tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 300f5338b9b3dd094f1411f40268f02015f55b45
parent 41999b0e621e97ebd6962e24b85f2e7e90f2ae35
Author: Luke Warlow <lwarlow@igalia.com>
Date:   Fri,  7 Nov 2025 08:47:05 +0000

Bug 1996966 [wpt PR 55736] - WebKit export of https://bugs.webkit.org/show_bug.cgi?id=298792, a=testonly

Automatic update from web-platform-tests
WebKit export of https://bugs.webkit.org/show_bug.cgi?id=298792 (#55736)

--

wpt-commits: 42add815ec92f85fa2fb89609d353285765e4190
wpt-pr: 55736

Diffstat:

Atesting/web-platform/tests/trusted-types/navigate-to-javascript-url-008.html | 20++++++++++++++++++++


Atesting/web-platform/tests/trusted-types/navigate-to-javascript-url-008.html.headers | 3+++


Mtesting/web-platform/tests/trusted-types/support/navigation-support.js | 7+++++++


3 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/testing/web-platform/tests/trusted-types/navigate-to-javascript-url-008.html b/testing/web-platform/tests/trusted-types/navigate-to-javascript-url-008.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/rendering-utils.js"></script>
+<script src="./support/csp-violations.js"></script>
+<script src="./support/navigation-support.js"></script>
+<script>
+  promise_test(async _ => {
+    await new Promise(resolve => window.addEventListener("load", resolve));
+    const result = await setLocationToJavaScriptURL("throw" /* defaultpolicy */);
+    // This is odd but CSP pre-navigation checks on report-only directives cannot block navigation.
+    assert_true(result.javaScriptExecuted, "JavaScript should have been executed");
+    assert_equals(result.violations.length, 1);
+    const violation = result.violations[0];
+    assert_equals(violation.violatedDirective, "require-trusted-types-for");
+    assert_equals(violation.disposition, "report");
+    assert_equals(violation.sample, `Location href|${clipSampleIfNeeded(kJavaScriptURLCode)}`);
+    assert_equals(result.exception, null, "No exception");
+  }, "Setting window.location to a javascript: URL with a default policy that throws should report a CSP violation without rethrowing the exception.");
+</script>
diff --git a/testing/web-platform/tests/trusted-types/navigate-to-javascript-url-008.html.headers b/testing/web-platform/tests/trusted-types/navigate-to-javascript-url-008.html.headers
@@ -0,0 +1,3 @@
+
+Content-Security-Policy: connect-src 'none';
+Content-Security-Policy-Report-Only: require-trusted-types-for 'script'
diff --git a/testing/web-platform/tests/trusted-types/support/navigation-support.js b/testing/web-platform/tests/trusted-types/support/navigation-support.js
@@ -60,6 +60,8 @@ async function setLocationToJavaScriptURL(defaultpolicy) {
         // pre-navigation check CSP violation.
         if (window.requestIdleCallback) {
           await new Promise(resolve => requestIdleCallback(resolve));
+        } else {
+          await new Promise(resolve => requestAnimationFrame(_ => requestAnimationFrame(resolve)));
         }
       });
 
@@ -188,6 +190,11 @@ function navigateToJavascriptURL(reportOnly) {
               requestIdleCallback(resolve);
               window.addEventListener("beforeunload", resolve);
             });
+          } else {
+            await new Promise(resolve => requestAnimationFrame(() => {
+              requestAnimationFrame(resolve);
+              window.addEventListener("beforeunload", resolve);
+            }));
           }
         });
       if (exception) {