From 7a8b70e636a9556c57fc47e71cae87b4bada3794 Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Wed, 8 May 2024 12:01:29 +0100
Subject: [PATCH] WebKit export of
 https://bugs.webkit.org/show_bug.cgi?id=273819 (#46141)

---
 trusted-types/Document-write.html             | 60 ++++++++++++
 ...k-string-assignment-to-Document-write.html | 94 ++++++++++++++++++-
 2 files changed, 153 insertions(+), 1 deletion(-)

diff --git a/trusted-types/Document-write.html b/trusted-types/Document-write.html
index 87e9e724699efc..7902733f67c23b 100644
--- a/trusted-types/Document-write.html
+++ b/trusted-types/Document-write.html
@@ -11,4 +11,64 @@
     document.write(html);
     assert_true(document.body.innerText.indexOf(RESULTS.HTML) !== -1);
   }, "document.write with html assigned via policy (successful transformation).");
+
+  test(t => {
+    document.body.innerText = '';
+    let p = createHTML_policy(window, 1);
+    let html = p.createHTML(INPUTS.HTML);
+    document.writeln(html);
+    assert_true(document.body.innerText.indexOf(RESULTS.HTML) !== -1);
+  }, "document.writeln with html assigned via policy (successful transformation).");
+
+  test(t => {
+    document.body.innerText = '';
+    let p = createHTML_policy(window, 1);
+    let a = p.createHTML("abcdef");
+    let b = p.createHTML("ghijkl");
+    document.write(a, b);
+    assert_equals(document.body.innerText, "abcdefghijkl");
+  }, "document.write(TrustedHTML, TrustedHTML)");
+
+  test(t => {
+    document.body.innerText = '';
+    let p = createHTML_policy(window, 1);
+    let a = p.createHTML("abcdef");
+    let b = p.createHTML("ghijkl");
+    document.writeln(a, b);
+    assert_equals(document.body.innerText, "abcdefghijkl");
+  }, "document.writeln(TrustedHTML, TrustedHTML)");
+
+  test(t => {
+    document.body.innerText = '';
+    let p = createHTML_policy(window, 1);
+    let a = p.createHTML("abcdef");
+    let b = "ghijkl";
+    document.write(a, b);
+    assert_equals(document.body.innerText, "abcdefghijkl");
+  }, "document.write(TrustedHTML, String)");
+
+  test(t => {
+    document.body.innerText = '';
+    let p = createHTML_policy(window, 1);
+    let a = p.createHTML("abcdef");
+    let b = "ghijkl";
+    document.writeln(a, b);
+    assert_equals(document.body.innerText, "abcdefghijkl");
+  }, "document.writeln(TrustedHTML, String)");
+
+  test(t => {
+    document.body.innerText = '';
+    let a = "abcdef";
+    let b = "ghijkl";
+    document.write(a, b);
+    assert_equals(document.body.innerText, "abcdefghijkl");
+  }, "document.write(String, String)");
+
+  test(t => {
+    document.body.innerText = '';
+    let a = "abcdef";
+    let b = "ghijkl";
+    document.writeln(a, b);
+    assert_equals(document.body.innerText, "abcdefghijkl");
+  }, "document.writeln(String, String)");
 </script>
diff --git a/trusted-types/block-string-assignment-to-Document-write.html b/trusted-types/block-string-assignment-to-Document-write.html
index 974203c1133a43..d22be1118ce2b0 100644
--- a/trusted-types/block-string-assignment-to-Document-write.html
+++ b/trusted-types/block-string-assignment-to-Document-write.html
@@ -18,6 +18,14 @@
     assert_equals(document.body.innerText, RESULTS.HTML);
   }, "document.write with html assigned via policy (successful URL transformation).");
 
+  test(t => {
+    document.body.innerText = '';
+    let a = p.createHTML("abcdef");
+    let b = p.createHTML("ghijkl");
+    document.write(a,b);
+    assert_equals(document.body.innerText, "abcdefghijkl");
+  }, "document.write with multiple trusted arguments.");
+
   // TrustedURL assignments do not throw. (Now for writeln.)
   test(t => {
     document.body.innerText = '';
@@ -26,6 +34,14 @@
     assert_equals(document.body.innerText, RESULTS.HTML);
   }, "document.writeln with html assigned via policy (successful URL transformation).");
 
+  test(t => {
+    document.body.innerText = '';
+    let a = p.createHTML("abcdef");
+    let b = p.createHTML("ghijkl");
+    document.writeln(a,b);
+    assert_equals(document.body.innerText, "abcdefghijkl");
+  }, "document.writeln with multiple trusted arguments.");
+
   // String assignments throw.
   test(t => {
     const old = document.body.innerText;
@@ -35,6 +51,26 @@
     assert_equals(document.body.innerText, old);
   }, "`document.write(string)` throws");
 
+  test(t => {
+    const old = document.body.innerText;
+    assert_throws_js(TypeError, _ => {
+      let a = "abcdef";
+      let b = "ghijkl";
+      document.write(a, b);
+    });
+    assert_equals(document.body.innerText, old);
+  }, "`document.write(string, string)` throws");
+
+  test(t => {
+    const old = document.body.innerText;
+    assert_throws_js(TypeError, _ => {
+      let a = "abcdef";
+      let b = p.createHTML("ghijkl");
+      document.write(a, b);
+    });
+    assert_equals(document.body.innerText, old);
+  }, "`document.write(string, TrustedHTML)` throws");
+
   // String assignments throw. (Now for writeln.)
   test(t => {
     const old = document.body.innerText;
@@ -44,6 +80,26 @@
     assert_equals(document.body.innerText, old);
   }, "`document.writeln(string)` throws");
 
+  test(t => {
+    const old = document.body.innerText;
+    assert_throws_js(TypeError, _ => {
+      let a = "abcdef";
+      let b = "ghijkl";
+      document.writeln(a, b);
+    });
+    assert_equals(document.body.innerText, old);
+  }, "`document.writeln(string, string)` throws");
+
+  test(t => {
+    const old = document.body.innerText;
+    assert_throws_js(TypeError, _ => {
+      let a = "abcdef";
+      let b = p.createHTML("ghijkl");
+      document.writeln(a, b);
+    });
+    assert_equals(document.body.innerText, old);
+  }, "`document.writeln(string, TrustedHTML)` throws");
+
   // Null assignment throws.
   test(t => {
     const old = document.body.innerText;
@@ -63,7 +119,11 @@
   }, "`document.writeln(null)` throws");
 
   let default_policy = trustedTypes.createPolicy('default',
-      { createHTML: createHTMLJS }, true );
+          { createHTML: (html) => {
+              return html.replace("Hi", "Quack")
+                      .replace("transformed", "a duck")
+                      .replace("defghi", "zxcvbn")
+            } }, true );
 
   // Default policy works.
   test(t => {
@@ -72,10 +132,42 @@
     assert_equals(document.body.innerText, RESULTS.HTML);
   }, "`document.write(string)` observes default policy");
 
+  test(t => {
+    document.body.innerText = '';
+    let a = "abcdef";
+    let b = "ghijkl";
+    document.write(a, b);
+    assert_equals(document.body.innerText, "abczxcvbnjkl");
+  }, "`document.write(string, string)` observes default policy");
+
+  test(t => {
+    document.body.innerText = '';
+    let a = "abcdef";
+    let b = p.createHTML("ghijkl");
+    document.write(a, b);
+    assert_equals(document.body.innerText, "abczxcvbnjkl");
+  }, "`document.write(string, TrustedHTML)` observes default policy");
+
   // Default policy works. (Now for writeln.)
   test(t => {
     document.body.innerText = '';
     document.writeln(INPUTS.HTML);
     assert_equals(document.body.innerText, RESULTS.HTML);
   }, "`document.writeln(string)` observes default policy");
+
+  test(t => {
+    document.body.innerText = '';
+    let a = "abcdef";
+    let b = "ghijkl";
+    document.writeln(a, b);
+    assert_equals(document.body.innerText, "abczxcvbnjkl");
+  }, "`document.writeln(string, string)` observes default policy");
+
+  test(t => {
+    document.body.innerText = '';
+    let a = "abcdef";
+    let b = p.createHTML("ghijkl");
+    document.writeln(a, b);
+    assert_equals(document.body.innerText, "abczxcvbnjkl");
+  }, "`document.writeln(string, TrustedHTML)` observes default policy");
 </script>