>
-  <link rel="import" href="polymer-resin/polymer-resin.html" />
+  <script src="/components/webcomponentsjs/webcomponents-lite.js"></script>
+  <script src="/components/web-component-tester/browser.js"></script>
+  <link rel="import" href="/components/polymer/polymer.html" />
+  <script src="polymer-resin.js"></script>
+  <script src="attr-property-aliasing-test.js"></script>
   <title>Attr Property Aliasing Tests</title>
 </head>
 <body>

attr-property-aliasing-test.js

@@ -12,10 +12,10 @@
  * http://polymer.github.io/PATENTS.txt
  */
 
-goog.module('security.polymer_resin.attr_property_aliasing_tests');
+goog.provide('security.polymer_resin.attr_property_aliasing_tests');
 
-var Const = goog.require('goog.string.Const');
-var SafeUrl = goog.require('goog.html.SafeUrl');
+goog.require('goog.html.SafeUrl');
+goog.require('goog.string.Const');
 
 suite(
     'AttrPropertyAliasingTests',
@@ -37,9 +37,10 @@ suite(
 
 
       var TYPED_STRING_TEXT = 'javascript:safe(this)';
-      var SAFE_ACTION = SafeUrl.fromConstant(Const.from(TYPED_STRING_TEXT));
+      var SAFE_ACTION = goog.html.SafeUrl.fromConstant(
+          goog.string.Const.from(TYPED_STRING_TEXT));
       var UNSAFE_ACTION = 'javascript:evil()';
-      var INNOCUOUS_ACTION = SafeUrl.INNOCUOUS_STRING;
+      var INNOCUOUS_ACTION = goog.html.SafeUrl.INNOCUOUS_STRING;
 
       test('innocuous_action_via_attribute', function() {
         buttons.setAttribute('action', '/safe');

bower.json

@@ -0,0 +1,45 @@
+{
+  "name": "polymer-resin",
+  "keywords": [
+    "polymer",
+    "webcomponents",
+    "security",
+    "xss"
+  ],
+  "description":
+  "XSS mitigation for Polymer webcomponents that uses safe html type contracts",
+
+  "homepage": "https://github.com/Polymer/polymer-resin",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Polymer/polymer-resin.git"
+  },
+
+  "authors": [
+    "The Polymer Authors (http://polymer.github.io/AUTHORS.txt)"
+  ],
+  "license": "http://polymer.github.io/LICENSE.txt",
+
+  "moduleType": "globals",
+  "main": [
+    "dist/npm_standalone.js"
+  ],
+  "ignore": [
+    "**/.*",
+    "**/*~",
+    "**/*.md",
+    "*-test.js",
+    "*-test.html",
+    "node_modules",
+    "bower_components"
+  ],
+
+  "dependencies": {
+    "polymer": "1.7.1",
+    "webcomponentsjs": "^0.7.24"
+  },
+  "devDependencies": {
+    "web-component-tester": "*",
+    "test-fixture": "PolymerElements/test-fixture#^1.0.0"
+  }
+}

classify-test.html

@@ -16,8 +16,11 @@
 <html>
 <head>
   <meta charset="utf-8">
-  <script src="imports.js"></script>
-  <link rel="import" href="polymer-resin/polymer-resin.html" />
+  <script src="/components/webcomponentsjs/webcomponents-lite.js"></script>
+  <script src="/components/web-component-tester/browser.js"></script>
+  <link rel="import" href="/components/polymer/polymer.html" />
+  <script src="polymer-resin.js"></script>
+  <script src="classify-test.js"></script>
   <title>Classify Tests</title>
 </head>
 <body>

classify-test.js

@@ -12,11 +12,10 @@
  * http://polymer.github.io/PATENTS.txt
  */
 
-goog.module('classify_tests');
+goog.provide('classify_tests');
 
-var CustomElementClassification =
-    goog.require('security.polymer_resin.CustomElementClassification');
-var classifyElement = goog.require('security.polymer_resin.classifyElement');
+goog.require('security.polymer_resin.CustomElementClassification');
+goog.require('security.polymer_resin.classifyElement');
 
 suite(
     'classify_tests',
@@ -32,7 +31,7 @@ suite(
         test('test ' + query,
              function () {
                var el = elements.querySelector(query);
-               var classification = classifyElement(
+               var classification = security.polymer_resin.classifyElement(
                    el.localName, el.constructor);
                assert.equal(
                    classification,
@@ -43,52 +42,52 @@ suite(
 
       assertClassification(
           '#link',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'b',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'table',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'tr',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'td',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'th',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'div',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'img',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'input',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'ul',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'li',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
 
       assertClassification(
           'blink',
-          CustomElementClassification.LEGACY);
+          security.polymer_resin.CustomElementClassification.LEGACY);
 
       assertClassification(
           'my-custom',
-          CustomElementClassification.CUSTOM);
+          security.polymer_resin.CustomElementClassification.CUSTOM);
       // Custom-builtin are classified as builtin because builtin
       // properties are own properties.
       // Calling code should check for the presence of is="...".
       assertClassification(
           '#mylink',
-          CustomElementClassification.BUILTIN);
+          security.polymer_resin.CustomElementClassification.BUILTIN);
       assertClassification(
           'un-registered',
-          CustomElementClassification.CUSTOMIZABLE);
+          security.polymer_resin.CustomElementClassification.CUSTOMIZABLE);
     });

computed-value-test.html

@@ -16,8 +16,11 @@
 <html>
 <head>
   <meta charset="utf-8" />
-  <script src="imports.js"></script>
-  <link rel="import" href="polymer-resin/polymer-resin.html" />
+  <script src="/components/webcomponentsjs/webcomponents-lite.js"></script>
+  <script src="/components/web-component-tester/browser.js"></script>
+  <link rel="import" href="/components/polymer/polymer.html" />
+  <script src="polymer-resin.js"></script>
+  <script src="computed-value-test.js"></script>
   <title>Computed Value Tests</title>
 </head>
 <body>

computed-value-test.js

@@ -19,9 +19,9 @@
  * and gets the computed value in time to reject unsafe values.
  */
 
-goog.module('security.polymer_resin.computed_value_tests');
+goog.provide('security.polymer_resin.computed_value_tests');
 
-var SafeUrl = goog.require('goog.html.SafeUrl');
+goog.require('goog.html.SafeUrl');
 
 suite(
     'ComputedValueTests',

custom-element-test.html

@@ -16,9 +16,12 @@
 <html>
 <head>
   <meta charset="utf-8">
-  <script src="imports.js"></script>
-  <link rel="import" href="polymer-resin/polymer-resin.html" />
-  <title>Custom Tag Tests</title>
+  <script src="/components/webcomponentsjs/webcomponents-lite.js"></script>
+  <script src="/components/web-component-tester/browser.js"></script>
+  <link rel="import" href="/components/polymer/polymer.html" />
+  <script src="polymer-resin.js"></script>
+  <script src="custom-element-test.js"></script>
+  <title>Custom Element Tests</title>
 </head>
 <body>
   <dom-module id="custom-tag">

custom-element-test.js

@@ -12,11 +12,11 @@
  * http://polymer.github.io/PATENTS.txt
  */
 
-goog.module('custom_element_tests');
+goog.provide('custom_element_tests');
 
-var Const = goog.require('goog.string.Const');
-var SafeStyle = goog.require('goog.html.SafeStyle');
-var SafeUrl = goog.require('goog.html.SafeUrl');
+goog.require('goog.html.SafeStyle');
+goog.require('goog.html.SafeUrl');
+goog.require('goog.string.Const');
 
 // This tests assignment to properties of a custom tag that are routed
 // throgh to elements of the shadow DOM.
@@ -93,9 +93,10 @@ suite(
       test('src_bad', function() {
         var jsUrl = 'javascript: evil :( "muhaha"  /*:*/)';
         customTag.src = jsUrl;
-        assert.equal(SafeUrl.INNOCUOUS_STRING,
+        assert.equal(goog.html.SafeUrl.INNOCUOUS_STRING,
                      decomposed.dynLink.href, 'a href dynamic');
-        assert.equal(SafeUrl.INNOCUOUS_STRING, decomposed.img.src, 'img src');
+        assert.equal(goog.html.SafeUrl.INNOCUOUS_STRING,
+                     decomposed.img.src, 'img src');
       });
 
       test('num_not_stringified_before_use', function() {
@@ -110,7 +111,8 @@ suite(
       });
 
       test('safe_css', function() {
-        customTag.css = SafeStyle.fromConstant(Const.from('color: red;'));
+        customTag.css = goog.html.SafeStyle.fromConstant(
+            goog.string.Const.from('color: red;'));
         assert.isOk(
             decomposed.outerDiv.style.cssText.indexOf('color') >= 0,
             decomposed.outerDiv.style.cssText);
@@ -124,8 +126,8 @@ suite(
       });
 
       test('safe_url_passed_to_plain_text_attribute', function() {
-        customTag.title = SafeUrl.fromConstant(
-            Const.from('http://example.com/'));
+        customTag.title = goog.html.SafeUrl.fromConstant(
+            goog.string.Const.from('http://example.com/'));
         assert.equal('http://example.com/', decomposed.img.alt);
       });
     });

identifier-test.html

@@ -16,8 +16,11 @@
 <html>
 <head>
   <meta charset="utf-8">
-  <script src="imports.js"></script>
-  <link rel="import" href="polymer-resin/polymer-resin.html" />
+  <script src="/components/webcomponentsjs/webcomponents-lite.js"></script>
+  <script src="/components/web-component-tester/browser.js"></script>
+  <link rel="import" href="/components/polymer/polymer.html" />
+  <script src="polymer-resin.js"></script>
+  <script src="identifier-test.js"></script>
   <script>
     security.polymer_resin.allowIdentifierWithPrefix('safe-');
   </script>

identifier-test.js

@@ -12,9 +12,9 @@
  * http://polymer.github.io/PATENTS.txt
  */
 
-goog.module('security.polymer_resin.identifier_test');
+goog.provide('security.polymer_resin.identifier_test');
 
-var Const = goog.require('goog.string.Const');
+goog.require('goog.string.Const');
 
 suite(
     'Identifier',
@@ -58,7 +58,7 @@ suite(
 
       test('allowed_constant', function() {
         // constant strings allowed
-        assertId('my-id', Const.from('my-id'));
+        assertId('my-id', goog.string.Const.from('my-id'));
       });
 
       test('disallowed', function() {

one-attr-binding-test.html

@@ -16,8 +16,11 @@
 <html>
 <head>
   <meta charset="utf-8">
-  <script src="imports.js"></script>
-  <link rel="import" href="polymer-resin/polymer-resin.html" />
+  <script src="/components/webcomponentsjs/webcomponents-lite.js"></script>
+  <script src="/components/web-component-tester/browser.js"></script>
+  <link rel="import" href="/components/polymer/polymer.html" />
+  <script src="polymer-resin.js"></script>
+  <script src="one-attr-binding-test.js"></script>
   <title>One Attr Binding Test</title>
 </head>
 <body>