[wpt-sync] Sync PR 46476 - [PEPC] Fix PEPC text being displaceable via CSS pseudo selectors
Categories
(Core :: DOM: Core & HTML, task, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox128 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 46476 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/46476
Details from upstream follow.
Andy Paicu <andypaicu@chromium.org> wrote:
[PEPC] Fix PEPC text being displaceable via CSS pseudo selectors
This fixes an exploit that uses the ::before CSS pseudo-selector that
displaces the text in the permission element and replaces it with
content chosen by the author. The added test is modeled after the
exploit.Fixed: 342355738
Change-Id: Id2f05a9febe3d2f97662065d5c1a46a6ade260f3
Reviewed-on: https://chromium-review.googlesource.com/5563204
WPT-Export-Revision: 5974832652410b42735089c817a9cdf6a06f577e
|
Assignee | |
Updated•4 months ago
|
|
|
Assignee | |
Comment 1•4 months ago
|
||
|
|
Assignee | |
Comment 2•4 months ago
|
||
CI Results
Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 2 tests
Status Summary
Firefox
FAIL: 2
Chrome
PASS: 1
FAIL: 1
Safari
FAIL: 2
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
New Tests That Don't Pass
- /html/semantics/permission-element/pseudo-elements-in-div.tentative.html [wpt.fyi]:
FAIL(Chrome:FAIL, Safari:FAIL) - /html/semantics/permission-element/pseudo-elements.tentative.html [wpt.fyi]:
FAIL(Chrome:PASS, Safari:FAIL)
|
||
Comment 4•4 months ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/f3c84677935d
https://hg.mozilla.org/mozilla-central/rev/3fc9fcb937ab
Description
•