part 9) Extend WPT to check sink value of "Document parseHTMLUnsafe".

One step towards fixing w3c/trusted-types#494. Differential Revision: https://phabricator.services.mozilla.com/D232363 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1907849 gecko-commit: cb3e58c8b7ff8d78bfab512fae053cc7de5d787b gecko-reviewers: smaug
web-platform-tests · Dec 18, 2024 · 902982a · 902982a
1 parent ea4394f
commit 902982a
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/trusted-types/block-string-assignment-to-Document-parseHTMLUnsafe.html b/trusted-types/block-string-assignment-to-Document-parseHTMLUnsafe.html
@@ -7,6 +7,8 @@
   <script src="support/helper.sub.js"></script>
 
   <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
+
+  <link rel="help" href="https://html.spec.whatwg.org/#dom-parsehtmlunsafe">
 </head>
 <body>
 <script>
@@ -33,7 +35,12 @@
 
   // After default policy creation string assignment implicitly calls createHTML.
   test(t => {
-    let p = window.trustedTypes.createPolicy("default", { createHTML: createHTMLJS }, true);
+    let p = window.trustedTypes.createPolicy("default", { createHTML:
+      (value, _, sink) => {
+        assert_equals(sink, "Document parseHTMLUnsafe");
+        return createHTMLJS(value);
+      }
+    });
     let doc = Document.parseHTMLUnsafe(INPUTS.HTML);
     assert_equals(doc.body.innerText, RESULTS.HTML);
   }, "'Document.parseHTMLUnsafe(string)' assigned via default policy (successful HTML transformation).");