Closed
Bug 1468173
Opened 7 years ago
Closed 7 years ago
[wpt-sync] Sync PR 11457 - Completed 'unsafe-hashes' per spec
Categories
(Core :: DOM: Security, enhancement, P4)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla63
| Tracking | Status | |
|---|---|---|
| firefox63 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][domsecurity-backlog])
Sync web-platform-tests PR 11457 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/11457
Details from upstream follow.
Andy Paicu <andypaicu@chromium.org> wrote:
> Completed 'unsafe-hashes' per spec
>
> 'unsafe-hashed-attributes' renamed to 'unsafe-hashes'
> 'unsafe-hashes' matches style attributes correctly now
> 'unsafe-hashes' works for javascript: URLs
> 'unsafe-hashes' tests added and ammended
>
> spec (approved and to be submitted at the same time as this CR):
> https://github.com/w3c/webappsec-csp/pull/311
>
> Bug: 771922
> Change-Id: I018cc0f73d492cb4057ff4c41d9be4df8438036c
>
> Reviewed-on: https://chromium-review.googlesource.com/1095217
> WPT-Export-Revision: fcf4f46b43b2b5a038cc7ed9dd55c9348ff70d10
|
Assignee | |
Updated•7 years ago
|
Component: web-platform-tests → DOM: Security
Product: Testing → Core
|
|
Assignee | |
Comment 1•7 years ago
|
||
|
|
Assignee | |
Comment 2•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=370cf28dc08c4dd05735fddcddcdadc53648845c
|
|
Assignee | |
Comment 3•7 years ago
|
||
|
|
Assignee | |
Comment 4•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=931df080180efc00e56d958d3e5594ad0727232a
|
||
Updated•7 years ago
|
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
|
|
Assignee | |
Comment 5•7 years ago
|
||
|
|
Assignee | |
Comment 6•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=55c33e7519e743524829eeb7f530ab606be671c2
|
|
Assignee | |
Comment 7•7 years ago
|
||
|
|
Assignee | |
Comment 8•7 years ago
|
||
Ran 21 tests and 37 subtests
OK : 16
PASS : 5
FAIL : 18
TIMEOUT: 3
ERROR : 4
NOTRUN : 12
New tests that have failures or other problems:
/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html: ERROR
Effective policy is properly found where 'unsafe-hashes' is not subsumed.: FAIL
No other keyword has the same effect as 'unsafe-hashes'.: FAIL
Other expressions have to be subsumed.: FAIL
Required csp must allow 'unsafe-hashes'.: FAIL
/content-security-policy/unsafe-hashes/javascript_src_allowed-href.html
Test that the javascript: src is allowed to run: FAIL
/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank.html
Test that the javascript: src is allowed to run: FAIL
/content-security-policy/unsafe-hashes/javascript_src_allowed-window_location.html
Test that the javascript: src is allowed to run: FAIL
/content-security-policy/unsafe-hashes/javascript_src_allowed-window_open.html
Test that the javascript: src is allowed to run: FAIL
/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href.html
Test that the javascript: src is not allowed to run: FAIL
/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank.html
Test that the javascript: src is not allowed to run: FAIL
/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_open.html
Test that the javascript: src is not allowed to run: FAIL
/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href.html
Test that the javascript: src is not allowed to run: FAIL
/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank.html
Test that the javascript: src is not allowed to run: FAIL
/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_open.html
Test that the javascript: src is not allowed to run: FAIL
/content-security-policy/unsafe-hashes/script_event_handlers_allowed.html
Test that the inline event handler is allowed to run: FAIL
/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html
Test that the inline event handler is not allowed to run: FAIL
/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html
Test that the inline event handler is not allowed to run: FAIL
/content-security-policy/unsafe-hashes/style_attribute_allowed.html: ERROR
Test that the inline style attribute is loaded: NOTRUN
/content-security-policy/unsafe-hashes/style_attribute_denied_missing_unsafe_hashes.html: TIMEOUT
Test that the inline style attribute is blocked: NOTRUN
/content-security-policy/unsafe-hashes/style_attribute_denied_wrong_hash.html
Test that the inline style attribute is blocked: FAIL
|
|
Assignee | |
Comment 9•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=38aa3971488ac80e0a0ed8e5bc4df8ab0b7803c1
|
||
Comment 10•7 years ago
|
||
Pushed by james@hoppipolla.co.uk:
https://hg.mozilla.org/integration/mozilla-inbound/rev/08ae28934584
[wpt PR 11457] - Completed 'unsafe-hashes' per spec, a=testonly
https://hg.mozilla.org/integration/mozilla-inbound/rev/948f128a6992
[wpt PR 11457] - Update wpt metadata, a=testonly
|
||
Comment 11•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/08ae28934584
https://hg.mozilla.org/mozilla-central/rev/948f128a6992
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in
before you can comment on or make changes to this bug.
Description
•