Closed Bug 1620783 Opened 4 years ago Closed 4 years ago

[wpt-sync] Sync PR 22131 - TrustedTypes: Lock the API to secure contexts.

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla76

Tracking Flags:

Tracking

Status

firefox76

---

fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Description

•

4 years ago

Sync web-platform-tests PR 22131 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/22131
Details from upstream follow.

Mike West <mkwst@chromium.org> wrote:

TrustedTypes: Lock the API to secure contexts.

This addresses only the IDL changes. We'll need to decide how the CSP
integration ought to work (e.g. whether require-sri-for has any
impact on non-secure pages) in the next CL.

Bug: 1059554
Change-Id: Ie67a3cc1dbaac1e52e2d63bed45b43eb2ffa020b

Reviewed-on: https://chromium-review.googlesource.com/2093214
WPT-Export-Revision: 964bfcd1b0fef76ef15c936efe84447f6c6d9c29

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

4 years ago

Component: web-platform-tests → DOM: Security

Product: Testing → Core

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Comment 1

•

4 years ago

Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=51c67a9b34b339029ecfa4f343a2262c3a8c479d

Christoph Kerschbaumer [:ckerschb]

Updated

•

4 years ago

Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Comment 2

•

4 years ago

CI Results

Ran 7 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 108 tests and 1 subtests

Status Summary

Firefox

OK : 35
PASS : 22[GitHub] 68[Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-linux1804-64-asan-opt, Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt]
FAIL : 215[GitHub] 216[Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-linux1804-64-asan-opt, Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt]
TIMEOUT: 8
ERROR : 25
NOTRUN : 6

Chrome

OK : 61
PASS : 1222
FAIL : 21
ERROR : 1

Safari

OK : 35
PASS : 23
FAIL : 214
TIMEOUT: 8
ERROR : 25
NOTRUN : 6

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

Firefox-only Failures

/trusted-types/block-string-assignment-to-Element-insertAdjacentHTML.tentative.https.html
insertAdjacentHTML(null) assigned via default policy does not throw.: FAIL

New Tests That Don't Pass

/trusted-types/Element-insertAdjacentText.tentative.https.html
insertAdjacentHTML with html assigned via policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/require-trusted-types-for-report-only.tentative.https.html: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
Require trusted types for 'script' block create script.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Set require trusted types for 'script' without CSP for trusted types don't block policy creation and using.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Require trusted types for 'script' block create HTML.: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
Require trusted types for 'script' block create script URL.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
/trusted-types/TrustedTypePolicy-createXXX.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
calling undefined callbacks throws: FAIL (Chrome: PASS, Safari: FAIL)
trustedTypes.createPolicy(.., null) creates empty policy.: FAIL (Chrome: PASS, Safari: FAIL)
Attributes without type constraints will work as before.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/idlharness.tentative.https.window.html
TrustedTypePolicyFactory interface: operation createPolicy(DOMString, TrustedTypePolicyOptions): FAIL (Chrome: FAIL, Safari: FAIL)
TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must have own property "createScript": FAIL
TrustedTypePolicyFactory interface: existence and properties of interface prototype object's @@unscopables property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScript interface: existence and properties of interface prototype object's "constructor" property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedHTML must be primary interface of window.trustedTypes.createPolicy("SomeName1", { createHTML: s => s }).createHTML("A string"): FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory interface: window.trustedTypes must have own property "createPolicy": FAIL
TrustedScript interface: stringifier: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory interface object name: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: calling createHTML(DOMString) on window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) with too few arguments must throw TypeError: FAIL (Chrome: FAIL, Safari: FAIL)
TrustedTypePolicy interface: existence and properties of interface object: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScript interface object name: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory interface object length: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScript interface: existence and properties of interface prototype object's @@unscopables property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedHTML interface: existence and properties of interface object: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy must be primary interface of window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }): FAIL (Chrome: PASS, Safari: FAIL)
TrustedScriptURL must be primary interface of window.trustedTypes.createPolicy("SomeName3", { createScriptURL: s => s }).createScriptURL("A string"): FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: operation createScriptURL(DOMString): FAIL (Chrome: FAIL, Safari: FAIL)
TrustedTypePolicy interface: calling createScript(DOMString) on window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) with too few arguments must throw TypeError: FAIL (Chrome: FAIL, Safari: FAIL)
Stringification of window.trustedTypes.createPolicy("SomeName3", { createScriptURL: s => s }).createScriptURL("A string"): FAIL (Chrome: PASS, Safari: FAIL)
TrustedScriptURL interface object name: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScriptURL interface: stringifier: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must inherit property "createScript(DOMString)" with the proper type: FAIL (Chrome: FAIL, Safari: FAIL)
TrustedHTML interface: existence and properties of interface prototype object's "constructor" property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedHTML interface: stringifier: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScriptURL interface: existence and properties of interface prototype object's @@unscopables property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScriptURL interface: existence and properties of interface object: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must inherit property "createHTML(DOMString)" with the proper type: FAIL (Chrome: FAIL, Safari: FAIL)
TrustedScript interface object length: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: existence and properties of interface prototype object: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "createPolicy(DOMString, TrustedTypePolicyOptions)" with the proper type: FAIL (Chrome: FAIL, Safari: FAIL)
Stringification of window.trustedTypes: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScriptURL interface object length: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory must be primary interface of window.trustedTypes: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScriptURL interface: existence and properties of interface prototype object's "constructor" property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory interface: existence and properties of interface prototype object's "constructor" property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedHTML interface object length: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must inherit property "createScriptURL(DOMString)" with the proper type: FAIL (Chrome: FAIL, Safari: FAIL)
TrustedTypePolicyFactory interface: existence and properties of interface prototype object: FAIL (Chrome: PASS, Safari: FAIL)
TrustedHTML interface: existence and properties of interface prototype object's @@unscopables property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface object name: FAIL (Chrome: PASS, Safari: FAIL)
TrustedHTML interface object name: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory interface: calling createPolicy(DOMString, TrustedTypePolicyOptions) on window.trustedTypes with too few arguments must throw TypeError: FAIL (Chrome: FAIL, Safari: FAIL)
Stringification of window.trustedTypes.createPolicy("SomeName1", { createHTML: s => s }).createHTML("A string"): FAIL (Chrome: PASS, Safari: FAIL)
Stringification of window.trustedTypes.createPolicy("SomeName2", { createScript: s => s }).createScript("A string"): FAIL (Chrome: PASS, Safari: FAIL)
TrustedHTML interface: existence and properties of interface prototype object: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScriptURL interface: existence and properties of interface prototype object: FAIL (Chrome: PASS, Safari: FAIL)
TrustedScript must be primary interface of window.trustedTypes.createPolicy("SomeName2", { createScript: s => s }).createScript("A string"): FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface object length: FAIL (Chrome: PASS, Safari: FAIL)
Stringification of window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }): FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: existence and properties of interface prototype object's "constructor" property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: operation createHTML(DOMString): FAIL (Chrome: FAIL, Safari: FAIL)
TrustedTypePolicy interface: existence and properties of interface prototype object's @@unscopables property: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must have own property "createScriptURL": FAIL
TrustedTypePolicy interface: operation createScript(DOMString): FAIL (Chrome: FAIL, Safari: FAIL)
TrustedScript interface: existence and properties of interface object: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must have own property "name": FAIL
TrustedScript interface: existence and properties of interface prototype object: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must inherit property "name" with the proper type: FAIL (Chrome: FAIL, Safari: FAIL)
TrustedTypePolicy interface: calling createScriptURL(DOMString) on window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) with too few arguments must throw TypeError: FAIL (Chrome: FAIL, Safari: FAIL)
TrustedTypePolicy interface: attribute name: FAIL (Chrome: FAIL, Safari: FAIL)
TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must have own property "createHTML": FAIL
TrustedTypePolicyFactory interface: existence and properties of interface object: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/empty-default-policy.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
Count SecurityPolicyViolation events.: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
/trusted-types/eval-no-csp-no-tt.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-wildcard.tentative.https.html
Wildcard given - policy creation works: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/Range-createContextualFragment.tentative.https.html
range.createContextualFragment assigned via policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/block-string-assignment-to-Element-outerHTML.tentative.https.html
outerHTML = string throws.: FAIL (Chrome: PASS, Safari: FAIL)
outerHTML = null assigned via default policy does not throw: FAIL (Chrome: FAIL, Safari: FAIL)
outerHTML = null throws.: FAIL (Chrome: PASS, Safari: FAIL)
outerHTML = string assigned via default policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
outerHTML with html assigned via policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/TrustedTypePolicyFactory-defaultPolicy.tentative.https.html
defaultPolicy is a read-only property: FAIL (Chrome: PASS, Safari: FAIL)
defaultPolicy returns the correct default policy: FAIL (Chrome: PASS, Safari: FAIL)
defaultPolicy with no default created is not an error: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/TrustedTypePolicy-CSP-wildcard.tentative.https.html
CSP supports wildcards.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/Window-TrustedTypes.tentative.https.html
factory = window.trustedTypes: FAIL (Chrome: PASS, Safari: FAIL)
factory construction fails: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/DOMParser-parseFromString.tentative.https.html
document.innerText assigned via policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/block-string-assignment-to-DOMParser-parseFromString.tentative.https.html
'document.innerText = string' assigned via default policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
document.innerText = string throws.: FAIL (Chrome: PASS, Safari: FAIL)
'document.innerText = null' throws: FAIL (Chrome: PASS, Safari: FAIL)
document.innerText assigned via policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/block-Node-multiple-arguments.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/Node-multiple-arguments.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/TrustedTypePolicyFactory-metadata.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/trusted-types-duplicate-names-list-report-only.tentative.https.html
TrustedTypePolicyFactory and policy list in CSP.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/block-string-assignment-to-HTMLElement-generic.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
embed.src accepts only TrustedScriptURL: FAIL (Chrome: PASS, Safari: FAIL)
object.codeBase accepts only TrustedScriptURL: FAIL (Chrome: PASS, Safari: FAIL)
script.src accepts only TrustedScriptURL: FAIL (Chrome: PASS, Safari: FAIL)
iframe.srcdoc accepts only TrustedHTML: FAIL (Chrome: PASS, Safari: FAIL)
object.data accepts only TrustedScriptURL: FAIL (Chrome: PASS, Safari: FAIL)
div.innerHTML accepts only TrustedHTML: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/default-policy-report-only.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
Count SecurityPolicyViolation events.: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
/trusted-types/HTMLElement-generic.tentative.https.html
div.innerHTML assigned via policy (successful HTML transformation): FAIL (Chrome: PASS, Safari: FAIL)
script.text assigned via policy (successful Script transformation): FAIL (Chrome: PASS, Safari: FAIL)
script.innerText assigned via policy (successful Script transformation): FAIL (Chrome: PASS, Safari: FAIL)
script.src assigned via policy (successful ScriptURL transformation): FAIL (Chrome: PASS, Safari: FAIL)
embed.src assigned via policy (successful ScriptURL transformation): FAIL (Chrome: PASS, Safari: FAIL)
script.textContent assigned via policy (successful Script transformation): FAIL (Chrome: PASS, Safari: FAIL)
iframe.srcdoc assigned via policy (successful HTML transformation): FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/trusted-types-createHTMLDocument.tentative.https.html
Trusted Type assignment is blocked. (DOMParser): FAIL (Chrome: PASS, Safari: FAIL)
Default policy applies. (XHR): FAIL (Chrome: PASS, Safari: FAIL)
Trusted Type assignment is blocked. (createHTMLDocument): FAIL (Chrome: PASS, Safari: FAIL)
Trusted Type instances created in the main doc can be used. (XHR): FAIL (Chrome: PASS, Safari: FAIL)
Default policy applies. (document): FAIL (Chrome: PASS, Safari: FAIL)
Install default policy.: FAIL (Chrome: PASS, Safari: FAIL)
Trusted Type instances created in the main doc can be used. (document): FAIL (Chrome: PASS, Safari: FAIL)
Trusted Type assignment is blocked. (XHR): FAIL (Chrome: PASS, Safari: FAIL)
Trusted Type assignment is blocked. (document): FAIL (Chrome: PASS, Safari: FAIL)
Default policy applies. (DOMParser): FAIL (Chrome: PASS, Safari: FAIL)
Trusted Type instances created in the main doc can be used. (DOMParser): FAIL (Chrome: PASS, Safari: FAIL)
Default policy applies. (createHTMLDocument): FAIL (Chrome: PASS, Safari: FAIL)
Trusted Type instances created in the main doc can be used. (createHTMLDocument): FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/GlobalEventHandlers-onclick.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/block-string-assignment-to-Element-setAttributeNS.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
Element.setAttributeNS assigned via policy (successful HTML transformation): FAIL (Chrome: PASS, Safari: FAIL)
Element.setAttributeNS assigned via policy (successful ScriptURL transformation): FAIL (Chrome: PASS, Safari: FAIL)
Element.setAttributeNS assigned via policy (successful Script transformation): FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/TrustedType-AttributeNodes.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/default-policy.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
script.text no default policy: FAIL (Chrome: PASS, Safari: FAIL)
div.innerHTML no default policy: FAIL (Chrome: PASS, Safari: FAIL)
script.src no default policy: FAIL (Chrome: PASS, Safari: FAIL)
Count SecurityPolicyViolation events.: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
/trusted-types/empty-default-policy-report-only.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
Count SecurityPolicyViolation events.: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
/trusted-types/csp-block-eval.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/TrustedTypePolicyFactory-constants.tentative.https.html
trustedTypes.emptyHTML cannot be redefined via defineProperty.: FAIL (Chrome: PASS, Safari: FAIL)
trustedTypes.emptyHTML returns the intended value.: FAIL (Chrome: PASS, Safari: FAIL)
trustedTypes.emptyScript cannot be redefined.: FAIL (Chrome: PASS, Safari: FAIL)
trustedTypes.emptyHTML cannot be redefined.: FAIL (Chrome: PASS, Safari: FAIL)
trustedTypes.emptyScript cannot be redefined via defineProperty.: FAIL (Chrome: PASS, Safari: FAIL)
trustedTypes.emptyScript returns the intended value.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests.tentative.https.html
Allowed-name policy creation works.: FAIL (Chrome: PASS, Safari: FAIL)
Another allowed-name policy creation works.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/Element-setAttribute.tentative.https.html
script.src assigned via policy (successful script transformation): FAIL (Chrome: PASS, Safari: FAIL)
script.src assigned via policy (successful ScriptURL transformation): FAIL (Chrome: PASS, Safari: FAIL)
embed.src assigned via policy (successful ScriptURL transformation): FAIL (Chrome: PASS, Safari: FAIL)
iframe.srcdoc assigned via policy (successful HTML transformation): FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/Element-insertAdjacentHTML.tentative.https.html
insertAdjacentHTML with html assigned via policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/block-string-assignment-to-Element-setAttribute.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/eval-csp-no-tt.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/eval-csp-tt-no-default-policy.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/tt-block-eval.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/block-text-node-insertion-into-script-element.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/trusted-types-navigation.tentative.https.html: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
Navigate a window with javascript:-urls w/ default policy in enforcing mode.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Navigate a window with javascript:-urls in report-only mode.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Navigate a window with javascript:-urls in enforcing mode.: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
Navigate a window with javascript:-urls w/ default policy in report-only mode.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
/trusted-types/Document-write.tentative.https.html
document.write with html assigned via policy (successful transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/block-string-assignment-to-Element-insertAdjacentHTML.tentative.https.html
insertAdjacentHTML with html assigned via policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
insertAdjacentHTML(string) throws.: FAIL (Chrome: PASS, Safari: FAIL)
insertAdjacentHTML(null) assigned via default policy does not throw.: FAIL (Chrome: PASS, Safari: PASS)
insertAdjacentHTML(string) assigned via default policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
insertAdjacentHTML(null) throws.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/DOMWindowTimers-setTimeout-setInterval.tentative.https.html
window.setInterval assigned via policy (successful Script transformation).: FAIL (Chrome: PASS, Safari: FAIL)
window.setTimeout assigned via policy (successful Script transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/trusted-types-duplicate-names-list.tentative.https.html
TrustedTypePolicyFactory and policy list in CSP.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/Element-outerHTML.tentative.https.html
outerHTML with html assigned via policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/TrustedTypePolicyFactory-isXXX.tentative.https.html
TrustedTypePolicyFactory.isXXX should accept anything without throwing.: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory.isScriptURL cannot be redefined.: FAIL
TrustedTypePolicyFactory.isScriptURL requires the object to be created via policy.: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory.isScript requires the object to be created via policy.: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory.isScript cannot be redefined via definePropert.: FAIL
TrustedTypePolicyFactory.isScriptURL cannot be redefined via definePropert.: FAIL
TrustedTypePolicyFactory.IsHTML cannot be redefined via defineProperty.: FAIL
TrustedTypePolicyFactory.IsHTML cannot be redefined.: FAIL
TrustedTypePolicyFactory.isHTML requires the object to be created via policy.: FAIL (Chrome: PASS, Safari: FAIL)
TrustedTypePolicyFactory.isScript cannot be redefined.: FAIL
/trusted-types/eval-with-permissive-csp.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/TrustedTypePolicyFactory-getPropertyType.tentative.https.html
object.CODEBASE is maybe defined: FAIL (Chrome: PASS, Safari: FAIL)
OBJECT.codebase is maybe defined: FAIL (Chrome: PASS, Safari: FAIL)
OBJECT[codeBase] is defined: FAIL (Chrome: PASS, Safari: FAIL)
oBjEcT[codebase] is defined: FAIL (Chrome: PASS, Safari: FAIL)
getTypeMapping tests adapted from WICG/trusted-types polyfill: FAIL (Chrome: PASS, Safari: FAIL)
oBjEcT.codebase is maybe defined: FAIL (Chrome: PASS, Safari: FAIL)
OBJECT[codebase] is defined: FAIL (Chrome: PASS, Safari: FAIL)
object[CODEBASE] is defined: FAIL (Chrome: PASS, Safari: FAIL)
oBjEcT.CODEBASE is maybe defined: FAIL (Chrome: PASS, Safari: FAIL)
sanity check trustedTypes.getAttributeType.: FAIL (Chrome: PASS, Safari: FAIL)
oBjEcT.codeBase is maybe defined: FAIL (Chrome: PASS, Safari: FAIL)
OBJECT[CODEBASE] is defined: FAIL (Chrome: PASS, Safari: FAIL)
object[codebase] is defined: FAIL (Chrome: PASS, Safari: FAIL)
getPropertyType tests adapted from WICG/trusted-types polyfill: FAIL (Chrome: PASS, Safari: FAIL)
OBJECT.CODEBASE is maybe defined: FAIL (Chrome: PASS, Safari: FAIL)
OBJECT.codeBase is maybe defined: FAIL (Chrome: PASS, Safari: FAIL)
getAttributeType tests adapted from WICG/trusted-types polyfill: FAIL (Chrome: PASS, Safari: FAIL)
oBjEcT[CODEBASE] is defined: FAIL (Chrome: PASS, Safari: FAIL)
object.codebase is maybe defined: FAIL (Chrome: PASS, Safari: FAIL)
object[codeBase] is defined: FAIL (Chrome: PASS, Safari: FAIL)
object.codeBase is maybe defined: FAIL (Chrome: PASS, Safari: FAIL)
sanity check trustedTypes.getTypeMapping: FAIL (Chrome: PASS, Safari: FAIL)
oBjEcT[codeBase] is defined: FAIL (Chrome: PASS, Safari: FAIL)
sanity check trustedTypes.getPropertyType for the HTML script element.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/TrustedTypePolicyFactory-createPolicy-createXYZTests.tentative.https.html
script = identity function: FAIL (Chrome: PASS, Safari: FAIL)
script_url - calling undefined callback throws: FAIL (Chrome: PASS, Safari: FAIL)
html = callback that throws: FAIL (Chrome: PASS, Safari: FAIL)
script_url = identity function: FAIL (Chrome: PASS, Safari: FAIL)
script = identity function, global string changed: FAIL (Chrome: PASS, Safari: FAIL)
createScript defined - calling undefined callbacks throws: FAIL (Chrome: PASS, Safari: FAIL)
script = this without bind: FAIL (Chrome: PASS, Safari: FAIL)
html = this bound to an object: FAIL (Chrome: PASS, Safari: FAIL)
script_url = identity function, global string changed: FAIL (Chrome: PASS, Safari: FAIL)
script_url = this bound to an object: FAIL (Chrome: PASS, Safari: FAIL)
createScriptURL defined - calling undefined callbacks throws: FAIL (Chrome: PASS, Safari: FAIL)
Arbitrary number of arguments: FAIL (Chrome: PASS, Safari: FAIL)
html = identity function, global string changed: FAIL (Chrome: PASS, Safari: FAIL)
script - calling undefined callback throws: FAIL (Chrome: PASS, Safari: FAIL)
createHTML defined - calling undefined callbacks throws: FAIL (Chrome: PASS, Safari: FAIL)
html = string + global string: FAIL (Chrome: PASS, Safari: FAIL)
script = this bound to an object: FAIL (Chrome: PASS, Safari: FAIL)
html = identity function: FAIL (Chrome: PASS, Safari: FAIL)
script = callback that throws: FAIL (Chrome: PASS, Safari: FAIL)
script_url = this without bind: FAIL (Chrome: PASS, Safari: FAIL)
script_url = callback that throws: FAIL (Chrome: PASS, Safari: FAIL)
html = this without bind: FAIL (Chrome: PASS, Safari: FAIL)
script_url = string + global string: FAIL (Chrome: PASS, Safari: FAIL)
script = null: FAIL (Chrome: PASS, Safari: FAIL)
script_url = null: FAIL (Chrome: PASS, Safari: FAIL)
html = null: FAIL (Chrome: PASS, Safari: FAIL)
script = string + global string: FAIL (Chrome: PASS, Safari: FAIL)
html - calling undefined callback throws: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.tentative.https.html
setTimeout(string), setInterval(string) via default policy (successful Script transformation).: FAIL (Chrome: PASS, Safari: FAIL)
window.setTimeout(string) throws.: FAIL (Chrome: PASS, Safari: FAIL)
window.setInterval assigned via policy (successful Script transformation).: FAIL (Chrome: PASS, Safari: FAIL)
window.setTimeout(null) throws.: FAIL (Chrome: PASS, Safari: FAIL)
window.setInterval(null) throws.: FAIL (Chrome: PASS, Safari: FAIL)
window.setInterval(string) throws.: FAIL (Chrome: PASS, Safari: FAIL)
window.setTimeout assigned via policy (successful Script transformation).: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/no-require-trusted-types-for.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/eval-no-csp-no-tt-default-policy.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/TrustedTypePolicyFactory-createPolicy-nameTests.tentative.https.html
policy.name = name: FAIL (Chrome: PASS, Safari: FAIL)
Error messages for duplicates and unlisted policies should be different: FAIL (Chrome: PASS, Safari: FAIL)
duplicate policy name attempt throws: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/block-string-assignment-to-Document-write.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/TrustedTypePolicyFactory-createPolicy-unenforced.tentative.https.html
Duplicate policy names should be tolerated (unless in enforcing mode): FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/trusted-types-duplicate-names.tentative.https.html
policy - duplicate names: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/eval-csp-tt-default-policy.tentative.https.html: ERROR (Chrome: OK, Safari: ERROR)
/trusted-types/block-string-assignment-to-Range-createContextualFragment.tentative.https.html
range.createContextualFragment assigned via policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
range.createContextualFragment(string) assigned via default policy (successful HTML transformation).: FAIL (Chrome: PASS, Safari: FAIL)
range.createContextualFragment(null) throws.: FAIL (Chrome: PASS, Safari: FAIL)
range.createContextualFragment(string) throws.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/require-trusted-types-for.tentative.https.html
Require trusted types for 'script' block create script.: FAIL (Chrome: PASS, Safari: FAIL)
Set require trusted types for 'script' without CSP for trusted types don't block policy creation and using.: FAIL (Chrome: PASS, Safari: FAIL)
Require trusted types for 'script' block create HTML.: FAIL (Chrome: PASS, Safari: FAIL)
Require trusted types for 'script' block create script URL.: FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/Element-setAttributeNS.tentative.https.html
Element.setAttributeNS assigned via policy (successful ScriptURL transformation): FAIL (Chrome: PASS, Safari: FAIL)
Element.setAttributeNS assigned via policy (successful HTML transformation): FAIL (Chrome: PASS, Safari: FAIL)
Element.setAttributeNS assigned via policy (successful Script transformation): FAIL (Chrome: PASS, Safari: FAIL)
/trusted-types/HTMLScriptElement-internal-slot.tentative.https.html
Test TT application when manipulating <script> elements during loading.: FAIL (Chrome: PASS, Safari: FAIL)

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

4 years ago

Depends on: 1621145

Pulsebot

Comment 3

•

4 years ago

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2e776909647f
[wpt PR 22131] - [TrustedTypes] Lock the API to secure contexts., a=testonly
https://hg.mozilla.org/integration/autoland/rev/8e5be80da9c3
[wpt PR 22131] - Update wpt metadata, a=testonly

Andrei Ciure[:aciure]

Comment 4

•

4 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/2e776909647f
https://hg.mozilla.org/mozilla-central/rev/8e5be80da9c3

Status: NEW → RESOLVED

Closed: 4 years ago

status-firefox76: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla76

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[wpt-sync] Sync PR 22131 - TrustedTypes: Lock the API to secure contexts.

Categories

(Core :: DOM: Security, task, P4)

Tracking

()

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated

Comment 2

CI Results

Status Summary

Firefox

Chrome

Safari

Links

Details

Firefox-only Failures

New Tests That Don't Pass

Updated

Comment 3

Comment 4