From 3bd4d23a3512dd10116a5d413a1b8a2b4113db4b Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Wed, 31 Jan 2024 15:13:34 +0100
Subject: [PATCH 01/10] Add test for importing a `srcdoc` attribute node from a
 non-TT realm to a TT iframe element throws

First step to fix <https://github.com/w3c/trusted-types/issues/425>.

Will add separate commits for the other tests requested at above ticket.
---
 ...ng-assignment-to-Element-setAttribute.html | 19 +++++++++++++++++++
 ...ut-trusted-types-and-srcdoc-attribute.html |  5 +++++
 2 files changed, 24 insertions(+)
 create mode 100644 trusted-types/support/document-without-trusted-types-and-srcdoc-attribute.html

diff --git a/trusted-types/block-string-assignment-to-Element-setAttribute.html b/trusted-types/block-string-assignment-to-Element-setAttribute.html
index 295890f319a482..e2421e4c8d18a9 100644
--- a/trusted-types/block-string-assignment-to-Element-setAttribute.html
+++ b/trusted-types/block-string-assignment-to-Element-setAttribute.html
@@ -8,6 +8,7 @@
   <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
 </head>
 <body>
+<iframe id="sourceFrame" src="support/document-without-trusted-types-and-srcdoc-attribute.html"></iframe>
 <script>
   const nullPolicy = trustedTypes.createPolicy('NullPolicy', {createScript: s => s});
 
@@ -125,4 +126,22 @@
 
     assert_equals(script.getAttribute('src'), RESULTS.SCRIPTURL);
   }, "`script.src = setAttributeNode(embed.src)` with string works.");
+
+  async_test(t => {
+    const sourceFrame = document.getElementById("sourceFrame");
+    const targetFrame = document.createElement("iframe");
+    document.body.append(targetFrame);
+
+    t.add_cleanup(() => {
+      targetFrame.remove();
+      sourceFrame.contentWindow.location.reload();
+    });
+
+    sourceFrame.addEventListener("load", t.step_func_done(() => {
+      const div = sourceFrame.contentDocument.body.firstChild;
+      const attrNode = div.getAttributeNode("srcdoc");
+      div.removeAttributeNode(attrNode);
+      assert_throws_js(TypeError, () => { targetFrame.setAttributeNode(attrNode); });
+    }, { once: true }));
+  }, "Importing a `srcdoc` attribute node created in a non-TT enforcing realm to an iframe throws.")
 </script>
diff --git a/trusted-types/support/document-without-trusted-types-and-srcdoc-attribute.html b/trusted-types/support/document-without-trusted-types-and-srcdoc-attribute.html
new file mode 100644
index 00000000000000..ab453d3094fd9a
--- /dev/null
+++ b/trusted-types/support/document-without-trusted-types-and-srcdoc-attribute.html
@@ -0,0 +1,5 @@
+<!DOCTYPE html>
+<head>
+  <meta charset="utf-8">
+</head>
+<body><div srcdoc="v"></div>doc without TT</body>

From d120fc843fae3f026ca2f0ed271967da21407a23 Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Thu, 1 Feb 2024 10:44:09 +0100
Subject: [PATCH 02/10] Schedule the new test before a default policy is
 created and simplify the new test

---
 ...ng-assignment-to-Element-setAttribute.html | 50 +++++++++++--------
 ...ut-trusted-types-and-srcdoc-attribute.html |  5 --
 2 files changed, 30 insertions(+), 25 deletions(-)
 delete mode 100644 trusted-types/support/document-without-trusted-types-and-srcdoc-attribute.html

diff --git a/trusted-types/block-string-assignment-to-Element-setAttribute.html b/trusted-types/block-string-assignment-to-Element-setAttribute.html
index e2421e4c8d18a9..4a78ab33a77746 100644
--- a/trusted-types/block-string-assignment-to-Element-setAttribute.html
+++ b/trusted-types/block-string-assignment-to-Element-setAttribute.html
@@ -8,9 +8,9 @@
   <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
 </head>
 <body>
-<iframe id="sourceFrame" src="support/document-without-trusted-types-and-srcdoc-attribute.html"></iframe>
 <script>
-  const nullPolicy = trustedTypes.createPolicy('NullPolicy', {createScript: s => s});
+  const nullPolicy = trustedTypes.createPolicy('NullPolicy', {createScript: s => s,
+    createHTML: s => s});
 
   // TrustedScriptURL Assignments
   const scriptURLTestCases = [
@@ -67,6 +67,34 @@
     assert_equals(el.src, '');
   }, "`Script.prototype.setAttribute.SrC = string` throws.");
 
+  async_test(t => {
+    const sourceFrame = document.createElement("iframe");
+    sourceFrame.srcdoc = nullPolicy.createHTML(
+    `<!DOCTYPE html>
+    <head>
+    <meta charset="utf-8">
+    </head>
+    <body><div srcdoc="v"></div>doc without TT</body>`);
+
+    const targetFrame = document.createElement("iframe");
+    document.body.append(targetFrame);
+
+    t.add_cleanup(() => {
+      targetFrame.remove();
+      sourceFrame.remove();
+    });
+
+    sourceFrame.addEventListener("load", t.step_func_done(() => {
+      const div = sourceFrame.contentDocument.body.firstChild;
+      const attrNode = div.getAttributeNode("srcdoc");
+      div.removeAttributeNode(attrNode);
+      assert_throws_js(TypeError, () => { targetFrame.setAttributeNode(attrNode); });
+    }, { once: true }));
+
+    document.body.append(sourceFrame);
+
+  }, "Importing a `srcdoc` attribute node created in a non-TT enforcing realm to an iframe throws.");
+
   // After default policy creation string and null assignments implicitly call createXYZ
   let p = window.trustedTypes.createPolicy("default", { createScriptURL: createScriptURLJS, createHTML: createHTMLJS, createScript: createScriptJS }, true);
   scriptURLTestCases.forEach(c => {
@@ -126,22 +154,4 @@
 
     assert_equals(script.getAttribute('src'), RESULTS.SCRIPTURL);
   }, "`script.src = setAttributeNode(embed.src)` with string works.");
-
-  async_test(t => {
-    const sourceFrame = document.getElementById("sourceFrame");
-    const targetFrame = document.createElement("iframe");
-    document.body.append(targetFrame);
-
-    t.add_cleanup(() => {
-      targetFrame.remove();
-      sourceFrame.contentWindow.location.reload();
-    });
-
-    sourceFrame.addEventListener("load", t.step_func_done(() => {
-      const div = sourceFrame.contentDocument.body.firstChild;
-      const attrNode = div.getAttributeNode("srcdoc");
-      div.removeAttributeNode(attrNode);
-      assert_throws_js(TypeError, () => { targetFrame.setAttributeNode(attrNode); });
-    }, { once: true }));
-  }, "Importing a `srcdoc` attribute node created in a non-TT enforcing realm to an iframe throws.")
 </script>
diff --git a/trusted-types/support/document-without-trusted-types-and-srcdoc-attribute.html b/trusted-types/support/document-without-trusted-types-and-srcdoc-attribute.html
deleted file mode 100644
index ab453d3094fd9a..00000000000000
--- a/trusted-types/support/document-without-trusted-types-and-srcdoc-attribute.html
+++ /dev/null
@@ -1,5 +0,0 @@
-<!DOCTYPE html>
-<head>
-  <meta charset="utf-8">
-</head>
-<body><div srcdoc="v"></div>doc without TT</body>

From 2c2ea1996a6d759ed20a3aa1c8d795dc7cf22552 Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Thu, 1 Feb 2024 12:30:08 +0100
Subject: [PATCH 03/10] Move test to
 <block-string-assignment-to-Element-setAttributeNode.html> and further
 simplify it

---
 ...ng-assignment-to-Element-setAttribute.html | 31 +-------------
 ...ssignment-to-Element-setAttributeNode.html | 42 +++++++++++++++++++
 2 files changed, 43 insertions(+), 30 deletions(-)
 create mode 100644 trusted-types/block-string-assignment-to-Element-setAttributeNode.html

diff --git a/trusted-types/block-string-assignment-to-Element-setAttribute.html b/trusted-types/block-string-assignment-to-Element-setAttribute.html
index 4a78ab33a77746..295890f319a482 100644
--- a/trusted-types/block-string-assignment-to-Element-setAttribute.html
+++ b/trusted-types/block-string-assignment-to-Element-setAttribute.html
@@ -9,8 +9,7 @@
 </head>
 <body>
 <script>
-  const nullPolicy = trustedTypes.createPolicy('NullPolicy', {createScript: s => s,
-    createHTML: s => s});
+  const nullPolicy = trustedTypes.createPolicy('NullPolicy', {createScript: s => s});
 
   // TrustedScriptURL Assignments
   const scriptURLTestCases = [
@@ -67,34 +66,6 @@
     assert_equals(el.src, '');
   }, "`Script.prototype.setAttribute.SrC = string` throws.");
 
-  async_test(t => {
-    const sourceFrame = document.createElement("iframe");
-    sourceFrame.srcdoc = nullPolicy.createHTML(
-    `<!DOCTYPE html>
-    <head>
-    <meta charset="utf-8">
-    </head>
-    <body><div srcdoc="v"></div>doc without TT</body>`);
-
-    const targetFrame = document.createElement("iframe");
-    document.body.append(targetFrame);
-
-    t.add_cleanup(() => {
-      targetFrame.remove();
-      sourceFrame.remove();
-    });
-
-    sourceFrame.addEventListener("load", t.step_func_done(() => {
-      const div = sourceFrame.contentDocument.body.firstChild;
-      const attrNode = div.getAttributeNode("srcdoc");
-      div.removeAttributeNode(attrNode);
-      assert_throws_js(TypeError, () => { targetFrame.setAttributeNode(attrNode); });
-    }, { once: true }));
-
-    document.body.append(sourceFrame);
-
-  }, "Importing a `srcdoc` attribute node created in a non-TT enforcing realm to an iframe throws.");
-
   // After default policy creation string and null assignments implicitly call createXYZ
   let p = window.trustedTypes.createPolicy("default", { createScriptURL: createScriptURLJS, createHTML: createHTMLJS, createScript: createScriptJS }, true);
   scriptURLTestCases.forEach(c => {
diff --git a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
new file mode 100644
index 00000000000000..d22e0ba56a04c6
--- /dev/null
+++ b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
+<title>trusted-types (TT): setAttributeNode with node from non-TT realm</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<script>
+const passThroughPolicy = trustedTypes.createPolicy("passThrough", { createHTML: s => s });
+
+async_test(t => {
+const sourceFrame = document.createElement("iframe");
+sourceFrame.srcdoc = passThroughPolicy.createHTML(
+`<!DOCTYPE html>
+<head>
+<meta charset="utf-8">
+</head>
+<body><div srcdoc="v"></div>doc without TT</body>`);
+
+const targetFrame = document.createElement("iframe");
+document.body.append(targetFrame);
+
+t.add_cleanup(() => {
+    targetFrame.remove();
+    sourceFrame.remove();
+});
+
+sourceFrame.addEventListener("load", t.step_func_done(() => {
+const div = sourceFrame.contentDocument.body.firstChild;
+const attrNode = div.getAttributeNode("srcdoc");
+div.removeAttributeNode(attrNode);
+assert_throws_js(TypeError, () => { targetFrame.setAttributeNode(attrNode); }); }));
+
+document.body.append(sourceFrame);
+
+}, "Importing a `srcdoc` attribute node created in a non-TT enforcing realm to an iframe throws.");
+</script>
+</body>
+</html>

From aeed729ca7b4416c2174c8a1a9744c8182c40c13 Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Thu, 1 Feb 2024 12:49:12 +0100
Subject: [PATCH 04/10] Add TODO

---
 .../block-string-assignment-to-Element-setAttributeNode.html   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
index d22e0ba56a04c6..cfdb8620ad9027 100644
--- a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
+++ b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
@@ -11,6 +11,9 @@
 <script>
 const passThroughPolicy = trustedTypes.createPolicy("passThrough", { createHTML: s => s });
 
+// TODO: add tests for the other cases mentioned at
+// https://github.com/w3c/trusted-types/pull/418/files#diff-40cc3a1ba233cc3ca7b6d5873260da9676f6ae20bb897b62f7871c80d0bda4e9R1128-R1134
+
 async_test(t => {
 const sourceFrame = document.createElement("iframe");
 sourceFrame.srcdoc = passThroughPolicy.createHTML(

From f484397e7e01970864b361371c3edd718a5f9f7a Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Thu, 1 Feb 2024 14:54:42 +0100
Subject: [PATCH 05/10] Add remaining tests for the DOM integration of TT when
 attribute nodes created in a non-TT enforcing realm are imported to a
 TT-enforcing realm

See
<https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation>.

This excludes tests for
<https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-event-handler-content-attributes>
which will have to be added once that part of the spec is propagated to
the HTML spec.

The remaining tests mentioned at
<https://github.com/w3c/trusted-types/issues/425#issue-2100418157> will be added in
separate commits.
---
 ...ssignment-to-Element-setAttributeNode.html | 79 +++++++++++++------
 1 file changed, 55 insertions(+), 24 deletions(-)

diff --git a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
index cfdb8620ad9027..14d8ef886ee89b 100644
--- a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
+++ b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
@@ -8,38 +8,69 @@
 <script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
+<div id="nonSVGTestElements">
+    <iframe srcdoc="v"></iframe>
+    <embed src="v">
+    <script src="v"></script>
+    <object data="v"></object>
+    <object codebase="v"></object>
+</div>
+<svg id="svgTestElements">
+    <script href="v"></script>
+    <script xlink:href="v"></script>
+</svg>
 <script>
-const passThroughPolicy = trustedTypes.createPolicy("passThrough", { createHTML: s => s });
+    const passThroughPolicy = trustedTypes.createPolicy("passThrough", { createHTML: s => s });
 
-// TODO: add tests for the other cases mentioned at
-// https://github.com/w3c/trusted-types/pull/418/files#diff-40cc3a1ba233cc3ca7b6d5873260da9676f6ae20bb897b62f7871c80d0bda4e9R1128-R1134
+    function runTest(aTestElement) {
+        const testAttr = aTestElement.attributes[0];
 
-async_test(t => {
-const sourceFrame = document.createElement("iframe");
-sourceFrame.srcdoc = passThroughPolicy.createHTML(
-`<!DOCTYPE html>
-<head>
-<meta charset="utf-8">
-</head>
-<body><div srcdoc="v"></div>doc without TT</body>`);
+        async_test(t => {
+            const sourceFrame = document.createElement("iframe");
+
+            sourceFrame.srcdoc = passThroughPolicy.createHTML(
+            `<!DOCTYPE html>
+            <head>
+            <meta charset="utf-8">
+            </head>
+            <body><div ` + testAttr.name + `="` + testAttr.value + `"></div>
+            doc without TT CSP.
+            </body>`);
+
+            t.add_cleanup(() => {
+                sourceFrame.remove();
+            });
+
+            sourceFrame.addEventListener("load", t.step_func_done(() => {
+                // A window is a global object which has 1-to-1 mapping to a realm, see the first
+                // note of <https://html.spec.whatwg.org/#realms-settings-objects-global-objects>
+                // and its following paragraph.
+                assert_not_equals(aTestElement.ownerDocument, null);
+                assert_not_equals(aTestElement.ownerDocument, undefined);
+                assert_not_equals(aTestElement.ownerDocument.defaultView, sourceFrame.contentWindow,
+                "The source frame's realm differs from the test element's realm.");
+
+                const div = sourceFrame.contentDocument.body.querySelector("div");
+                const sourceAttr = div.getAttributeNode(testAttr.name);
+                div.removeAttributeNode(sourceAttr);
 
-const targetFrame = document.createElement("iframe");
-document.body.append(targetFrame);
+                assert_throws_js(TypeError, () => { aTestElement.setAttributeNode(sourceAttr); });
+            }));
 
-t.add_cleanup(() => {
-    targetFrame.remove();
-    sourceFrame.remove();
-});
+            document.body.append(sourceFrame);
 
-sourceFrame.addEventListener("load", t.step_func_done(() => {
-const div = sourceFrame.contentDocument.body.firstChild;
-const attrNode = div.getAttributeNode("srcdoc");
-div.removeAttributeNode(attrNode);
-assert_throws_js(TypeError, () => { targetFrame.setAttributeNode(attrNode); }); }));
+        }, `Importing a "` + testAttr.name + `" attribute node created in a non-TT enforcing ` +
+        `realm to a TT enforcing realm to a "`+ aTestElement.localName + `" node with parent="` +
+        aTestElement.parentElement.localName + `" throws.`);
+    }
 
-document.body.append(sourceFrame);
+    for (const testElement of document.querySelectorAll("#nonSVGTestElements *")) {
+        runTest(testElement);
+    }
 
-}, "Importing a `srcdoc` attribute node created in a non-TT enforcing realm to an iframe throws.");
+    for (const testElement of document.querySelectorAll("#svgTestElements *")) {
+        runTest(testElement);
+    }
 </script>
 </body>
 </html>

From 4a9e49c9332ff4bcfecfeddfbf8003256655b2e7 Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Tue, 20 Feb 2024 10:26:16 +0100
Subject: [PATCH 06/10] Change test to check `aTestElement`'s `ownerDocument`
 equals `document`

---
 .../block-string-assignment-to-Element-setAttributeNode.html   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
index 14d8ef886ee89b..02ae925a4999ec 100644
--- a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
+++ b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
@@ -45,8 +45,7 @@
                 // A window is a global object which has 1-to-1 mapping to a realm, see the first
                 // note of <https://html.spec.whatwg.org/#realms-settings-objects-global-objects>
                 // and its following paragraph.
-                assert_not_equals(aTestElement.ownerDocument, null);
-                assert_not_equals(aTestElement.ownerDocument, undefined);
+                assert_equals(aTestElement.ownerDocument, document);
                 assert_not_equals(aTestElement.ownerDocument.defaultView, sourceFrame.contentWindow,
                 "The source frame's realm differs from the test element's realm.");
 

From d6151692c00e8d531a6d24771861603c9c10f59e Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Wed, 21 Feb 2024 10:51:32 +0100
Subject: [PATCH 07/10] Refactor test to use the XLink namespace for SVG's
 script element

---
 ...ing-assignment-to-Element-setAttributeNode.html | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
index 02ae925a4999ec..d10b5d765ae891 100644
--- a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
+++ b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
@@ -28,12 +28,18 @@
         async_test(t => {
             const sourceFrame = document.createElement("iframe");
 
+            // The markup requires the parent element to ensure the attribute is associated with the
+            // correct namespace.
             sourceFrame.srcdoc = passThroughPolicy.createHTML(
             `<!DOCTYPE html>
             <head>
             <meta charset="utf-8">
             </head>
-            <body><div ` + testAttr.name + `="` + testAttr.value + `"></div>
+            <body>
+                <` + aTestElement.parentElement.localName + `>
+                    <` + aTestElement.localName + ` ` + testAttr.name + `="` + testAttr.value + `">
+                    </` + aTestElement.localName + `>
+                </` + aTestElement.parentElement.localName + `>
             doc without TT CSP.
             </body>`);
 
@@ -49,9 +55,9 @@
                 assert_not_equals(aTestElement.ownerDocument.defaultView, sourceFrame.contentWindow,
                 "The source frame's realm differs from the test element's realm.");
 
-                const div = sourceFrame.contentDocument.body.querySelector("div");
-                const sourceAttr = div.getAttributeNode(testAttr.name);
-                div.removeAttributeNode(sourceAttr);
+                const sourceElement = sourceFrame.contentDocument.body.querySelector(aTestElement.localName);
+                const sourceAttr = sourceElement.getAttributeNode(testAttr.name);
+                sourceElement.removeAttributeNode(sourceAttr);
 
                 assert_throws_js(TypeError, () => { aTestElement.setAttributeNode(sourceAttr); });
             }));

From 26c25f948093d3979655568df7f7fe39f6b8a9c7 Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Thu, 22 Feb 2024 10:18:38 +0100
Subject: [PATCH 08/10] Remove unnecessary assertions and explain in a comment
 that `aTestElement`'s and `sourceAttr`s realms differ

---
 ...block-string-assignment-to-Element-setAttributeNode.html | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
index d10b5d765ae891..00bd68985768bf 100644
--- a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
+++ b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
@@ -50,10 +50,8 @@
             sourceFrame.addEventListener("load", t.step_func_done(() => {
                 // A window is a global object which has 1-to-1 mapping to a realm, see the first
                 // note of <https://html.spec.whatwg.org/#realms-settings-objects-global-objects>
-                // and its following paragraph.
-                assert_equals(aTestElement.ownerDocument, document);
-                assert_not_equals(aTestElement.ownerDocument.defaultView, sourceFrame.contentWindow,
-                "The source frame's realm differs from the test element's realm.");
+                // and its following paragraph. Here, `aTestElement`'s and `sourceAttr`'s windows
+                // differ, hence they belong to different realms.
 
                 const sourceElement = sourceFrame.contentDocument.body.querySelector(aTestElement.localName);
                 const sourceAttr = sourceElement.getAttributeNode(testAttr.name);

From b617318b3ef38c99c60bec01923f330a8138f75a Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Thu, 28 Mar 2024 10:12:33 +0100
Subject: [PATCH 09/10] Change test to check `setAttributeNode` and
 `setAttribute` respect the element's node document's global's CSP

Requires https://github.com/web-platform-tests/wpt/issues/45405 to be
fixed.
---
 ...s-Elements-node-documents-globals-CSP.html | 125 ++++++++++++++++++
 ...ssignment-to-Element-setAttributeNode.html |  79 -----------
 2 files changed, 125 insertions(+), 79 deletions(-)
 create mode 100644 trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html
 delete mode 100644 trusted-types/block-string-assignment-to-Element-setAttributeNode.html

diff --git a/trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html b/trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html
new file mode 100644
index 00000000000000..a617865bfdc981
--- /dev/null
+++ b/trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html
@@ -0,0 +1,125 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="require-trusted-types-for 'script';"
+    />
+    <title>
+      trusted-types (TT): `setAttribute`/`setAttributeNode` for an element
+      adopted from a non-TT realm respects TT's Content-Security-Policy (CSP)
+    </title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+  <body>
+    <div id="nonSVGTestElements">
+      <iframe srcdoc="v"></iframe>
+      <embed src="v" />
+      <script src="v"></script>
+      <object data="v"></object>
+      <object codebase="v"></object>
+    </div>
+    <svg id="svgTestElements">
+      <script href="v"></script>
+      <script xlink:href="v"></script>
+    </svg>
+    <script>
+      const passThroughPolicy = trustedTypes.createPolicy("passThrough", {
+        createHTML: (s) => s,
+      });
+
+      function runTest(aTestElement) {
+        const testAttr = aTestElement.attributes[0];
+
+        async_test(
+          (t) => {
+            const sourceFrame = document.createElement("iframe");
+
+            // The markup requires the parent element to ensure the attribute is associated with the
+            // correct namespace.
+            sourceFrame.srcdoc = passThroughPolicy.createHTML(
+              `<!DOCTYPE html>
+            <head>
+            <meta charset="utf-8">
+            </head>
+            <body>
+                <` +
+                aTestElement.parentElement.localName +
+                `>
+                    <` +
+                aTestElement.localName +
+                ` ` +
+                testAttr.name +
+                `="` +
+                testAttr.value +
+                `">
+                    </` +
+                aTestElement.localName +
+                `>
+                </` +
+                aTestElement.parentElement.localName +
+                `>
+            doc without TT CSP.
+            </body>`
+            );
+
+            t.add_cleanup(() => {
+              sourceFrame.remove();
+            });
+
+            sourceFrame.addEventListener(
+              "load",
+              t.step_func_done(() => {
+                // A window is a global object which has 1-to-1 mapping to a realm, see the first
+                // note of <https://html.spec.whatwg.org/#realms-settings-objects-global-objects>
+                // and its following paragraph. Here, `sourceElement`'s node document's global
+                // belongs to a non-TT realm.
+
+                const sourceElement =
+                  sourceFrame.contentDocument.body.querySelector(
+                    aTestElement.localName
+                  );
+                const sourceAttr = sourceElement.getAttributeNode(
+                  testAttr.name
+                );
+                sourceElement.removeAttributeNode(sourceAttr);
+
+                document.body.append(sourceElement);
+                // Now `sourceElement`'s node document's global belongs to a TT-realm.
+
+                assert_throws_js(TypeError, () => {
+                  sourceElement.setAttributeNode(sourceAttr);
+                });
+                assert_throws_js(TypeError, () => {
+                  sourceElement.setAttributeNS(
+                    sourceAttr.namespaceURI,
+                    sourceAttr.name,
+                    sourceAttr.value
+                  );
+                });
+              })
+            );
+
+            document.body.append(sourceFrame);
+          },
+          `setAttribute and setAttributeNode respect the element's node document's global's CSP;
+ Element=${aTestElement.localName}; Parent=${aTestElement.parentElement.localName}; Attribute=${testAttr.name}`
+        );
+      }
+
+      for (const testElement of document.querySelectorAll(
+        "#nonSVGTestElements *"
+      )) {
+        runTest(testElement);
+      }
+
+      for (const testElement of document.querySelectorAll(
+        "#svgTestElements *"
+      )) {
+        runTest(testElement);
+      }
+    </script>
+  </body>
+</html>
diff --git a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html b/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
deleted file mode 100644
index 00bd68985768bf..00000000000000
--- a/trusted-types/block-string-assignment-to-Element-setAttributeNode.html
+++ /dev/null
@@ -1,79 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
-<title>trusted-types (TT): setAttributeNode with node from non-TT realm</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-</head>
-<body>
-<div id="nonSVGTestElements">
-    <iframe srcdoc="v"></iframe>
-    <embed src="v">
-    <script src="v"></script>
-    <object data="v"></object>
-    <object codebase="v"></object>
-</div>
-<svg id="svgTestElements">
-    <script href="v"></script>
-    <script xlink:href="v"></script>
-</svg>
-<script>
-    const passThroughPolicy = trustedTypes.createPolicy("passThrough", { createHTML: s => s });
-
-    function runTest(aTestElement) {
-        const testAttr = aTestElement.attributes[0];
-
-        async_test(t => {
-            const sourceFrame = document.createElement("iframe");
-
-            // The markup requires the parent element to ensure the attribute is associated with the
-            // correct namespace.
-            sourceFrame.srcdoc = passThroughPolicy.createHTML(
-            `<!DOCTYPE html>
-            <head>
-            <meta charset="utf-8">
-            </head>
-            <body>
-                <` + aTestElement.parentElement.localName + `>
-                    <` + aTestElement.localName + ` ` + testAttr.name + `="` + testAttr.value + `">
-                    </` + aTestElement.localName + `>
-                </` + aTestElement.parentElement.localName + `>
-            doc without TT CSP.
-            </body>`);
-
-            t.add_cleanup(() => {
-                sourceFrame.remove();
-            });
-
-            sourceFrame.addEventListener("load", t.step_func_done(() => {
-                // A window is a global object which has 1-to-1 mapping to a realm, see the first
-                // note of <https://html.spec.whatwg.org/#realms-settings-objects-global-objects>
-                // and its following paragraph. Here, `aTestElement`'s and `sourceAttr`'s windows
-                // differ, hence they belong to different realms.
-
-                const sourceElement = sourceFrame.contentDocument.body.querySelector(aTestElement.localName);
-                const sourceAttr = sourceElement.getAttributeNode(testAttr.name);
-                sourceElement.removeAttributeNode(sourceAttr);
-
-                assert_throws_js(TypeError, () => { aTestElement.setAttributeNode(sourceAttr); });
-            }));
-
-            document.body.append(sourceFrame);
-
-        }, `Importing a "` + testAttr.name + `" attribute node created in a non-TT enforcing ` +
-        `realm to a TT enforcing realm to a "`+ aTestElement.localName + `" node with parent="` +
-        aTestElement.parentElement.localName + `" throws.`);
-    }
-
-    for (const testElement of document.querySelectorAll("#nonSVGTestElements *")) {
-        runTest(testElement);
-    }
-
-    for (const testElement of document.querySelectorAll("#svgTestElements *")) {
-        runTest(testElement);
-    }
-</script>
-</body>
-</html>

From dfd95a9bed40d480fa894c479a2b24308bda489c Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Mon, 8 Apr 2024 11:44:27 +0200
Subject: [PATCH 10/10] Use `sourceFrame.contentWindow`'s `TyperError`
 constructor

---
 ...ttribute-respects-Elements-node-documents-globals-CSP.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html b/trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html
index a617865bfdc981..c0f72bb36ac09c 100644
--- a/trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html
+++ b/trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html
@@ -89,10 +89,10 @@
                 document.body.append(sourceElement);
                 // Now `sourceElement`'s node document's global belongs to a TT-realm.
 
-                assert_throws_js(TypeError, () => {
+                assert_throws_js(sourceFrame.contentWindow.TypeError, () => {
                   sourceElement.setAttributeNode(sourceAttr);
                 });
-                assert_throws_js(TypeError, () => {
+                assert_throws_js(sourceFrame.contentWindow.TypeError, () => {
                   sourceElement.setAttributeNS(
                     sourceAttr.namespaceURI,
                     sourceAttr.name,