Closed Bug 1594491 Opened 3 years ago Closed 3 years ago

[wpt-sync] Sync PR 20130 - [Trusted Types] Allow duplicated policy name for "*" CSP directive.

Categories

(Core :: DOM: Security, task, P4)

task

Tracking

()

RESOLVED FIXED
mozilla72
Tracking Status
firefox72 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 20130 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/20130
Details from upstream follow.

Daniel Vogelheim <vogelheim@chromium.org> wrote:

[Trusted Types] Allow duplicated policy name for "*" CSP directive.

This adapts TT to the latest spec, which asks for duplicate policy names to
be accepted when "trusted-types *" is given.

Since this requires different error conditions for duplicate names depending
on the active policy, this CL pushes the checking into the CSP class, rather
than handling it at the calling side.

Bug: 991129
Change-Id: Ia40f84093200a1a6e0fae7b65d080c1b5ab8c2fe
Reviewed-on: https://chromium-review.googlesource.com/1890438
WPT-Export-Revision: a8bbc7322c8bceb22a4e7e0c04b0e59f8f576df2

Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Whiteboard: [wptsync downstream][domsecurity-backlog] → [wptsync downstream]
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]

GitHub CI Results

wpt.fyi PR Results Base Results

Ran 6 tests and 12 subtests

Firefox

OK : 5
FAIL : 9

Chrome

OK : 5
PASS : 7
FAIL : 2

Safari

OK : 5
FAIL : 9

Existing tests that now have a worse result

/trusted-types/TrustedTypePolicyFactory-createPolicy-nameTests.tentative.html
duplicate policy name attempt throws: Firefox: PASS->FAIL, Chrome: PASS->PASS, Safari: PASS->FAIL

/trusted-types/TrustedTypePolicy-name.tentative.html: Firefox: OK->MISSING, Chrome: OK->MISSING, Safari: OK->MISSING

Other new tests that's don't pass

/trusted-types/TrustedTypePolicyFactory-createPolicy-nameTests.tentative.html
Error messages for duplicates and unlisted policies should be different: Firefox: FAIL, Chrome: PASS, Safari: FAIL

/trusted-types/TrustedTypePolicy-getPolicyNames.tentative.html
policy.name = name: Firefox: FAIL, Chrome: PASS, Safari: FAIL
getPolicyNames returns all policy names: Firefox: FAIL, Chrome: PASS, Safari: FAIL

/trusted-types/trusted-types-duplicate-names-list-report-only.tentative.html
TrustedTypePolicyFactory and policy list in CSP.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

/trusted-types/trusted-types-duplicate-names-list.tentative.html
TrustedTypePolicyFactory and policy list in CSP.: Firefox: FAIL, Chrome: PASS, Safari: FAIL

/trusted-types/trusted-types-duplicate-names.tentative.html
policy - duplicate names: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/83f37687db83
[wpt PR 20130] - [Trusted Types] Allow duplicated policy name for "*" CSP directive., a=testonly
https://hg.mozilla.org/integration/autoland/rev/649b10569d08
[wpt PR 20130] - Update wpt metadata, a=testonly
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.