Implement EnsureCSPDoesNotBlockStringCompilation as per CSP spec.

See https://w3c.github.io/webappsec-csp/#can-compile-strings Differential Revision: https://phabricator.services.mozilla.com/D229624 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1931288 gecko-commit: 0112d163ec43de573514b0a21dc45c4aea8dc8cd gecko-reviewers: smaug, tschuster
tkntjsdw · Dec 14, 2024 · 61ca832 · 61ca832
1 parent 9952c32
commit 61ca832
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/trusted-types/eval-function-constructor-untrusted-arguments-and-default-policy-throwing.html b/trusted-types/eval-function-constructor-untrusted-arguments-and-default-policy-throwing.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <link rel="help" href="https://w3c.github.io/webappsec-csp/#can-compile-strings">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<script>
+  let policy = trustedTypes.createPolicy("p", {
+    createScript: s => { throw Error('createScript exception'); }
+  });
+  test(t => {
+    assert_throws_js(EvalError, _ => eval("1+2"));
+  }, `EvalError thrown if the callback of the default policy throws an error (eval).`);
+  test(t => {
+    assert_throws_js(EvalError, _ => new Function("return 3;"));
+  }, `EvalError thrown if the callback of the default policy throws an error (new Function).`);
+</script>
+</body>
+</html>