Check if url functions are supported in attr() security tests

Blink, as well as Gecko and Webkit do not support src() function [0]
and image() function [1]. Hypothetical string() function is not
supported as well. This causes some of the attr() security tests to
incorrectly fail. If function is not supported this should not be a
violation to the security, so we can just skip these tests.

This Cl also restructures test a bit, use consts instead of long urls.

[0] https://drafts.csswg.org/css-values-4/#urls
[1] https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Values/image/image

Fixed: 489670248
Change-Id: I7fe76e02135d983c4f2f801d63a28eee7cb992d2

Author: tursunova

css/css-values/attr-security.html

@@ -37,11 +37,17 @@
     function test_attr(property, attrString, attrValue, expectedValue) {
         var elem = document.getElementById("attr");
         elem.setAttribute("data-foo", attrValue);
-        elem.style.setProperty(property, attrString);
+
+        elem.style.setProperty("--unregistered", attrString);
+        let value = window.getComputedStyle(elem).getPropertyValue("--unregistered");
 
         test(() => {
+          // Skip tests that include unsupported functions, since they are not violation of attr() security.
+          if (value == "" || CSS.supports(`${property} : ${value}`)) {
+            elem.style.setProperty(property, attrString);
             assert_equals(window.getComputedStyle(elem).getPropertyValue(property),
                           expectedValue);
+          }
         }, `'${property}: ${attrString}' with data-foo="${attrValue}"`);
 
         elem.style.setProperty(property, null);