Closed Bug 1518578 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 14753 - Require TrustedScript in el.setAttribute('on*')

Categories

(Core :: DOM: Security, enhancement, P4)

enhancement

Tracking

()

RESOLVED FIXED
mozilla67
Tracking Status
firefox67 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 14753 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/14753
Details from upstream follow.

Jakub Vrana <jakubvrana@google.com> wrote:

Require TrustedScript in el.setAttribute('on*')

Bug: 919107, 739170
Change-Id: Ie357fa1d13175e313605415b00fd3529247d84d0
Reviewed-on: https://chromium-review.googlesource.com/1400821
WPT-Export-Revision: 9342eb2cdac5d256ed823abb9b8102a6eaa8991c

Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
PR 14753 applied with additional changes from upstream: a377796dc7d860651f48c5dada67260a1e3a4132, 1633e46ce38d4bbf708210ecfd3da72a7480ddfa, 71de26fbac71be5dabdbd8bcabafb685eb076616, c8c1c542f709bf86eac789b5958626f9b032b63b, d6f1f047187fb302f691ff53d61ae18d741c894b
Whiteboard: [wptsync downstream][domsecurity-backlog] → [wptsync downstream error][domsecurity-backlog]
Whiteboard: [wptsync downstream error][domsecurity-backlog] → [wptsync downstream][domsecurity-backlog]
Ran 42 tests and 197 subtests
OK     : 36
PASS   : 11
FAIL   : 186
ERROR  : 6

New tests that have failures or other problems:
/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.html
    block-string-assignment-to-Element-setAttribute: FAIL
/trusted-types/block-string-assignment-to-HTMLElement-generic.tentative.html
    button.formAction accepts only TrustedURL: FAIL
    form.action accepts only TrustedURL: FAIL
    input.formAction accepts only TrustedURL: FAIL
    object.codeBase accepts only TrustedScriptURL: FAIL
    object.data accepts only TrustedScriptURL: FAIL
Pushed by james@hoppipolla.co.uk:
https://hg.mozilla.org/integration/mozilla-inbound/rev/642d7c83a749
[wpt PR 14753] - Require TrustedScript in el.setAttribute('on*'), a=testonly
Pushed by james@hoppipolla.co.uk:
https://hg.mozilla.org/integration/mozilla-inbound/rev/4aae84fccf6e
[wpt PR 14753] - Require TrustedScript in el.setAttribute('on*'), a=testonly
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
You need to log in before you can comment on or make changes to this bug.