From d24898901c4e00542f1b78abe7e5072a19d73de0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Wang?= <fwang@igalia.com>
Date: Thu, 9 Jan 2025 15:12:52 +0100
Subject: [PATCH 1/2] Add TrustedType tests for iframe.srcdoc.

It seems we already have some tests for iframe.srcdoc but things are
a bit messy so it's unclear whether we cover blocking, conversion
check and sink names (#494) and null string edge case. Add a simple
test doing that, similar to other `block-string-assignment-to-*`
tests.
---
 ...ssignment-to-HTMLIFrameElement-srcdoc.html | 55 +++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html

diff --git a/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html b/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html
new file mode 100644
index 00000000000000..a68bcbd285c4bb
--- /dev/null
+++ b/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="support/helper.sub.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
+<body>
+<script>
+  // TrustedHTML assignments do not throw.
+  test(t => {
+    let p = createHTML_policy(window, 1);
+    let html = p.createHTML(INPUTS.HTML);
+    let iframe = document.createElement("iframe");
+    iframe.srcdoc = html;
+    assert_equals(result.textContent, RESULTS.HTML);
+  }, "iframe.srcdoc assigned via policy (successful HTML transformation).");
+
+  // String assignments throw.
+  test(t => {
+    let iframe = document.createElement("iframe");
+    iframe.srcdoc = createHTML_policy(window, 1);
+    assert_throws_js(TypeError, _ => {
+      iframe.srcdoc = "A string";
+    });
+  }, "`iframe.srcdoc = string` throws.");
+
+  // Null assignment throws.
+  test(t => {
+    let iframe = document.createElement("iframe");
+    assert_throws_js(TypeError, _ => {
+      iframe.srcdoc = null;
+    });
+  }, "`iframe.srcdoc = null` throws.");
+
+  // After default policy creation string assignment implicitly calls createHTML
+  test(t => {
+    let p = window.trustedTypes.createPolicy("default", { createHTML:
+      (value, _, sink) => {
+        assert_equals(sink, "iframe srcdoc");
+        return createHTMLJS(value);
+      }
+    });
+
+    let iframe = document.createElement("iframe");
+    iframe.srcdoc = INPUTS.HTML;
+    assert_equals(iframe.srcdoc, RESULTS.HTML);
+  }, "`iframe.srcdoc = string` assigned via default policy (successful HTML transformation).");
+
+  // After default policy creation null assignment implicitly calls createHTML.
+  test(t => {
+    let iframe = document.createElement("iframe");
+    iframe.srcdoc = null;
+    assert_equals(container.innerText, "null");
+  }, "`iframe.srcdoc = null` assigned via default policy does not throw");
+</script>

From e90a76570088a08b4c694397b04ef84d1e44a910 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Wang?= <fwang@igalia.com>
Date: Thu, 9 Jan 2025 16:14:31 +0100
Subject: [PATCH 2/2] fix many errors

---
 ...lock-string-assignment-to-HTMLIFrameElement-srcdoc.html | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html b/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html
index a68bcbd285c4bb..b71d838b851238 100644
--- a/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html
+++ b/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html
@@ -12,13 +12,12 @@
     let html = p.createHTML(INPUTS.HTML);
     let iframe = document.createElement("iframe");
     iframe.srcdoc = html;
-    assert_equals(result.textContent, RESULTS.HTML);
+    assert_equals(iframe.srcdoc, RESULTS.HTML);
   }, "iframe.srcdoc assigned via policy (successful HTML transformation).");
 
   // String assignments throw.
   test(t => {
     let iframe = document.createElement("iframe");
-    iframe.srcdoc = createHTML_policy(window, 1);
     assert_throws_js(TypeError, _ => {
       iframe.srcdoc = "A string";
     });
@@ -36,7 +35,7 @@
   test(t => {
     let p = window.trustedTypes.createPolicy("default", { createHTML:
       (value, _, sink) => {
-        assert_equals(sink, "iframe srcdoc");
+        assert_equals(sink, "HTMLIFrameElement srcdoc");
         return createHTMLJS(value);
       }
     });
@@ -50,6 +49,6 @@
   test(t => {
     let iframe = document.createElement("iframe");
     iframe.srcdoc = null;
-    assert_equals(container.innerText, "null");
+    assert_equals(iframe.srcdoc, "null");
   }, "`iframe.srcdoc = null` assigned via default policy does not throw");
 </script>