ampproject · dreamofabear · Jun 16, 2017 · Jun 14, 2017 · Jun 14, 2017 · Jun 14, 2017
diff --git a/examples/standard-actions.amp.html b/examples/standard-actions.amp.html
@@ -39,6 +39,11 @@
 </head>
 <body>
 
+<div class="button-set">
+  <h3>AMP.navigateTo()</h3>
+  <button on="tap:AMP.navigateTo(url='http://google.com')">google.com</button>
+</div>
+
 <div class="button-set">
   <h3>amp-img:</h3>
   <button on="tap:img-on-viewport.show">Show</button>

diff --git a/src/document-submit.js b/src/document-submit.js
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 
+import {ActionTrust} from './action-trust';
 import {actionServiceForDoc} from './services';
 import {dev, user} from './log';
 import {
@@ -128,6 +129,9 @@ export function onDocumentFormSubmit_(e) {
     // handling of the event in cases were we are delegating to action service
     // to deliver the submission event.
     e.stopImmediatePropagation();
-    actionServiceForDoc(form).execute(form, 'submit', /*args*/ null, form, e);
+
+    const actions = actionServiceForDoc(form);
+    // TODO(choumx, #9699): HIGH.
+    actions.execute(form, 'submit', /*args*/ null, form, e, ActionTrust.MEDIUM);
   }
 }
diff --git a/src/service/action-impl.js b/src/service/action-impl.js
@@ -218,8 +218,7 @@ export class ActionService {
       this.root_.addEventListener('click', event => {
         if (!event.defaultPrevented) {
           const element = dev().assertElement(event.target);
-          // TODO(choumx, #9699): HIGH.
-          this.trigger(element, name, event, ActionTrust.MEDIUM);
+          this.trigger(element, name, event, ActionTrust.HIGH);
         }
       });
       this.root_.addEventListener('keydown', event => {
@@ -229,8 +228,7 @@ export class ActionService {
           if (!event.defaultPrevented &&
               element.getAttribute('role') == 'button') {
             event.preventDefault();
-            // TODO(choumx, #9699): HIGH.
-            this.trigger(element, name, event, ActionTrust.MEDIUM);
+            this.trigger(element, name, event, ActionTrust.HIGH);
           }
         }
       });
@@ -245,7 +243,7 @@ export class ActionService {
         const element = dev().assertElement(event.target);
         // Only `change` events from <select> elements have high trust.
         const trust = element.tagName == 'SELECT'
-            ? ActionTrust.MEDIUM // TODO(choumx, #9699): HIGH.
+            ? ActionTrust.HIGH
             : ActionTrust.MEDIUM;
         this.addInputDetails_(event);
         this.trigger(element, name, event, trust);
@@ -341,10 +339,9 @@ export class ActionService {
    * @param {?JSONType} args
    * @param {?Element} source
    * @param {?ActionEventDef} event
+   * @param {ActionTrust} trust
    */
-  execute(target, method, args, source, event) {
-    // Invocation of actions by the runtime has the highest trust of all.
-    const trust = ActionTrust.MEDIUM; // TODO(choumx, #9699): HIGH.
+  execute(target, method, args, source, event, trust) {
     this.invoke_(target, method, args, source, event, trust, null);
   }
 

diff --git a/src/service/standard-actions-impl.js b/src/service/standard-actions-impl.js
@@ -17,13 +17,14 @@
 import {ActionTrust} from '../action-trust';
 import {OBJECT_STRING_ARGS_KEY} from '../service/action-impl';
 import {Layout, getLayoutClass} from '../layout';
-import {actionServiceForDoc} from '../services';
+import {actionServiceForDoc, urlReplacementsForDoc} from '../services';
 import {bindForDoc} from '../services';
+import {computedStyle, getStyle, toggle} from '../style';
 import {dev, user} from '../log';
-import {registerServiceBuilderForDoc} from '../service';
 import {historyForDoc} from '../services';
+import {isProtocolValid} from '../url';
+import {registerServiceBuilderForDoc} from '../service';
 import {resourcesForDoc} from '../services';
-import {computedStyle, getStyle, toggle} from '../style';
 import {vsyncFor} from '../services';
 
 /**
@@ -55,6 +56,9 @@ export class StandardActions {
     /** @const @private {!./resources-impl.Resources} */
     this.resources_ = resourcesForDoc(ampdoc);
 
+    /** @const @private {!./url-replacements-impl.UrlReplacements} */
+    this.urlReplacements_ = urlReplacementsForDoc(ampdoc);
+
     this.installActions_(this.actions_);
   }
 
@@ -87,6 +91,9 @@ export class StandardActions {
       case 'setState':
         this.handleAmpSetState_(invocation);
         return;
+      case 'navigateTo':
+        this.handleAmpNavigateTo_(invocation);
+        return;
       case 'goBack':
         this.handleAmpGoBack_(invocation);
         return;
@@ -121,6 +128,24 @@ export class StandardActions {
     });
   }
 
+  /**
+   * @param {!./action-impl.ActionInvocation} invocation
+   * @private
+   */
+  handleAmpNavigateTo_(invocation) {
+    if (!invocation.satisfiesTrust(ActionTrust.HIGH)) {
+      return;
+    }
+    const url = invocation.args['url'];
+    if (!isProtocolValid(url)) {
+      return;
+    }
+    const expandedUrl = this.urlReplacements_.expandUrlSync(url);
+    const node = invocation.target;
+    const win = (node.ownerDocument || node).defaultView;
+    win.location = expandedUrl;
+  }
+
   /**
    * @param {!./action-impl.ActionInvocation} invocation
    * @private

diff --git a/test/functional/test-standard-actions.js b/test/functional/test-standard-actions.js
@@ -163,6 +163,44 @@ describes.sandboxed('StandardActions', {}, () => {
   });
 
   describe('"AMP" global target', () => {
+    it('should implement navigateTo', () => {
+      const expandUrlStub = sandbox.stub(standardActions.urlReplacements_,
+          'expandUrlSync', url => url);
+
+      const win = {
+        location: 'http://foo.com',
+      };
+      const invocation = {
+        method: 'navigateTo',
+        args: {
+          url: 'http://bar.com',
+        },
+        target: {
+          ownerDocument: {
+            defaultView: win,
+          },
+        },
+      };
+
+      // Should check trust and fail.
+      invocation.satisfiesTrust = () => false;
+      standardActions.handleAmpTarget(invocation);
+      expect(win.location).to.equal('http://foo.com');
+      expect(expandUrlStub).to.not.be.called;
+
+      // Should succeed.
+      invocation.satisfiesTrust = () => true;
+      standardActions.handleAmpTarget(invocation);
+      expect(win.location).to.equal('http://bar.com');
+      expect(expandUrlStub.calledOnce);
+
+      // Invalid protocols should fail.
+      invocation.args.url = /*eslint no-script-url: 0*/ 'javascript:alert(1)';
+      standardActions.handleAmpTarget(invocation);
+      expect(win.location).to.equal('http://bar.com');
+      expect(expandUrlStub.calledOnce);
+    });
+
     it('should implement goBack', () => {
       installHistoryServiceForDoc(ampdoc);
       const history = historyForDoc(ampdoc);
@@ -173,10 +211,10 @@ describes.sandboxed('StandardActions', {}, () => {
     });
 
     it('should implement setState', () => {
-      const setStateWithExpressionSpy = sandbox.spy();
+      const spy = sandbox.spy();
       window.services.bind = {
         obj: {
-          setStateWithExpression: setStateWithExpressionSpy,
+          setStateWithExpression: spy,
         },
       };
 
@@ -191,8 +229,8 @@ describes.sandboxed('StandardActions', {}, () => {
       };
       standardActions.handleAmpTarget(invocation);
       return bindForDoc(ampdoc).then(() => {
-        expect(setStateWithExpressionSpy).to.be.calledOnce;
-        expect(setStateWithExpressionSpy).to.be.calledWith('{foo: 123}');
+        expect(spy).to.be.calledOnce;
+        expect(spy).to.be.calledWith('{foo: 123}');
       });
     });
   });