WebKit export of https://bugs.webkit.org/show_bug.cgi?id=298792 (#55736)

lukewarlow · web-flow · commit 42add815ec92 · 2025-11-04T16:03:42.000Z
diff --git a/trusted-types/navigate-to-javascript-url-008.html b/trusted-types/navigate-to-javascript-url-008.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/rendering-utils.js"></script>
+<script src="./support/csp-violations.js"></script>
+<script src="./support/navigation-support.js"></script>
+<script>
+  promise_test(async _ => {
+    await new Promise(resolve => window.addEventListener("load", resolve));
+    const result = await setLocationToJavaScriptURL("throw" /* defaultpolicy */);
+    // This is odd but CSP pre-navigation checks on report-only directives cannot block navigation.
+    assert_true(result.javaScriptExecuted, "JavaScript should have been executed");
+    assert_equals(result.violations.length, 1);
+    const violation = result.violations[0];
+    assert_equals(violation.violatedDirective, "require-trusted-types-for");
+    assert_equals(violation.disposition, "report");
+    assert_equals(violation.sample, `Location href|${clipSampleIfNeeded(kJavaScriptURLCode)}`);
+    assert_equals(result.exception, null, "No exception");
+  }, "Setting window.location to a javascript: URL with a default policy that throws should report a CSP violation without rethrowing the exception.");
+</script>
diff --git a/trusted-types/navigate-to-javascript-url-008.html.headers b/trusted-types/navigate-to-javascript-url-008.html.headers
@@ -0,0 +1,3 @@
+
+Content-Security-Policy: connect-src 'none';
+Content-Security-Policy-Report-Only: require-trusted-types-for 'script'
diff --git a/trusted-types/support/navigation-support.js b/trusted-types/support/navigation-support.js
@@ -60,6 +60,8 @@ async function setLocationToJavaScriptURL(defaultpolicy) {
         // pre-navigation check CSP violation.
         if (window.requestIdleCallback) {
           await new Promise(resolve => requestIdleCallback(resolve));
+        } else {
+          await new Promise(resolve => requestAnimationFrame(_ => requestAnimationFrame(resolve)));
         }
       });
 
@@ -188,6 +190,11 @@ function navigateToJavascriptURL(reportOnly) {
               requestIdleCallback(resolve);
               window.addEventListener("beforeunload", resolve);
             });
+          } else {
+            await new Promise(resolve => requestAnimationFrame(() => {
+              requestAnimationFrame(resolve);
+              window.addEventListener("beforeunload", resolve);
+            }));
           }
         });
       if (exception) {

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+`
	`2`	`+Content-Security-Policy: connect-src 'none';`
	`3`	`+Content-Security-Policy-Report-Only: require-trusted-types-for 'script'`