3.5. Process value with a default policy doesn't take into account `default_policy` could be null

[tete17]

As part of the implementation of this spec in https://github.com/LadybirdBrowser/ladybird I found a potential error

The TrustedTypePolicyFactory class has an initially null value of default policy

2.3.4. Default policy defines some behavior on what to do if a default policy is not present but like the section says this section is not normative.

The problem arises in 3.5. Process value with a default policy in step 1 where it is assumed a default policy exists.

I see 2 courses here:

• We either make section 2.3.4 normative
• We take into account that default policy could be null in Process value with a default policy

[lukewarlow]

Good catch, we should update the algorithm itself to account for the case that step 1 is null. So we don't run step 2 in that case.

[lukewarlow]

I think the correct behaviour is essentially if defaultPolicy is null, return null

[tete17]

Kind of neat that I implemented in such a way :)
https://github.com/LadybirdBrowser/ladybird/pull/5828/files#diff-3ff2619afc00088dd2616c14038d79c8e62e6128a81e5a135592d39b4d38f617R201

[tete17]

Should we add a WPT test to ensure implementations follow this?

[lukewarlow]

If there's not already a test that fails with a different implementation it's definitely worth adding one