Closed Bug 1943976 Opened 25 days ago Closed 23 days ago

[wpt-sync] Sync PR 50295 - Add trusted types tests for setAttribute that are not sinks.

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
136 Branch
Tracking Flags:
Tracking Status
firefox136 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 50295 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/50295
Details from upstream follow.

Frédéric Wang <fwang@igalia.com> wrote:

Add trusted types tests for setAttribute that are not sinks.

See https://github.com/w3c/trusted-types/issues/520

We add tests for:

  • Names that don't correspond to any event handler attribute.
  • Names that don't correspond to an event handler attribute on any element.
  • Names that don't correspond to an event handler attribute for the modified element.
Component: web-platform-tests → DOM: Security
Product: Testing → Core
Blocks: 1939805

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 1 tests and 510 subtests

Status Summary

Firefox

OK : 1
PASS : 499
FAIL : 5
ERROR: 1

Chrome

OK : 1
PASS : 1
FAIL : 509

Safari

ERROR: 1

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

  • /trusted-types/set-event-handlers-content-attributes.tentative.html [wpt.fyi]: ERROR [GitHub], OK [Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows11-32-24h2-debug, Gecko-windows11-32-24h2-opt, Gecko-windows11-64-24h2-debug, Gecko-windows11-64-24h2-opt] (Chrome: OK, Safari: ERROR)
    • BODY.setAttribute(onmessage, "unsafe_handler()") calls default policy: FAIL (Chrome: FAIL)
    • BODY.setAttributeNS(onmessage, "unsafe_handler()") calls default policy: FAIL (Chrome: FAIL)
    • FRAMESET.setAttribute(onmessage, "unsafe_handler()") calls default policy: FAIL (Chrome: FAIL)
    • FRAMESET.setAttributeNS(onmessage, "unsafe_handler()") calls default policy: FAIL (Chrome: FAIL)
    • DIV.setAttribute("onreadystatechange", "unsafe_handler()") does not call default policy: FAIL (Chrome: FAIL)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/18d482218195 [wpt PR 50295] - Add trusted types tests for setAttribute that are not sinks., a=testonly https://hg.mozilla.org/integration/autoland/rev/00cc864f9edf [wpt PR 50295] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/18d482218195
https://hg.mozilla.org/mozilla-central/rev/00cc864f9edf

Status: NEW → RESOLVED
Closed: 23 days ago
status-firefox136: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch
You need to log in before you can comment on or make changes to this bug.