Closed Bug 1948733 Opened 6 months ago Closed 6 months ago

[wpt-sync] Sync PR 50742 - [Sanitizer] Implement new defaults API.

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
137 Branch
Tracking Flags:
Tracking Status
firefox137 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 50742 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/50742
Details from upstream follow.

Daniel Vogelheim <vogelheim@chromium.org> wrote:

[Sanitizer] Implement new defaults API.

The spec was changed to optionally allow an enum argument to Sanitizer
constructor and sanitizer options in setHTML/setHTMLUnsafe, where the enum only supports the value "default". This way, users can explicitly
request "default" behaviour.

Also, the "safe" and "unsafe" versions now have different defaults, which leads to a bit of complexity in WebIDL since they are now different dictionary types.

Spec: https://github.com/WICG/sanitizer-api/pull/243
Bug: 330516530
Change-Id: I9ccd38f969fe1ccfc32475a03c0fb0418b7e18c5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6213370
Commit-Queue: Daniel Vogelheim \<vogelheim@chromium.org>
Reviewed-by: Yifan Luo \<lyf@chromium.org>
Reviewed-by: Joey Arhar \<jarhar@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1421089}

Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream error]
Whiteboard: [wptsync downstream error] → [wptsync downstream]

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 7 tests and 82 subtests

Status Summary

Firefox

OK : 7
PASS: 40
FAIL: 229[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows11-32-24h2-debug, Gecko-windows11-32-24h2-opt, Gecko-windows11-64-24h2-debug, Gecko-windows11-64-24h2-opt] 234[GitHub]

Chrome

OK : 7
PASS: 16
FAIL: 258

Safari

OK : 7
PASS: 40
FAIL: 234

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

  • /sanitizer-api/sanitizer-basic-filtering.tentative.html [wpt.fyi]
    • setHTML testcase text/0, "text": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase text/0, "text": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase elements/0, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase elements/0, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase elements/1, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase elements/1, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase elements/1, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase elements/1, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase elements/2, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase elements/2, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase elements/2, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase elements/2, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase elements/3, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase elements/3, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase elements/3, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase elements/3, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase elements/4, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase elements/4, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase elements/4, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase elements/4, "<div><p>Hello <b>World!</b>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase attributes/0, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase attributes/0, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase attributes/1, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase attributes/1, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase attributes/1, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase attributes/1, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase attributes/2, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase attributes/2, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase attributes/2, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase attributes/2, "<p id="hello" style="font-weight: bold">x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase attributes-per-element/0, "<div style="font-weight: bold" class="bourgeoisie">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase attributes-per-element/0, "<div style="font-weight: bold" class="bourgeoisie">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase attributes-per-element/0, "<div style="font-weight: bold" class="bourgeoisie">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase attributes-per-element/0, "<div style="font-weight: bold" class="bourgeoisie">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase attributes-per-element/1, "<div style="font-weight: bold" class="bourgeoisie">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase attributes-per-element/1, "<div style="font-weight: bold" class="bourgeoisie">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase attributes-per-element/1, "<div style="font-weight: bold" class="bourgeoisie">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase attributes-per-element/1, "<div style="font-weight: bold" class="bourgeoisie">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase comments/0, "a <!-- comment --> b": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase comments/0, "a <!-- comment --> b": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase comments/1, "a <!-- comment --> b": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase comments/1, "a <!-- comment --> b": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase comments/1, "a <!-- comment --> b": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase comments/1, "a <!-- comment --> b": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase dataAttributes/0, "<p data-x="1" data-y="2" data-z="3">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase dataAttributes/0, "<p data-x="1" data-y="2" data-z="3">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase dataAttributes/0, "<p data-x="1" data-y="2" data-z="3">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase dataAttributes/0, "<p data-x="1" data-y="2" data-z="3">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase dataAttributes/1, "<p data-x="1" data-y="2" data-z="3">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase dataAttributes/1, "<p data-x="1" data-y="2" data-z="3">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase dataAttributes/1, "<p data-x="1" data-y="2" data-z="3">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase dataAttributes/1, "<p data-x="1" data-y="2" data-z="3">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/0, "<svg><rect></svg><math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/0, "<svg><rect></svg><math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/1, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase namespaces/1, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/1, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase namespaces/1, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/2, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/2, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/3, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase namespaces/3, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/3, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase namespaces/3, "<svg><rect>": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/4, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase namespaces/4, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/4, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase namespaces/4, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/5, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/5, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/6, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase namespaces/6, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/6, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase namespaces/6, "<math><mi>x": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/7, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/7, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/8, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase namespaces/8, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/8, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase namespaces/8, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTML testcase namespaces/9, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
    • setHTMLUnsafe testcase namespaces/9, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTML testcase namespaces/9, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
    • parseHTMLUnsafe testcase namespaces/9, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">": FAIL (Chrome: FAIL, Safari: FAIL)
  • /sanitizer-api/sanitizer-boolean-defaults.tentative.html [wpt.fyi]
    • comments: FAIL (Chrome: FAIL, Safari: FAIL)
    • data attributes: FAIL (Chrome: FAIL, Safari: FAIL)
  • /sanitizer-api/sanitizer-config.tentative.html [wpt.fyi]
    • Sanitizer constructor without config.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Sanitizer constructor with empty config.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Sanitizer constructor with null as config.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Sanitizer constructor with undefined as config.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Sanitizer constructor with config ignore unknown values.: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig comments field.: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig dataAttributes field.: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: elements: ["div"]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: elements: [{"name":"b"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: elements: [{"name":"p","namespace":"http://www.w3.org/1999/xhtml"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: elements: [{"name":"bla","namespace":"http://fantasy.org/namespace"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: removeElements: ["div"]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: removeElements: [{"name":"b"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: removeElements: [{"name":"p","namespace":"http://www.w3.org/1999/xhtml"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: removeElements: [{"name":"bla","namespace":"http://fantasy.org/namespace"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: replaceWithChildrenElements: ["div"]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: replaceWithChildrenElements: [{"name":"b"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: replaceWithChildrenElements: [{"name":"p","namespace":"http://www.w3.org/1999/xhtml"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: replaceWithChildrenElements: [{"name":"bla","namespace":"http://fantasy.org/namespace"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: attributes: ["href"]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: attributes: [{"name":"href","namespace":null}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: attributes: [{"name":"href","namespace":""}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: attributes: [{"name":"href","namespace":"https://www.w3.org/1999/xlink"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: removeAttributes: ["href"]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: removeAttributes: [{"name":"href","namespace":null}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: removeAttributes: [{"name":"href","namespace":""}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • SanitizerConfig, normalization: removeAttributes: [{"name":"href","namespace":"https://www.w3.org/1999/xlink"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Test elements addition.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Test elements removal.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Test elements replacewithchildren.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Test attribute addition.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Test attribute removal.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Test attribute-per-element sets (i.e. overwrites).: FAIL (Chrome: FAIL, Safari: FAIL)
    • Test removeAttribute-per-element sets (i.e. overwrites).: FAIL (Chrome: FAIL, Safari: FAIL)
  • /sanitizer-api/sanitizer-names.tenative.html [wpt.fyi]
    • Element names in config item: elements: FAIL (Chrome: FAIL, Safari: FAIL)
    • Element names in config item: removeElements: FAIL (Chrome: FAIL, Safari: FAIL)
    • Element names in config item: replaceWithChildrenElements: FAIL (Chrome: FAIL, Safari: FAIL)
    • Attribute names in config item: attributes: FAIL (Chrome: FAIL, Safari: FAIL)
    • Attribute names in config item: removeAttributes: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced elements #0: elements: ["p"]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced elements #1: elements: ["svg"]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced elements #2: elements: [{"name":"svg","namespace":"http://www.w3.org/2000/svg"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced elements #3: elements: ["math"]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced elements #4: elements: [{"name":"math","namespace":"http://www.w3.org/2000/svg"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced elements #5: elements: [{"name":"math","namespace":"http://www.w3.org/1998/Math/MathML"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #0: attributes: [{"name":"style"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #1: attributes: [{"name":"href"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #2: attributes: [{"name":"xlink:href"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #3: attributes: [{"name":"href","namespace":"http://www.w3.org/1999/xlink"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #4: attributes: [{"name":"href","namespace":"http://www.w3.org/1999/xlink"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #5: attributes: [{"name":"href"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #6: attributes: [{"name":"xlink:href"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #7: attributes: [{"name":"href","namespace":"http://www.w3.org/1999/xlink"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #8: attributes: [{"name":"href","namespace":"http://www.w3.org/1999/xlink"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attributes #9: attributes: [{"name":"href"}]: FAIL (Chrome: FAIL, Safari: FAIL)
    • Namespaced attribute xlink:href inside SVG tree: FAIL (Chrome: FAIL, Safari: FAIL)
    • Mixed-case element names #0: "svg:feBlend": FAIL (Chrome: FAIL, Safari: FAIL)
    • Mixed-case element names #1: "svg:feColorMatrix": FAIL (Chrome: FAIL, Safari: FAIL)
    • Mixed-case element names #2: "svg:textPath": FAIL (Chrome: FAIL, Safari: FAIL)
  • /sanitizer-api/sethtml-safety.tentative.html [wpt.fyi]
    • Testcase #0, setHTML("test)".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #1, setHTML("<p>Hello</p>)".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #2, setHTML("<div>Hello<script>World</script>xxx)".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #3, setHTML("<div>Hello<script>World</script>xxx)".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #4, setHTML("<svg>Hello<script>World</script>xxx)".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #5, setHTML("<img src="https://web-platform.test/test-image" onclick="2+2" one="two">)".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #6, setHTML("<img src="https://web-platform.test/test-image" onclick="2+2" one="two">)".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #7, setHTML("<p data-x="1" data-y="2" data-z="3">)".: FAIL (Chrome: FAIL, Safari: FAIL)
  • /sanitizer-api/sethtml-tree-construction.tentative.html [wpt.fyi]
    • Non-string input: empty object.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Non-string input: number.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Non-string input: octal number.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Non-string input: expression.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Non-string input: undefined.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #0, "test", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #1, "<b>bla</b>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #2, "<a<embla", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #3, "<html><head></head><body>test</body></html>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #4, "<div>test", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #5, "<script>alert('i am a test')</script>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #6, "hello<script>alert('i am a test')</script>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #7, "<div><b>hello<script>alert('i am a test')</script>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #8, "<p onclick='a= 123'>Click.</p>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #9, "<plaintext><p>text</p>", config: "{}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #10, "<xmp>TEXT</xmp>", config: "{}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #11, "test", config: "{ "test": 123 }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #12, "test", config: "{ "removeElements": [] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #13, "<div>test</div><p>bla", config: "{ "removeElements": ["div"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #14, "<custom-element>test1</custom-element>bla", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #15, "<custom-element>test3</custom-element>bla", config: "{ "elements": ["custom-element"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #16, "<custom-element>test5</custom-element>bla", config: "{ "removeElements": ["custom-element"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #17, "<script>alert('i am a test')</script>", config: "{ "removeElements": ["script"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #18, "<div>balabala<i>test</i></div><test-element>t</test-element>", config: "{ "removeElements": ["test-element", "i"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #19, "<div>balabala<i>i</i><p>t</p></div>", config: "{ "removeElements": ["dl", "p"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #20, "<div>test<div>p</div>tt<p>div</p></div>", config: "{ "elements": ["p"], "replaceWithChildrenElements": ["div"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #21, "<div>test</div><p>bla", config: "{ "removeElements": ["div"], "elements": ["div"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #22, "<p id='test'>Click.</p>", config: "{ "removeAttributes": [] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #23, "<p id='test'>Click.</p>", config: "{ "removeAttributes": ["id"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #24, "<p id='test'>Click.</p>", config: "{ "elements": ["p"], "removeAttributes": ["id"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #25, "<p id='p' data-attribute-with-dashes='123'>Click.</p><script>document.getElementById('p').dataset.attributeWithDashes=123;</script>", config: "{ "elements": ["p"], "removeAttributes": ["data-attribute-with-dashes"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #26, "<p id='p' title='p'>P</p><div id='div' title='div'>DIV</div>", config: "{ "elements": [
      { "name": "p", "attributes": ["title"] },
      { "name": "div", "attributes": ["id"] }
      ]}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #27, "<p id='p' title='p'>P</p><div id='div' title='div'>DIV</div>", config: "{ "elements":
      [
      { "name": "p", "removeAttributes": ["title"] },
      { "name": "div", "removeAttributes": ["id"] }
      ]
      }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #28, "<div id='div' title='div'>DIV</div>", config: "{ "elements": [{ "name": "div", "attributes": ["id"], "removeAttributes": ["id"] }]}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #29, "<div id='div' title='div'>DIV</div>", config: "{ "elements": [{ "name": "div", "attributes": ["id", "title"] }],
      "attributes": []}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #30, "<div id='div' title='div'>DIV</div>", config: "{
      "elements": [{ "name": "div", "attributes": ["id", "title"] }],
      "removeAttributes": ["id", "title"]
      }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #31, "<div id='div' title='div'>DIV</div>", config: "{
      "elements": [{ "name": "div", "removeAttributes": ["id", "title"] }],
      "attributes": ["id", "title"]
      }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #32, "<p id='test' onclick='a= 123'>Click.</p>", config: "{ "attributes": ["id"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #33, "<p style='color: black'>Click.</p>", config: "{ "removeAttributes": ["style"], "attributes": ["style"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #34, "<template><script>test</script><div>hello</div></template>", config: "{ "elements": ["template", "div"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #35, "<a href='javascript:evil.com'>Click.</a>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #36, "<a href=' javascript:evil.com'>Click.</a>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #37, "<a href='http:evil.com'>Click.</a>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #38, "<area href='javascript:evil.com'>Click.</area>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #39, "<area href=' javascript:evil.com'>Click.</area>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #40, "<area href='http:evil.com'>Click.</area>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #41, "<form action='javascript:evil.com'>Click.</form>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #42, "<form action=' javascript:evil.com'>Click.</form>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #43, "<form action='http:evil.com'>Click.</form>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #44, "<input formaction='javascript:evil.com'>Click.</input>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #45, "<input formaction=' javascript:evil.com'>Click.</input>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #46, "<input formaction='http:evil.com'>Click.</input>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #47, "<button formaction='javascript:evil.com'>Click.</button>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #48, "<button formaction=' javascript:evil.com'>Click.</button>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #49, "<button formaction='http:evil.com'>Click.</button>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #50, "<p>Some text</p></body><!-- 1 --></html><!-- 2 --><p>Some more text</p>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #51, "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #52, "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", config: "{ "comments": true }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #53, "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", config: "{ "comments": false }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #54, "<p>comment<!-- hello -->in<!-- </p> -->text</p>", config: "undefined".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #55, "<p>comment<!-- hello -->in<!-- </p> -->text</p>", config: "{ "comments": true }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #56, "<p>comment<!-- hello -->in<!-- </p> -->text</p>", config: "{ "comments": false }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #57, "<svg></svg>", config: "{ "elements": ["svg"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #58, "<div><svg></svg></div>", config: "{ "elements": ["div", "svg"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #59, "<div>balabala<dl>test</dl></div>", config: "{ "removeElements": ["I", "DL"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #60, "<div>balabala<dl>test</dl></div>", config: "{ "removeElements": ["i", "dl"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #61, "<DIV>balabala<DL>test</DL></DIV>", config: "{ "removeElements": ["i", "dl"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #62, "<p id="test">Click.</p>", config: "{ "removeAttributes": ["ID"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #63, "<p ID="test">Click.</p>", config: "{ "removeAttributes": ["ID"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #64, "<p ID="test">Click.</p>", config: "{ "removeAttributes": ["id"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #65, "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>", config: "{ "removeElements": [123, "test", "i", "custom-element"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #66, "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>", config: "{ "replaceWithChildrenElements": [123, "test", "i", "custom-element"],
      "elements": ["div"]}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #67, "<div>test<div>p</div>tt<p>div</p></div><test>test</test>", config: "{ "elements": ["p", "test"], "replaceWithChildrenElements": ["div"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #68, "test<div>p</div>tt<p>div</p><test>test</test>", config: "{ "elements": ["p", "test"], "replaceWithChildrenElements": ["div"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #69, "<div hello='1' world='2'><b hello='3' world='4'>", config: "{ "elements": ["div", "b"], "attributes": ["hello", "world"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #70, "<div hello='1' world='2'><b hello='3' world='4'>", config: "{ "elements": ["div", "b"], "removeAttributes": ["hello", "world"] }".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #71, "<template><div>Hello</div></template>", config: "{}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #72, "<template><div>Hello</div></template>", config: "{ "elements": ["div"]}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #73, "<template><div>Hello</div></template>", config: "{ "elements": ["template"]}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #74, "<template><div>Hello</div></template>", config: "{ "elements": ["div", "template"]}".: FAIL (Chrome: FAIL, Safari: FAIL)
    • Testcase #75, "<template><div>Hello</div></template>", config: "{ "elements": ["template"], "replaceWithChildrenElements": ["div"]}".: FAIL (Chrome: FAIL, Safari: FAIL)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f9a819ed8248 [wpt PR 50742] - [Sanitizer] Implement new defaults API., a=testonly https://hg.mozilla.org/integration/autoland/rev/2cdb12a19c76 [wpt PR 50742] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/f9a819ed8248
https://hg.mozilla.org/mozilla-central/rev/2cdb12a19c76

Status: NEW → RESOLVED
Closed: 6 months ago
status-firefox137: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 137 Branch
You need to log in before you can comment on or make changes to this bug.