Open
Bug 1939805
Opened 2 months ago
Updated 7 days ago
(trusted types) Audit test coverage, making sure that the remaining annotations are timeouts, but not failures - part 2
Categories
(Core :: DOM: Security, task)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: fredw, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active], [wptsync upstream])
Follow-up of bug 1907849. Remaining work:
- Audit test coverage ("See also" URLs and dependencies):
- Add WPTs for report-uri with Workers
- Add WPTs for CSP sandbox allow-scripts combined with Trusted Types
Improve test coverage of sink valuesExamine tests which are commented out in GlobalEventHandlers-onclick.htmlWhat shoud script element's textContent's sink string be?Add test for event handler content attribute handling for false positive event handler attributes- Add tests for "Should Trusted Type policy creation be blocked by Content Security Policy" in workers
- Add test for policies with disposition=report in workers
- Improve/Rewrite tests checking for CSP violations
Check WPT content-security-policy/securitypolicyviolation/source-file.html- Probably worth going again over the different specs and see if anything is missing.
- Making sure that the remaining annotations are timeouts, but not failures
|
Reporter | |
Updated•1 month ago
|
|
|
Reporter | |
Updated•1 month ago
|
|
|
Reporter | |
Updated•1 month ago
|
See Also: → https://github.com/w3c/trusted-types/issues/574
|
|
Reporter | |
Updated•1 month ago
|
|
|
Reporter | |
Updated•1 month ago
|
See Also: → https://github.com/w3c/trusted-types/issues/576
|
|
Reporter | |
Comment 1•21 days ago
|
||
Remaining failures at https://searchfox.org/mozilla-central/source/testing/web-platform/meta/trusted-types:
- block-string-assignment-to-attribute-via-attribute-node.html: Fixed by bug 1944511
- block-string-assignment-to-Element-setAttribute.html: Fixed by bug 1944511
- block-text-node-insertion-into-script-element.html: likely bug 1928932
- block-text-node-insertion-into-svg-script-element.html: likely bug 1928932
- Element-setAttribute-respects-Elements-node-documents-globals-CSP-after-adoption-from-non-TT-realm.html: bug 1944511 + likely some other actual bug to check.
- HTMLScriptElement-internal-slot.html: likely bug 1928932
- set-event-handlers-content-attributes.tentative.html: Fixed by bug 1944504
- trusted-types-event-handlers.html: Some touch events only work on Android.
- trusted-types-from-literal.tentative.html: This was from https://github.com/w3c/trusted-types/issues/347 but no longer seems part of the spec.
- trusted-types-navigation.html: likely bug 1915629
- TrustedTypePolicyFactory-blocking.tentative.html: Need to check this.
- TrustedTypePolicyFactory-getAttributeType-event-handler-content-attributes.tentative.html: Fixed by bug 1944504
|
|
Reporter | |
Comment 2•7 days ago
•
|
||
Remaining failures at https://searchfox.org/mozilla-central/source/testing/web-platform/meta/trusted-types after 1944511 is fixed:
- block-text-node-insertion-into-script-element.html: likely bug 1928932
- block-text-node-insertion-into-svg-script-element.html: likely bug 1928932
- Element-setAttribute-respects-Elements-node-documents-globals-CSP-after-adoption-from-non-TT-realm.html: Need to check this.
- HTMLScriptElement-internal-slot.html: likely bug 1928932
- trusted-types-event-handlers.html: Some touch events only work on Android.
- trusted-types-from-literal.tentative.html: This was from https://github.com/w3c/trusted-types/issues/347 but no longer seems part of the spec.
- trusted-types-navigation.html: likely bug 1915629
- TrustedTypePolicyFactory-blocking.tentative.html: Need to check this.
You need to log in
before you can comment on or make changes to this bug.
Description
•