Closed Bug 1931290 Opened 11 months ago Closed 11 months ago

Implement Trusted Types support for Window's setInterval()/setTimeout()

Categories

(Core :: DOM: Security, task)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
135 Branch
Tracking Flags:
Tracking Status
firefox135 --- fixed

People

(Reporter: fredw, Assigned: fredw)

References

Details

(Whiteboard: [domsecurity-backlog])

Attachments

(2 files)

Bug 1931290 - Use "Function or DOMString" in setTimeout/setInterval IDL. r=smaug,#dom-core
48 bytes, text/x-phabricator-request
Details | Review
Bug 1931290 - Implement Trusted Types support for Window's setInterval()/setTimeout(). r=smaug,#dom-core
48 bytes, text/x-phabricator-request
Details | Review
Blocks: 1916956

Let's only handle the Window case here. I'll open a separate bug for WorkerGlobalScope

No longer blocks: 1916956
Summary: Implement Trusted Types support for WindowOrWorkerGlobalScope's setInterval()/setTimeout() → Implement Trusted Types support for Window's setInterval()/setTimeout()
Blocks: 1931829
See Also: → 1931829
See Also: 1931829

Just putting here for the record:

https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#timers contains the step

  • Perform EnsureCSPDoesNotBlockStringCompilation(realm, « », handler, handler, timer, « », handler). If this throws an exception, catch it, report it for global, and abort these steps.

and https://w3c.github.io/webappsec-csp/#can-compile-strings does not perform any trusted check for TIMER, so we don't need the extra changes for EnsureCSPDoesNotBlockStringCompilation mentioned in bug 1931288 comment 2.

Assignee: nobody → fwang
Severity: -- → N/A
Whiteboard: [domsecurity-backlog]
Attachment #9438266 - Attachment description: WIP: Bug 1931290 - Use "Function or DOMString" in setTimeout/setInterval IDL. r=smaug,#dom-core → Bug 1931290 - Use "Function or DOMString" in setTimeout/setInterval IDL. r=smaug,#dom-core
Attachment #9438273 - Attachment description: WIP: Bug 1931290 -Implement Trusted Types support for Window's setInterval()/setTimeout(). r=smaug,#dom-core → Bug 1931290 -Implement Trusted Types support for Window's setInterval()/setTimeout(). r=smaug,#dom-core
Attachment #9438273 - Attachment description: Bug 1931290 -Implement Trusted Types support for Window's setInterval()/setTimeout(). r=smaug,#dom-core → Bug 1931290 - Implement Trusted Types support for Window's setInterval()/setTimeout(). r=smaug,#dom-core
Pushed by fwang@igalia.com: https://hg.mozilla.org/integration/autoland/rev/d5a35d40760b Use "Function or DOMString" in setTimeout/setInterval IDL. r=smaug https://hg.mozilla.org/integration/autoland/rev/7f2360c92457 Implement Trusted Types support for Window's setInterval()/setTimeout(). r=smaug

https://hg.mozilla.org/mozilla-central/rev/d5a35d40760b
https://hg.mozilla.org/mozilla-central/rev/7f2360c92457

Status: NEW → RESOLVED
Closed: 11 months ago
status-firefox135: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 135 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: