Closed Bug 1675350 Opened 4 years ago Closed 4 years ago

[wpt-sync] Sync PR 26398 - Change declarative Shadow DOM fragment parsing to be opt-in

Categories

(Core :: DOM: Core & HTML, task, P4)

Product:
Core
Component:
DOM: Core & HTML
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
84 Branch
Tracking Flags:
Tracking Status
firefox84 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 26398 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/26398
Details from upstream follow.

b'Mason Freed <masonfreed@chromium.org>' wrote:

Change declarative Shadow DOM fragment parsing to be opt-in

This CL implements most of the suggestions from [1], which effectively
block declarative Shadow DOM from being used by any fragment parser
entry point, unless an explicit opt-in is toggled.

The opt-ins include:

  • DOMParser.allowDeclarativeShadowDom = true;
  • HTMLTemplateElement.allowDeclarativeShadowDom = true;
  • XMLHttpRequest.allowDeclarativeShadowDom = true;
  • DocumentFragment.allowDeclarativeShadowDom = true;
  • Document.allowDeclarativeShadowDom = true; // For innerHTML
  • A new \<iframe> sandbox flag: allow-declarative-shadow-dom

This mitigates the potential client-side XSS sanitizer bypass detailed
in the explainer and at [1]. Assuming these changes are functional,
and mitigate the issue, this new behavior will be folded into the
spec PRs at [2] and [3]. But given the security implications of the
existing code, I'd like to get this landed first.

[1] https://github.com/whatwg/dom/issues/912#issue-733465826
[2] https://github.com/whatwg/html/pull/5465
[3] https://github.com/whatwg/dom/pull/892

Bug: 1042130
Change-Id: I088f28f63078a0d26e354a4442494c0132b47ffc

Reviewed-on: https://chromium-review.googlesource.com/2513525
WPT-Export-Revision: 0916d37df6ee161f46c9ce61bc5c1be2d10b8c09

Component: web-platform-tests → DOM: Core & HTML
Product: Testing → Core

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 3 tests and 14 subtests

Status Summary

Firefox

OK : 3
PASS: 578
FAIL: 85

Chrome

OK : 3
PASS: 650
FAIL: 13

Safari

OK : 3
PASS: 578
FAIL: 85

Links

GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/shadow-dom/declarative/declarative-shadow-dom-attachment.tentative.html
Declarative Shadow DOM as a child of <article>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <aside>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <blockquote>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <div>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <footer>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h1>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h2>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h3>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h4>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h5>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h6>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <header>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <nav>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <p>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <section>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <span>, with mode=open, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <article>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <aside>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <blockquote>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <div>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <footer>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h1>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h2>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h3>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h4>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h5>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h6>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <header>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <nav>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <p>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <section>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <span>, with mode=closed, delegatesFocus=false. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <article>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <aside>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <blockquote>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <div>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <footer>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h1>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h2>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h3>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h4>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h5>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h6>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <header>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <nav>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <p>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <section>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <span>, with mode=open, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <article>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <aside>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <blockquote>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <div>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <footer>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h1>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h2>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h3>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h4>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h5>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <h6>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <header>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <nav>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <p>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <section>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM as a child of <span>, with mode=closed, delegatesFocus=true. Should be safelisted.: FAIL (Chrome: PASS, Safari: FAIL)
/shadow-dom/declarative/declarative-shadow-dom-basic.tentative.html
Declarative Shadow DOM: Basic test: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM: Feature detection: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM: Fragment parser basic test: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM: Closed shadow root attribute: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM: Missing closing tag: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM: delegates focus attribute: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM: Multiple roots: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM: template containing declarative shadow root: FAIL (Chrome: PASS, Safari: FAIL)
Declarative Shadow DOM: template containing declarative shadow root and UA shadow root: FAIL (Chrome: PASS, Safari: FAIL)
/shadow-dom/declarative/declarative-shadow-dom-opt-in.tentative.html
Non-fragment parsing needs no opt-in: FAIL (Chrome: FAIL, Safari: FAIL)
innerHTML on element: FAIL (Chrome: FAIL, Safari: FAIL)
innerHTML on element, with template content: FAIL (Chrome: FAIL, Safari: FAIL)
Setting template.innerHTML: FAIL (Chrome: FAIL, Safari: FAIL)
Setting template.innerHTML with nested template content: FAIL (Chrome: FAIL, Safari: FAIL)
DOMParser: FAIL (Chrome: FAIL, Safari: FAIL)
createHTMLDocument: FAIL (Chrome: FAIL, Safari: FAIL)
createContextualFragment: FAIL (Chrome: FAIL, Safari: FAIL)
XMLHttpRequest, disabled: FAIL (Chrome: FAIL, Safari: FAIL)
XMLHttpRequest, enabled: FAIL (Chrome: FAIL, Safari: FAIL)
iframe, enabled: FAIL (Chrome: FAIL, Safari: FAIL)
iframe with allow-declarative-shadow-dom sandbox flag allows declarative Shadow DOM: FAIL (Chrome: PASS, Safari: FAIL)

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c205140cf8c1
[wpt PR 26398] - Change declarative Shadow DOM fragment parsing to be opt-in, a=testonly
https://hg.mozilla.org/integration/autoland/rev/41935ec51f19
[wpt PR 26398] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/c205140cf8c1
https://hg.mozilla.org/mozilla-central/rev/41935ec51f19

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox84: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 84 Branch
You need to log in before you can comment on or make changes to this bug.