WebKit export of https://bugs.webkit.org/show_bug.cgi?id=273185

trusted-types/eval-csp-tt-default-policy-mutate.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script nonce="abc" src="/resources/testharness.js"></script>
+  <script nonce="abc" src="/resources/testharnessreport.js"></script>
+  <script nonce="abc" src="support/helper.sub.js"></script>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<script>
+  trustedTypes.createPolicy("default", {createScript: s => s.replace("1", "4")});
+
+  test(t => {
+    assert_throws_js(EvalError, _ => eval('1+1'));
+  }, "eval of string where default policy mutates value throws.");
+
+  test(t => {
+    assert_throws_js(EvalError, _ => eval?.('1+1'));
+  }, "indirect eval of string where default policy mutates value throws.");
+
+  test(t => {
+    assert_throws_js(EvalError, _ => new Function('return 1+1'));
+  }, "Function constructor with string where default policy mutates value throws.");
+</script>

trusted-types/eval-csp-tt-default-policy.html

@@ -8,7 +8,7 @@
 </head>
 <body>
 <script>
-  trustedTypes.createPolicy("default", {createScript: s => s.replace("1", "4")});
+  trustedTypes.createPolicy("default", {createScript: s => s});
   const p = trustedTypes.createPolicy("p", {createScript: s => s});
 
   test(t => {
@@ -20,7 +20,7 @@
   }, "indirect eval of TrustedScript works.");
 
   test(t => {
-    assert_equals(eval('1+1'), 5); // '1+1' becomes '4+1'.
+    assert_equals(eval('1+1'), 2);
   }, "eval of string works.");
 
   test(t => {
@@ -35,7 +35,7 @@
   }, "Function constructor of TrustedScript works.");
 
   test(t => {
-    assert_equals(new Function('return 1+1')(), 5);
+    assert_equals(new Function('return 1+1')(), 2);
   }, "Function constructor of string works.");
 </script>
 

trusted-types/eval-with-permissive-csp.html

@@ -51,20 +51,20 @@
     assert_equals(s, "Hello a cat string");
   }, "new Function with TrustedScript and permissive CSP works.");
 
-  trustedTypes.createPolicy("default", { createScript: createScriptJS }, true);
+  trustedTypes.createPolicy("default", { createScript: (s) => s });
   test(t => {
-    let s = eval('"Hello transformed untrusted string"');
-    assert_equals(s, "Hello a cat untrusted string");
-  }, "eval with default policy and permissive CSP still obeys default policy.");
+    let s = eval('1+1');
+    assert_equals(s, 2);
+  }, "eval with plain string with Trusted Types and permissive CSP works with default policy.");
 
   test(t => {
-    let s = eval?.('"Hello transformed untrusted string"');
-    assert_equals(s, "Hello a cat untrusted string");
-  }, "indirect eval with default policy and permissive CSP still obeys default policy.");
+    let s = eval?.('1+1');
+    assert_equals(s, 2);
+  }, "indirect eval with plain string with Trusted Types and permissive CSP works with default policy.");
 
   test(t => {
-    let s = new Function('return "Hello transformed untrusted string"')();
-    assert_equals(s, "Hello a cat untrusted string");
-  }, "new Function with default policy and permissive CSP still obeys default policy.");
+    let s = new Function('return 1+1')();
+    assert_equals(s, 2);
+  }, "new Function with plain string default policy and permissive CSP works with default policy.");
 </script>
 

trusted-types/support/WorkerGlobalScope-eval.https.js

@@ -39,10 +39,15 @@ trustedTypes.createPolicy("default", {
   createScript: x => x.replace("2", "5")
 });
 test(t => {
-  assert_equals(eval("2"), 5);
+  assert_equals(eval("4"), 4);
 }, "eval(string) with default policy in " + worker_type);
 test(t => {
-  assert_equals(eval?.("2"), 5);
+  assert_equals(eval?.("4"), 4);
 }, "indirect eval(string) with default policy in " + worker_type);
-
+test(t => {
+  assert_throws_js(EvalError, _ => eval("2"));
+}, "eval(string) with default policy mutation in " + worker_type);
+test(t => {
+  assert_throws_js(EvalError, _ => eval?.("2"));
+}, "indirect eval(string) with default policy mutation in " + worker_type);
 done();