Closed Bug 1931276 Opened 3 months ago Closed 3 months ago

Implement Trusted Types support for Element/ShadowRoot's setHTMLUnsafe() and innerHTML

Categories

(Core :: DOM: Security, task)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
135 Branch
Tracking Flags:
Tracking Status
firefox135 --- fixed

People

(Reporter: fredw, Assigned: fredw)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog], [wptsync upstream])

Attachments

(3 files)

Bug 1931276 - Implement Trusted Types support for Element/ShadowRoot's setHTMLUnsafe(). r=smaug,#dom-core
48 bytes, text/x-phabricator-request
Details | Review
Bug 1931276 - Add a Trusted Type test for setting ShadowRoot's innerHTML. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1931276 - Implement Trusted Types support for ShadowRoot's innerHTML. r=smaug,#dom-core
48 bytes, text/x-phabricator-request
Details | Review
Type: enhancement → task

Also including ShadowRoot's innerHTML in this bug, which is mentioned in the IDL I linked in comment 0. Element's innerHTML was handled in bug 1913339.

I seems block-string-assignment-to-ShadowRoot-setHTMLUnsafe.html is the only ShadowRoot test but does not try and set innerHTML, so we will need a test for that.

https://searchfox.org/mozilla-central/search?q=shadow&path=testing%2Fweb-platform%2Ftests%2Ftrusted-types&case=false&regexp=false
https://searchfox.org/mozilla-central/search?q=innerHTML&path=testing%2Fweb-platform%2Ftests%2Ftrusted-types%2Fblock-string-assignment-to-ShadowRoot-setHTMLUnsafe.html&case=false&regexp=false

Depends on: 1913339
Summary: Implement Trusted Types support for Element/ShadowRoot's `setHTMLUnsafe()` → Implement Trusted Types support for Element/ShadowRoot's setHTMLUnsafe() and innerHTML
Depends on: 1931282
Assignee: nobody → fwang
Status: NEW → ASSIGNED

This is essentially a copy of
block-string-assignment-to-ShadowRoot-setHTMLUnsafe.html, replacing
set shadowRoot.setHTMLUnsafe(html) with shadowRoot.innerHTML = html.
Note that innerHTML uses LegacyNullToEmptyString, so setting it to
a null behaves slightly differently.

Severity: -- → N/A
Whiteboard: [domsecurity-backlog]
Pushed by fwang@igalia.com: https://hg.mozilla.org/integration/autoland/rev/5c844b35a3e4 Implement Trusted Types support for Element/ShadowRoot's setHTMLUnsafe(). r=smaug,dom-core,peterv https://hg.mozilla.org/integration/autoland/rev/4b6f5fdc1a0d Add a Trusted Type test for setting ShadowRoot's innerHTML. r=smaug https://hg.mozilla.org/integration/autoland/rev/82afe5dba541 Implement Trusted Types support for ShadowRoot's innerHTML. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/49439 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog], [wptsync upstream]

https://hg.mozilla.org/mozilla-central/rev/5c844b35a3e4
https://hg.mozilla.org/mozilla-central/rev/4b6f5fdc1a0d
https://hg.mozilla.org/mozilla-central/rev/82afe5dba541

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
status-firefox135: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 135 Branch
No longer depends on: 1931282
Upstream PR merged by moz-wptsync-bot
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: