Closed Bug 1684116 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 27007 - Fix serialization for <noscript> contents when script is disabled

Categories

(Core :: DOM: Core & HTML, task, P4)

Product:
Core
Component:
DOM: Core & HTML
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
86 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- fixed
firefox86 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 27007 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/27007
Details from upstream follow.

b'Mason Freed <masonfreed@chromium.org>' wrote:

Fix serialization for <noscript> contents when script is disabled

Previous to this CL, serialization for \<noscript> nodes in a
document with (per spec) no execution context would still not
escape (e.g. '\<' --> '<') the contents. This allowed a sanitizer
bypass.

I added a fairly comprehensive test of the many fragment parser entry
points here. Before this CL (and on other browsers):

  • Chrome would never escape \<noscript> contents. (This bug)
  • Firefox would never escape \<noscript> contents. (Should raise a bug)
  • Safari always escapes \<noscript> contents, even when it
    shouldn't, such as with div.innerHTML, div.insertAdjacentHTML,
    and document.write on the main document. (Should raise a bug)

An additional set of differences showed up for the parsing escaping
behavior:

  • Chrome would (and still does) de-escape \<noscript> contents when
    parsing in a script-disabled context, such as DOMParser or
    createHTMLDocument.innerHTML. It does not de-escape \<noscript>
    contents in script-enabled contexts, such as div.innerHTML and
    document.write. This all seems correct to me.
  • Safari behaves identically to Chrome here (correct).
  • Firefox de-escapes \<noscript> contents in some cases (e.g.
    XMLHTTPRequest, document.write) but not others (e.g.
    template.innerHTML, createHTMLDocument.innerHTML, and
    createHTMLDocument.createContextualFragment).

I looked for a spec issue, but didn't find one. If there really isn't
a spec issue for this, we should raise one.

Fixed: 1160635
Change-Id: I361a72409093e69b074495c475e9d647c6c58300
Cq-Do-Not-Cancel-Tryjobs: true
Reviewed-on: https://chromium-review.googlesource.com/2602447
WPT-Export-Revision: 1afb2f8ef50a414e8c6f59ab1eef174aafa7554c

Component: web-platform-tests → DOM: Core & HTML
Product: Testing → Core

CI Results

Ran 14 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 1 tests and 9 subtests

Status Summary

Firefox

OK : 1
PASS: 3
FAIL: 6

Chrome

OK : 1
PASS: 3
FAIL: 6

Safari

OK : 1
PASS: 6
FAIL: 3

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/html/syntax/serializing-html-fragments/escaping.html
DOMParser.parseFromString: FAIL (Chrome: FAIL, Safari: PASS)
template.innerHTML: FAIL (Chrome: FAIL, Safari: PASS)
document.implementation.createHTMLDocument and innerHTML: FAIL (Chrome: FAIL, Safari: PASS)
document.implementation.createHTMLDocument and createContextualFragment: FAIL (Chrome: FAIL, Safari: PASS)
document.implementation.createHTMLDocument and document.write: FAIL (Chrome: FAIL, Safari: PASS)
XMLHttpRequest: FAIL (Chrome: FAIL, Safari: PASS)

Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/cfa0c3eac32e [wpt PR 27007] - Fix serialization for <noscript> contents when script is disabled, a=testonly https://hg.mozilla.org/integration/autoland/rev/047175aa7280 [wpt PR 27007] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/cfa0c3eac32e
https://hg.mozilla.org/mozilla-central/rev/047175aa7280

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox86: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch
You need to log in before you can comment on or make changes to this bug.