1596058 - [wpt-sync] Sync PR 20228 - [Trusted Types] Cover attribute node manipulation with Trusted Types checks.

Status: RESOLVED FIXED

(Core :: DOM: Security, task, P4)

Description

[Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)]

Sync web-platform-tests PR 20228 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/20228
Details from upstream follow.

Daniel Vogelheim <vogelheim@chromium.org> wrote:

[Trusted Types] Cover attribute node manipulation with Trusted Types checks.

Element::setAttribute will perform trusted types checks, which (currently)
can be circumvented by obtaining the DOM's attribute node and setting the
value directly. This fixes this bypass, by performing identical checks when
the attribute node values are set, and/or the attribute node is attached to
an element.

Bug: 1008012
Bug: https://github.com/w3c/webappsec-trusted-types/issues/47
Change-Id: I1d8ead85b3fa11821c329e1f4af60c1e85ea8298
Reviewed-on: https://chromium-review.googlesource.com/1911215
WPT-Export-Revision: 67d69bd8827815929e834fbe24d85a38fbd7f837

Comment 1

[Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)]

Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=4f8acc9e42d5d07d1e8057e43ebb0331156a979e

Comment 2

[Pulsebot]

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5765ef6d9f1a
[wpt PR 20228] - [Trusted Types] Cover attribute node manipulation with Trusted Types checks., a=testonly
https://hg.mozilla.org/integration/autoland/rev/8018f71ccdc6
[wpt PR 20228] - Update wpt metadata, a=testonly

Comment 3

[Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)]

Test result changes from PR not available.

Comment 4

[Andrei Ciure[:aciure]]

https://hg.mozilla.org/mozilla-central/rev/5765ef6d9f1a
https://hg.mozilla.org/mozilla-central/rev/8018f71ccdc6