Closed Bug 1913339 Opened 6 months ago Closed 4 months ago

Implement default-policy support for `Element.innerHTML` and `Element.insertAdjacentHTML`

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
133 Branch
Tracking Flags:
Tracking Status
firefox133 --- fixed

People

(Reporter: mbrodesser-Igalia, Assigned: mbrodesser-Igalia)

References

(Blocks 3 open bugs)

Details

(Whiteboard: [domsecurity-active], [wptsync upstream])

Attachments

(5 files)

Bug 1913339: part 1) Simplify existing WPT for the default-policy support of `Element.insertAdjacentHTML`. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1913339: part 4) Implement default-policy support for `Element.innerHTML` and `Element.insertAdjacentHTML`. r=smaug!,peterv!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1913339: part 2) Support default policies in `TrustedTypePolicyFactory`. r=peterv,smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1913339: part 3) Make some sub-tests of <block-string-assignment-to-Element-insertAdjacentHTML.html> less dependent on each other. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1913339: part 5) Annotate `NonVoidLatin1StringToJsval` and `NonVoidStringToJsval` as `[[nodiscard]]`. r=jandem
48 bytes, text/x-phabricator-request
Details | Review
No description provided.

The remaining support for default policies will be added in other
patches.

Depends on D219255

Attachment #9419268 - Attachment description: WIP: Bug 1913339: part 2) Start implementing default-policy support for `Element.insertAdjacentHTML` → WIP: Bug 1913339: part 3) Start implementing default-policy support for `Element.insertAdjacentHTML`
Assignee: nobody → mbrodesser
Attachment #9419267 - Attachment description: WIP: Bug 1913339: part 1) Simplify existing WPT for the default-policy support of `Element.insertAdjacentHTML` → Bug 1913339: part 1) Simplify existing WPT for the default-policy support of `Element.insertAdjacentHTML`. r=smaug
Attachment #9419585 - Attachment description: WIP: Bug 1913339: part 2) Support default policies in `TrustedTypePolicyFactory` → Bug 1913339: part 2) Support default policies in `TrustedTypePolicyFactory`. r=peterv,smaug
Priority: -- → P3
Whiteboard: [domsecurity-active]

Allows to let them pass on Gecko too, given a Gecko-specific bug (see
the test). The text-to-HTML transformation, which is what the test is
supposed to test, is still tested.

Attachment #9419268 - Attachment description: WIP: Bug 1913339: part 3) Start implementing default-policy support for `Element.insertAdjacentHTML` → WIP: Bug 1913339: part 4) Implement default-policy support for `Element.insertAdjacentHTML`
Attachment #9419268 - Attachment description: WIP: Bug 1913339: part 4) Implement default-policy support for `Element.insertAdjacentHTML` → Bug 1913339: part 4) Implement default-policy support for `Element.insertAdjacentHTML`. r=peterv!,smaug!
Attachment #9420136 - Attachment description: WIP: Bug 1913339: part 5) Annotate `NonVoidLatin1StringToJsval` and `NonVoidStringToJsval` as `[[nodiscard]]` → Bug 1913339: part 5) Annotate `NonVoidLatin1StringToJsval` and `NonVoidStringToJsval` as `[[nodiscard]]`. r=jandem
Depends on: 1915168
No longer depends on: 1915168
Summary: Implement default-policy support for `Element.insertAdjacentHTML` → Implement default-policy support for `Element.innerHTML` and `Element.insertAdjacentHTML`
Attachment #9419268 - Attachment description: Bug 1913339: part 4) Implement default-policy support for `Element.insertAdjacentHTML`. r=peterv!,smaug! → Bug 1913339: part 4) Implement default-policy support for `Element.innerHTML` and `Element.insertAdjacentHTML`. r=smaug!,peterv!
Blocks: 1915629
Blocks: 1916313

Edit: moving comment to other ticket.

Flags: needinfo?(afarre)
Flags: needinfo?(afarre)
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/e4d0ee017f1e part 1) Simplify existing WPT for the default-policy support of `Element.insertAdjacentHTML`. r=smaug https://hg.mozilla.org/integration/autoland/rev/8d3265a67df7 part 2) Support default policies in `TrustedTypePolicyFactory`. r=peterv,smaug https://hg.mozilla.org/integration/autoland/rev/b741269269ef part 3) Make some sub-tests of <block-string-assignment-to-Element-insertAdjacentHTML.html> less dependent on each other. r=smaug https://hg.mozilla.org/integration/autoland/rev/8f8c6c4a4ab8 part 4) Implement default-policy support for `Element.innerHTML` and `Element.insertAdjacentHTML`. r=peterv,smaug,sessionstore-reviewers,sclements
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/48646 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-active] → [domsecurity-active], [wptsync upstream]
Upstream PR merged by moz-wptsync-bot

Reopening for the last (minor) patch to land.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/b280c543c450 part 5) Annotate `NonVoidLatin1StringToJsval` and `NonVoidStringToJsval` as `[[nodiscard]]`. r=jandem

https://hg.mozilla.org/mozilla-central/rev/b280c543c450

Status: REOPENED → RESOLVED
Closed: 4 months ago4 months ago
status-firefox133: affectedfixed
Resolution: --- → FIXED
Blocks: 1909168
Blocks: 1931276
Blocks: 1916957
No longer blocks: 1903717
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: