[wpt-sync] Sync PR 20228 - [Trusted Types] Cover attribute node manipulation with Trusted Types checks.
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox72 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][domsecurity-backlog])
Sync web-platform-tests PR 20228 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/20228
Details from upstream follow.
Daniel Vogelheim <vogelheim@chromium.org> wrote:
[Trusted Types] Cover attribute node manipulation with Trusted Types checks.
Element::setAttribute will perform trusted types checks, which (currently)
can be circumvented by obtaining the DOM's attribute node and setting the
value directly. This fixes this bypass, by performing identical checks when
the attribute node values are set, and/or the attribute node is attached to
an element.Bug: 1008012
Bug: https://github.com/w3c/webappsec-trusted-types/issues/47
Change-Id: I1d8ead85b3fa11821c329e1f4af60c1e85ea8298
Reviewed-on: https://chromium-review.googlesource.com/1911215
WPT-Export-Revision: 67d69bd8827815929e834fbe24d85a38fbd7f837
Assignee | ||
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=4f8acc9e42d5d07d1e8057e43ebb0331156a979e
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5765ef6d9f1a [wpt PR 20228] - [Trusted Types] Cover attribute node manipulation with Trusted Types checks., a=testonly https://hg.mozilla.org/integration/autoland/rev/8018f71ccdc6 [wpt PR 20228] - Update wpt metadata, a=testonly
Assignee | ||
Comment 3•5 years ago
|
||
Test result changes from PR not available.
Comment 4•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/5765ef6d9f1a
https://hg.mozilla.org/mozilla-central/rev/8018f71ccdc6
Description
•