Closed Bug 1944511 Opened 24 days ago Closed 7 days ago

Implement remaining Trusted Type support for attribute changes

Categories

(Core :: DOM: Security, task)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
137 Branch
Tracking Flags:
Tracking Status
firefox137 --- fixed

People

(Reporter: fredw, Assigned: fredw)

References

(Blocks 1 open bug,
URL
)

Details

(Whiteboard: [domsecurity-active], [wptsync upstream])

Attachments

(2 files)

Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug
48 bytes, text/x-phabricator-request
Details | Review

https://github.com/whatwg/dom/pull/1268 mentions "attribute's change, append, and replace"

setAttribute/setAttributeNS was implemented in bug 1925468. However, there are other ways to set attributes that would require similar TT checks too.

Looking at currently failing tests:

  • block-string-assignment-to-attribute-via-attribute-node.html: They set the attribute's node value via textContent/nodeValue.
  • block-string-assignment-to-Element-setAttribute.html: The remaining failure is a test relying on setAttributeNode().
  • Element-setAttribute-respects-Elements-node-documents-globals-CSP-after-adoption-from-non-TT-realm.html: The assertion failures are for setAttributeNode().

testing/web-platform/tests/trusted-types/TrustedType-AttributeNodes.html is a test also checks attributenode.value and NamedNodeMap.setNamedItem but it is already passing.

List provided by Luke:

  • setAttribute
  • setAttributeNS
  • Element.setAttributeNode
  • Element.setAttributeNodeNS
  • NamedNodeMap.setNamedItem
  • NamedNodeMap.setNamedItemNS
  • Attr.value
  • Node.textContent
  • Node.nodeValue

Checking the code, nsDOMAttributeMap::SetNamedItemNS and Attr::SetValue should be enough to cover the list in comment 2. However, test coverage is not great for now: https://github.com/whatwg/dom/pull/1268#issuecomment-2621271212

Assignee: nobody → fwang
Attachment #9462825 - Attachment description: WIP: Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug → Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug
Status: NEW → ASSIGNED
Attachment #9462733 - Attachment description: WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Attachment #9462825 - Attachment description: Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug → WIP: Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug
Attachment #9462733 - Attachment description: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Severity: -- → S3
Whiteboard: [domsecurity-active]
Attachment #9462825 - Attachment description: WIP: Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug → Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug
Attachment #9462733 - Attachment description: WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Attachment #9462825 - Attachment description: Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug → WIP: Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug
Attachment #9462733 - Attachment description: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Attachment #9462825 - Attachment description: WIP: Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug → Bug 1944511 - Add Trusted Type test to set attributes by different means. r=smaug
Attachment #9462733 - Attachment description: WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Attachment #9462733 - Attachment description: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Attachment #9462733 - Attachment description: WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Attachment #9462733 - Attachment description: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Attachment #9462733 - Attachment description: WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Attachment #9462733 - Attachment description: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Attachment #9462733 - Attachment description: WIP: Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug → Bug 1944511 Implement remaining Trusted Type support for attribute changes. r=smaug
Pushed by fwang@igalia.com: https://hg.mozilla.org/integration/autoland/rev/752e5c2d3d68 Add Trusted Type test to set attributes by different means. r=smaug https://hg.mozilla.org/integration/autoland/rev/90a78c6d0ec0 Implement remaining Trusted Type support for attribute changes. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/50709 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-active] → [domsecurity-active], [wptsync upstream]
Type: defect → task
Upstream PR merged by moz-wptsync-bot

https://hg.mozilla.org/mozilla-central/rev/752e5c2d3d68
https://hg.mozilla.org/mozilla-central/rev/90a78c6d0ec0

Status: ASSIGNED → RESOLVED
Closed: 7 days ago
status-firefox137: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 137 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: