[wpt-sync] Sync PR 49761 - [Sanitizer] Add tests for safe + unsafe cases.
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox136 | --- | fixed |
People
(Reporter: wpt-sync, Assigned: freddy)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 49761 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/49761
Details from upstream follow.
Daniel Vogelheim <vogelheim@chromium.org> wrote:
[Sanitizer] Add tests for safe + unsafe cases.
This tests for differences between setHTML and setHTMLUnsafe.
Since the html5lib testcase format only supports one result per testcase, we use two testcase files with identical inputs,
one each with the expectations for safe and unsafe variants.Also, a drive-by fix for an issue uncovered by the tests: The
spec demands we block insertion in a \<script> element (in safe cases).Bug: 356601280
Change-Id: I1fb19f60fdcd7262292a983b548baebcaf43a440
Reviewed-on: https://chromium-review.googlesource.com/6039899
WPT-Export-Revision: 69226166d4753d8093fcef072e190247729396fc
|
Reporter | |
Updated•2 months ago
|
|
|
Reporter | |
Comment 1•2 months ago
|
||
|
|
Reporter | |
Comment 2•2 months ago
|
||
CI Results
Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 1 tests and 15 subtests
Status Summary
Firefox
OK : 1
PASS : 8
CRASH: 1
FAIL : 7
ERROR: 1
Chrome
OK : 1
PASS : 1
FAIL : 14
Safari
OK : 1
PASS : 8
FAIL : 7
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
Crashes
- /sanitizer-api/sethtml-safety.tentative.html [wpt.fyi]:
CRASH[Gecko-windows11-64-2009-qr-opt],ERROR[Gecko-android-em-7.0-x86_64-qr-debug-geckoview],OK[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview,Gecko-android-em-7.0-x86_64-qr-opt-geckoview,Gecko-linux1804-64-qr-debug,Gecko-linux1804-64-qr-opt,Gecko-windows11-32-2009-qr-debug,Gecko-windows11-32-2009-qr-opt,Gecko-windows11-64-2009-qr-debug,GitHub]
New Tests That Don't Pass
- /sanitizer-api/sethtml-safety.tentative.html [wpt.fyi]:
CRASH[Gecko-windows11-64-2009-qr-opt],ERROR[Gecko-android-em-7.0-x86_64-qr-debug-geckoview],OK[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview,Gecko-android-em-7.0-x86_64-qr-opt-geckoview,Gecko-linux1804-64-qr-debug,Gecko-linux1804-64-qr-opt,Gecko-windows11-32-2009-qr-debug,Gecko-windows11-32-2009-qr-opt,Gecko-windows11-64-2009-qr-debug,GitHub] (Chrome:OK, Safari:OK)- Testcase #0, setHTML("test)".:
FAIL(Chrome:FAIL, Safari:FAIL) - Testcase #1, setHTML("<p>Hello</p>)".:
FAIL(Chrome:FAIL, Safari:FAIL) - Testcase #2, setHTML("<div>Hello<script>World</script>xxx)".:
FAIL(Chrome:FAIL, Safari:FAIL) - Testcase #3, setHTML("<div>Hello<script>World</script>xxx)".:
FAIL(Chrome:FAIL, Safari:FAIL) - Testcase #4, setHTML("<svg>Hello<script>World</script>xxx)".:
FAIL(Chrome:FAIL, Safari:FAIL) - Testcase #5, setHTML("<img src="https://bla.com/blubb" onclick="2+2" one="two">)".:
FAIL(Chrome:FAIL, Safari:FAIL) - Testcase #6, setHTML("<img src="https://bla.com/blubb" onclick="2+2" one="two">)".:
FAIL(Chrome:FAIL, Safari:FAIL)
- Testcase #0, setHTML("test)".:
|
Assignee | |
Comment 3•2 months ago
|
||
The crashes happen when sanitizing <img src="https://bla.com/blubb" onclick="2+2" one="two">. Firefox disallows remote connections, so we should be using example.org and variations thereof.
|
|
Assignee | |
Comment 4•2 months ago
|
||
Hoping for a swift review upstream https://github.com/web-platform-tests/wpt/pull/49867
|
|
Assignee | |
Comment 5•1 month ago
|
||
With https://github.com/web-platform-tests/wpt/pull/49867 merged, a WPT sync should no longer crash
|
||
Comment 6•1 month ago
|
||
We use this kind of bugs to track the landing of these changes to mozilla-central, since it didn't happen yet, I would prefer to keep it open.
https://hg.mozilla.org/mozilla-central/rev/eed85e407348
https://hg.mozilla.org/mozilla-central/rev/2f8ad883f82a
Description
•