[wpt-sync] Sync PR 49920 - Add test to verify legacy sinks for TrustedScript are not supported
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox136 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 49920 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/49920
Details from upstream follow.
Frédéric Wang <fwang@igalia.com> wrote:
Add test to verify legacy sinks for TrustedScript are not supported
This verifies some API for ParentNode/ChildNode [1] [2] don't do any check for trusted types. This might already be covered by IDL tests but we just perform a direct verification here. This test fails in Chromium, which is not aligned with the DOM spec here [3] and performs specific checks for HTML script elements. Chromium also implements similar behavior for
ChildNodePart.replaceChildren()but that's currently not shipped [4].[1] https://dom.spec.whatwg.org/#interface-parentnode
[2] https://dom.spec.whatwg.org/#interface-childnode
[3] https://github.com/w3c/trusted-types/issues/494#issuecomment-2572883416
[4] https://groups.google.com/a/chromium.org/g/blink-dev/c/wIADRnljZDA/m/whzEaaAADAAJ
|
Assignee | |
Updated•1 month ago
|
|
|
Assignee | |
Comment 1•1 month ago
|
||
|
|
Assignee | |
Comment 2•1 month ago
|
||
CI Results
Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 1 tests and 1 subtests
Status Summary
Firefox
OK : 1
PASS: 1
Chrome
OK : 1
FAIL: 1
Safari
OK : 1
PASS: 1
Description
•