commit a1b8504fff7897dc91ff2d34d83c60216738f0c3
parent a62e5a184f9fbc930c0230098ed28af4f30b49d3
Author: Noam Rosenthal <nrosenthal@chromium.org>
Date: Fri, 19 Dec 2025 09:31:42 +0000
Bug 2006734 [wpt PR 56828] - Implement setHTMLUnsafe(html, {runScripts: true}), a=testonly
Automatic update from web-platform-tests
Implement setHTMLUnsafe(html, {runScripts: true})
The runScripts option executes the scripts after insertion, similar to
createContextualFragment.
Change-Id: Iefe8cd0741a1064fc399b85856295746f8d791d7
I2P: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6942d982.050a0220.1050d6.07ec.GAE%40google.com
Bug: 469706054
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7269427
Commit-Queue: Noam Rosenthal <nrosenthal@google.com>
Reviewed-by: Mason Freed <masonf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1560643}
--
wpt-commits: 78045346f7107eaeedd4ac4c765d601ccb1fb244
wpt-pr: 56828
Diffstat:
2 files changed, 154 insertions(+), 0 deletions(-)
diff --git a/testing/web-platform/tests/html/webappapis/dynamic-markup-insertion/html-unsafe-methods/resources/did-run.js b/testing/web-platform/tests/html/webappapis/dynamic-markup-insertion/html-unsafe-methods/resources/did-run.js
@@ -0,0 +1 @@
+window.did_run = true;
+\ No newline at end of file
diff --git a/testing/web-platform/tests/html/webappapis/dynamic-markup-insertion/html-unsafe-methods/setHTMLUnsafe-runScripts.tentative.html b/testing/web-platform/tests/html/webappapis/dynamic-markup-insertion/html-unsafe-methods/setHTMLUnsafe-runScripts.tentative.html
@@ -0,0 +1,152 @@
+<!DOCTYPE html>
+<link rel="author" href="mailto:jarhar@chromium.org" />
+<link rel="help" href="https://github.com/whatwg/html/pull/9538" />
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<body>
+ <script>
+ window.did_run = false;
+ for (const containerType of ["Element", "ShadowRoot"]) {
+ const createContainer = (t) => {
+ const element = document.createElement("div");
+ document.body.appendChild(element);
+ t.add_cleanup(() => {
+ element.remove();
+ });
+
+ if (containerType === "Element")
+ return element;
+
+ window.target_shadow_root = element.attachShadow({ mode: "open" });
+ t.add_cleanup(() => {
+ delete window.target_shadow_root;
+ });
+ return window.target_shadow_root;
+ };
+
+ test((t) => {
+ const container = createContainer(t);
+ container.setHTMLUnsafe(
+ "<script>window.did_run = true;</" + "script>",
+ { runScripts: true }
+ );
+ t.add_cleanup(() => {
+ window.did_run = false;
+ });
+
+ assert_true(window.did_run);
+ }, `${containerType}: setHTMLUnsafe with runScripts & no shadowdom.`);
+
+ test((t) => {
+ const container = createContainer(t);
+ container.setHTMLUnsafe(
+ "<script>window.did_run = true;</" + "script>",
+ { runScripts: false }
+ );
+ t.add_cleanup(() => {
+ window.did_run = false;
+ });
+
+ assert_false(window.did_run);
+ }, `${containerType}: setHTMLUnsafe with runScripts=false & no shadowdom.`);
+
+ test((t) => {
+ const container = createContainer(t);
+ container.setHTMLUnsafe(
+ "<script>window.did_run = true;</" + "script>",
+ { runScripts: false }
+ );
+ t.add_cleanup(() => {
+ window.did_run = false;
+ });
+
+ assert_false(window.did_run);
+ }, `${containerType}: setHTMLUnsafe without runScripts & no shadowdom.`);
+
+ test((t) => {
+ const container = createContainer(t);
+ container.setHTMLUnsafe(
+ "<div><template shadowrootmode=open><script>window.did_run = true;</" +
+ "script></template></div>",
+ { runScripts: true }
+ );
+
+ t.add_cleanup(() => {
+ window.did_run = false;
+ });
+ assert_true(window.did_run);
+ }, `${containerType}: setHTMLUnsafe with script inside declarative shadow DOM.`);
+
+ promise_test(async (t) => {
+ const container = createContainer(t);
+ const { resolve, promise } = Promise.withResolvers();
+ window.resolve = resolve;
+ container.setHTMLUnsafe(
+ `<script src="resources/did-run.js" onload="window.resolve()"><` +
+ +`/script>`,
+ { runScripts: true }
+ );
+
+ t.add_cleanup(() => {
+ window.did_run = false;
+ delete window.resolve;
+ });
+
+ await promise;
+ assert_true(window.did_run);
+ }, `${containerType}: setHTMLUnsafe with external script.`);
+
+ promise_test(async (t) => {
+ const container = createContainer(t);
+ const { resolve, promise } = Promise.withResolvers();
+ window.resolve = resolve;
+ container.setHTMLUnsafe(
+ `<script async src="resources/did-run.js" onload="window.resolve()"><` +
+ +`/script>`,
+ { runScripts: true }
+ );
+
+ t.add_cleanup(() => {
+ window.did_run = false;
+ delete window.resolve;
+ });
+
+ await promise;
+ assert_true(window.did_run);
+ }, `${containerType}: setHTMLUnsafe with external async script.`);
+
+ promise_test(async (t) => {
+ const container = createContainer(t);
+ const { resolve, promise } = Promise.withResolvers();
+ window.resolve = resolve;
+ container.setHTMLUnsafe(
+ `<script defer src="resources/did-run.js" onload="window.resolve()"><` +
+ +`/script>`,
+ { runScripts: true }
+ );
+
+ t.add_cleanup(() => {
+ window.did_run = false;
+ delete window.resolve;
+ });
+
+ await promise;
+ assert_true(window.did_run);
+ }, `${containerType}: setHTMLUnsafe with external defer script.`);
+
+ promise_test(async (t) => {
+ const container = createContainer(t);
+ container.innerHTML = "";
+ container.setHTMLUnsafe(
+ `<div><script>
+ (window.target_shadow_root || document).getElementById("after").textContent = "after";
+ <` + `/script><div id=after></div></div>`,
+ { runScripts: true }
+ );
+
+ assert_equals(container.querySelector("#after").textContent, "after");
+ }, `${containerType}: setHTMLUnsafe script cannot observe intermediate state.`);
+ }
+ </script>
+</body>
