fixup! Core:Manipulation: Add basic TrustedHTML support

mgol · mgol · commit 78efeede6e9e · 2021-09-30T00:40:18.000+02:00
diff --git a/test/data/trusted-html.html b/test/data/trusted-html.html
@@ -9,22 +9,8 @@
 <script src="../../dist/jquery.min.js"></script>
 <script src="iframeTest.js"></script>
 <script>
-	if ( typeof trustedTypes === "undefined" ) {
-		startIframeTest( [ {
-			actual: "",
-			expected: "trustedTypes support",
-			message: "trustedTypes supported"
-		} ] );
-		throw new Error( "No trustedTypes support; this test should be skipped" );
-	}
-
-	var i, input, elem, tags,
+	var i, input, elem, tags, policy,
 		results = [],
-		policy = trustedTypes.createPolicy( "jquery-test-policy", {
-			createHTML: function( html ) {
-				return html;
-			}
-		} ),
 		inputs = [
 			[ "<div></div>", "<div class='test'></div>", [ "div" ] ],
 			[ "<div></div>", "<div class='test'></div><span class='test'></span>",
@@ -33,27 +19,55 @@
 			[ "<select></select>", "<option class='test'></option>", [ "option" ] ]
 		];
 
-	for ( i = 0; i < inputs.length; i++ ) {
-		input = inputs[ i ];
-		elem = jQuery( policy.createHTML( input[ 0 ] ) );
-		elem.append( policy.createHTML( input[ 1 ] ) );
-		tags = elem.find( ".test" ).toArray().map( function( node ) {
-			return node.nodeName.toLowerCase();
-		} );
+	function runTests( messagePrefix, getHtmlWrapper ) {
+		for ( i = 0; i < inputs.length; i++ ) {
+			input = inputs[ i ];
+			elem = jQuery( getHtmlWrapper( input[ 0 ] ) );
+			elem.append( getHtmlWrapper( input[ 1 ] ) );
+			tags = elem.find( ".test" ).toArray().map( function( node ) {
+				return node.nodeName.toLowerCase();
+			} );
+			results.push( {
+				actual: tags,
+				expected: input[ 2 ],
+				message: messagePrefix + ": " + input[ 2 ].join( ", " )
+			} );
+		}
+
+		elem = jQuery( getHtmlWrapper( "<div></div>" ) );
+		elem.append( getHtmlWrapper( "text content" ) );
 		results.push( {
-			actual: tags,
-			expected: input[ 2 ],
-			message: input[ 2 ].join( ", " )
+			actual: elem.html(),
+			expected: "text content",
+			message: messagePrefix + ": text content properly appended"
 		} );
 	}
 
-	elem = jQuery( policy.createHTML( "<div></div>" ) );
-	elem.append( policy.createHTML( "text content" ) );
-	results.push( {
-		actual: elem.html(),
-		expected: "text content",
-		message: "Text content properly appended"
-	} );
+	if ( typeof trustedTypes !== "undefined" ) {
+		policy = trustedTypes.createPolicy( "jquery-test-policy", {
+			createHTML: function( html ) {
+				return html;
+			}
+		} );
+
+		runTests( "TrustedHTML", function wrapInTrustedHtml( input ) {
+			return policy.createHTML( input );
+		} );
+	} else {
+
+		// No TrustedHTML support so let's at least run tests with object wrappers
+		// with a proper `toString` function. This also shows that jQuery support
+		// of TrustedHTML is generic and would work with similar APIs out of the box
+		// as well. Ideally, we'd run these tests in browsers with TrustedHTML support
+		// as well but due to the CSP TrustedHTML enforcement these tests would fail.
+		runTests( "Object wrapper", function( input ) {
+			return {
+				toString: function toString() {
+					return input;
+				}
+			};
+		} );
+	}
 
 	startIframeTest( results );
 </script>
diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js
@@ -3010,15 +3010,17 @@ QUnit.test( "Works with invalid attempts to close the table wrapper", function(
 } );
 
 // Test trustedTypes support in browsers where they're supported (currently Chrome 83+).
+// Browsers with no TrustedHTML support still run tests on object wrappers with
+// a proper `toString` function.
 testIframe(
 	"Basic TrustedHTML support (gh-4409)",
 	"mock.php?action=trustedHtml",
 	function( assert, jQuery, window, document, test ) {
+
 		assert.expect( 5 );
 
 		test.forEach( function( result ) {
 			assert.deepEqual( result.actual, result.expected, result.message );
 		} );
-	},
-	typeof trustedTypes === "undefined" ? QUnit.skip : QUnit.test
+	}
 );
