[wpt-sync] Sync PR 21853 - nonce attribute: no longer tentative
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox75 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][domsecurity-backlog])
Sync web-platform-tests PR 21853 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/21853
Details from upstream follow.
Anne van Kesteren <annevk@annevk.nl> wrote:
nonce attribute: no longer tentative
For https://github.com/whatwg/html/pull/5300.
Supersedes #5423.
|
Assignee | |
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 1•5 years ago
|
||
|
|
Assignee | |
Comment 2•5 years ago
|
||
CI Results
Ran 13 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 49 tests
Status Summary
Firefox
OK : 5
PASS : 11[GitHub] 55[Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-linux1804-64-asan-opt, Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt]
FAIL : 42
Chrome
OK : 5
PASS : 47
FAIL : 6
Safari
OK : 3
PASS : 12
FAIL : 23
ERROR: 2
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
Firefox-only Failures
/content-security-policy/nonce-hiding/script-nonces-hidden.html
Writing 'nonce' content attribute.: FAIL
/content-security-policy/nonce-hiding/nonces.html
Ensure that removal of content attribute does not affect IDL attribute for script in HTML namespace: FAIL
/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub.html
Cloned node retains nonce.: FAIL
Writing 'nonce' content attribute.: FAIL
Cloned node retains nonce when inserted.: FAIL
Reading 'nonce' content attribute and IDL attribute.: FAIL
Document-written script's nonce value.: FAIL
setAttribute('nonce') overwrites '.nonce' upon insertion.: FAIL
createElement.setAttribute.: FAIL
New Tests That Don't Pass
/content-security-policy/nonce-hiding/script-nonces-hidden.html
Cloned node retains nonce.: FAIL (Chrome: PASS, Safari: FAIL)
createElement.nonce.: FAIL (Chrome: PASS, Safari: FAIL)
Writing 'nonce' content attribute.: FAIL (Chrome: PASS, Safari: PASS)
Cloned node retains nonce when inserted.: FAIL (Chrome: PASS, Safari: FAIL)
Reading 'nonce' content attribute and IDL attribute.: FAIL (Chrome: PASS, Safari: FAIL)
Document-written script's nonce value.: FAIL (Chrome: PASS, Safari: FAIL)
setAttribute('nonce') overwrites '.nonce' upon insertion.: FAIL (Chrome: PASS, Safari: FAIL)
Custom elements expose the correct events.: FAIL (Chrome: PASS, Safari: FAIL)
Nonces don't leak via CSS side-channels.: FAIL (Chrome: PASS, Safari: FAIL)
createElement.setAttribute.: FAIL (Chrome: PASS, Safari: FAIL)
/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub.html
Cloned node retains nonce.: FAIL (Chrome: PASS)
Writing 'nonce' content attribute.: FAIL (Chrome: PASS)
Cloned node retains nonce when inserted.: FAIL (Chrome: PASS)
Reading 'nonce' content attribute and IDL attribute.: FAIL (Chrome: PASS)
Document-written script's nonce value.: FAIL (Chrome: PASS)
createElement.setAttribute.: FAIL (Chrome: PASS)
/content-security-policy/nonce-hiding/nonces.html
Ensure that removal of content attribute does not affect IDL attribute for meh in HTML namespace: FAIL (Chrome: PASS, Safari: FAIL)
Ensure that removal of content attribute does not affect IDL attribute for div in HTML namespace: FAIL (Chrome: PASS, Safari: FAIL)
Ensure that removal of content attribute does not affect IDL attribute for meh in SVG namespace: FAIL (Chrome: FAIL, Safari: FAIL)
Ensure that removal of content attribute does not affect IDL attribute for script in SVG namespace: FAIL (Chrome: FAIL, Safari: FAIL)
Basic nonce tests for script in HTML namespace: FAIL (Chrome: PASS, Safari: FAIL)
Basic nonce tests for script in SVG namespace: FAIL (Chrome: FAIL, Safari: FAIL)
Ensure that removal of content attribute does not affect IDL attribute for script in HTML namespace: FAIL (Chrome: PASS, Safari: PASS)
Basic nonce tests for div in HTML namespace: FAIL (Chrome: PASS, Safari: FAIL)
Basic nonce tests for svg in SVG namespace: FAIL (Chrome: FAIL, Safari: FAIL)
Basic nonce tests for meh in HTML namespace: FAIL (Chrome: PASS, Safari: FAIL)
Basic nonce tests for meh in SVG namespace: FAIL (Chrome: FAIL, Safari: FAIL)
Ensure that removal of content attribute does not affect IDL attribute for svg in SVG namespace: FAIL (Chrome: FAIL, Safari: FAIL)
/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub.html
Cloned node retains nonce.: FAIL (Chrome: PASS, Safari: PASS)
createElement.nonce.: FAIL (Chrome: PASS, Safari: FAIL)
Writing 'nonce' content attribute.: FAIL (Chrome: PASS, Safari: PASS)
Cloned node retains nonce when inserted.: FAIL (Chrome: PASS, Safari: PASS)
Reading 'nonce' content attribute and IDL attribute.: FAIL (Chrome: PASS, Safari: PASS)
Document-written script's nonce value.: FAIL (Chrome: PASS, Safari: PASS)
setAttribute('nonce') overwrites '.nonce' upon insertion.: FAIL (Chrome: PASS, Safari: PASS)
createElement.setAttribute.: FAIL (Chrome: PASS, Safari: PASS)
/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html
Cloned node retains nonce.: FAIL (Chrome: PASS)
Writing 'nonce' content attribute.: FAIL (Chrome: PASS)
Cloned node retains nonce when inserted.: FAIL (Chrome: PASS)
Reading 'nonce' content attribute and IDL attribute.: FAIL (Chrome: PASS)
Document-written script's nonce value.: FAIL (Chrome: PASS)
createElement.setAttribute.: FAIL (Chrome: PASS)
|
|
||
Updated•5 years ago
|
|
||
Comment 4•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/f6e9e0c531a6
https://hg.mozilla.org/mozilla-central/rev/e0841029f28d
Description
•