2021473 - [wpt-sync] Sync PR 58296 - Remove <svg:animateMotion> from svg navigating attribute list.

Status: RESOLVED FIXED

(Core :: DOM: Security, task, P4)

Description

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Sync web-platform-tests PR 58296 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/58296
Details from upstream follow.

Daniel Vogelheim <vogelheim@chromium.org> wrote:

Remove <svg:animateMotion> from svg navigating attribute list.

animateMotion does animation, but doesn't animate other element's attributes
and has no attributeName= attribute. This, it doesn't belong in the SVG
navigating attributes list and is no XSS risk.

Ref: https://github.com/WICG/sanitizer-api/pull/376
Bug: 40138584
Change-Id: I4600bcbd753a5c978d4afc9a5f47877073d09634
Reviewed-on: https://chromium-review.googlesource.com/7638229
WPT-Export-Revision: d589374849275cf7da1a9a13c59bf1f108278731

Comment 1

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=8c7b421b170511f83bca13c6ef78eadaeff7cfb0

Comment 2

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 20 tests and 4 subtests

Status Summary

Firefox

OK : 1[GitHub] 20[Gecko-android-em-14-x86_64-debug-geckoview, Gecko-android-em-14-x86_64-lite-opt-geckoview, Gecko-android-em-14-x86_64-opt-geckoview, Gecko-linux2404-64-debug, Gecko-linux2404-64-opt, Gecko-windows11-32-24h2-debug, Gecko-windows11-32-24h2-opt, Gecko-windows11-64-24h2-debug, Gecko-windows11-64-24h2-opt]
PASS: 40[GitHub] 516[Gecko-android-em-14-x86_64-debug-geckoview, Gecko-android-em-14-x86_64-lite-opt-geckoview, Gecko-android-em-14-x86_64-opt-geckoview, Gecko-linux2404-64-debug, Gecko-linux2404-64-opt, Gecko-windows11-32-24h2-debug, Gecko-windows11-32-24h2-opt, Gecko-windows11-64-24h2-debug, Gecko-windows11-64-24h2-opt]
FAIL: 4[GitHub] 132[Gecko-android-em-14-x86_64-debug-geckoview, Gecko-android-em-14-x86_64-lite-opt-geckoview, Gecko-android-em-14-x86_64-opt-geckoview, Gecko-linux2404-64-debug, Gecko-linux2404-64-opt, Gecko-windows11-32-24h2-debug, Gecko-windows11-32-24h2-opt, Gecko-windows11-64-24h2-debug, Gecko-windows11-64-24h2-opt]

Chrome

OK : 1
PASS: 40
FAIL: 4

Safari

OK : 1
FAIL: 44

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

• /sanitizer-api/sanitizer-javascript-url.html [wpt.fyi]
  • setHTML testcase built-in-animating-url-attributes-list/2, "<svg><animateMotion attributeName="href"></svg>": FAIL (Chrome: FAIL, Safari: FAIL)
  • parseHTML testcase built-in-animating-url-attributes-list/2, "<svg><animateMotion attributeName="href"></svg>": FAIL (Chrome: FAIL, Safari: FAIL)
  • setHTML testcase built-in-animating-url-attributes-list/3, "<svg><animateMotion attributeName="xlink:href"></svg>": FAIL (Chrome: FAIL, Safari: FAIL)
  • parseHTML testcase built-in-animating-url-attributes-list/3, "<svg><animateMotion attributeName="xlink:href"></svg>": FAIL (Chrome: FAIL, Safari: FAIL)
• /sanitizer-api/sanitizer-modifiers.tentative.html [wpt.fyi]
  • sanitizer.replaceElementWithChildren does not allow 'html' element.: FAIL
• /sanitizer-api/sanitizer-parseHTML.tentative.html [wpt.fyi]
  • parseHTML testcase 4, "<html onload="3 + 3"><div>a": FAIL
  • parseHTMLUnsafe testcase 4, "<html onload="3 + 3"><div>a": FAIL
  • parseHTML testcase 4, "<html onload="2 + 2"><div>a": FAIL
  • parseHTMLUnsafe testcase 4, "<html onload="2 + 2"><div>a": FAIL
• /sanitizer-api/sethtml-tree-construction.tentative.html [wpt.fyi]
  • Testcase #71, "<table><div><td>", config: "{ "replaceWithChildrenElements": ["table"] }".: FAIL
• /sanitizer-api/sethtml-with-trustedtypes-createParserOptions.tentative.html [wpt.fyi]
  • ShadowRoot.setHTMLUnsafe: passing a TrustedParserOptions overrides default policy: FAIL
  • Element.setHTMLUnsafe: passing a TrustedParserOptions overrides default policy: FAIL
• /sanitizer-api/sethtml-with-trustedtypes-immutable.tentative.html [wpt.fyi]
  • setHTML: createParserOptions doesn't mutate original object: FAIL
  • setHTML: createParserOptions doesn't mutate sanitizer object: FAIL
  • setHTMLUnsafe: createParserOptions doesn't mutate original object: FAIL
  • setHTMLUnsafe: createParserOptions doesn't mutate sanitizer object: FAIL
• /sanitizer-api/sethtml-with-trustedtypes.tentative.html [wpt.fyi]
  • ShadowRoot.setHTML: createParserOptions can inject a sanitizer config: FAIL
  • ShadowRoot.setHTML: createParserOptions can inject a sanitizer: FAIL
  • ShadowRoot.setHTML: createParserOptions can override a sanitizer config: FAIL
  • ShadowRoot.setHTML: createParserOptions can remove a sanitizer: FAIL
  • ShadowRoot.setHTML: createParserOptions returning null fails: FAIL
  • ShadowRoot.setHTML: createParserOptions returning undefined fails: FAIL
  • ShadowRoot.setHTML: createParserOptions returning 0 fails: FAIL
  • ShadowRoot.setHTML: createParserOptions returning 123 fails: FAIL
  • ShadowRoot.setHTML: createParserOptions returning "foo" fails: FAIL
  • ShadowRoot.setHTMLUnsafe: createParserOptions can inject a sanitizer config: FAIL
  • ShadowRoot.setHTMLUnsafe: createParserOptions can inject a sanitizer: FAIL
  • ShadowRoot.setHTMLUnsafe: createParserOptions can override a sanitizer config: FAIL
  • ShadowRoot.setHTMLUnsafe: createParserOptions returning null fails: FAIL
  • ShadowRoot.setHTMLUnsafe: createParserOptions returning undefined fails: FAIL
  • ShadowRoot.setHTMLUnsafe: createParserOptions returning 0 fails: FAIL
  • ShadowRoot.setHTMLUnsafe: createParserOptions returning 123 fails: FAIL
  • ShadowRoot.setHTMLUnsafe: createParserOptions returning "foo" fails: FAIL
  • ShadowRoot.innerHTML: createParserOptions can inject a sanitizer config: FAIL
  • ShadowRoot.innerHTML: createParserOptions can inject a sanitizer: FAIL
  • ShadowRoot.innerHTML: createParserOptions can override a sanitizer config: FAIL
  • ShadowRoot.innerHTML: createParserOptions returning null fails: FAIL
  • ShadowRoot.innerHTML: createParserOptions returning undefined fails: FAIL
  • ShadowRoot.innerHTML: createParserOptions returning 0 fails: FAIL
  • ShadowRoot.innerHTML: createParserOptions returning 123 fails: FAIL
  • ShadowRoot.innerHTML: createParserOptions returning "foo" fails: FAIL
  • ShadowRoot.beforebegin: createParserOptions can inject a sanitizer config: FAIL
  • ShadowRoot.beforebegin: createParserOptions can inject a sanitizer: FAIL
  • ShadowRoot.beforebegin: createParserOptions can override a sanitizer config: FAIL
  • ShadowRoot.beforebegin: createParserOptions returning null fails: FAIL
  • ShadowRoot.beforebegin: createParserOptions returning undefined fails: FAIL
  • ShadowRoot.beforebegin: createParserOptions returning 0 fails: FAIL
  • ShadowRoot.beforebegin: createParserOptions returning 123 fails: FAIL
  • ShadowRoot.beforebegin: createParserOptions returning "foo" fails: FAIL
  • ShadowRoot.afterend: createParserOptions can inject a sanitizer config: FAIL
  • ShadowRoot.afterend: createParserOptions can inject a sanitizer: FAIL
  • ShadowRoot.afterend: createParserOptions can override a sanitizer config: FAIL
  • ShadowRoot.afterend: createParserOptions returning null fails: FAIL
  • ShadowRoot.afterend: createParserOptions returning undefined fails: FAIL
  • ShadowRoot.afterend: createParserOptions returning 0 fails: FAIL
  • ShadowRoot.afterend: createParserOptions returning 123 fails: FAIL
  • ShadowRoot.afterend: createParserOptions returning "foo" fails: FAIL
  • ShadowRoot.setHTMLUnsafe: createParserOptions works after createHTML: FAIL
  • Element.setHTML: createParserOptions can inject a sanitizer config: FAIL
  • Element.setHTML: createParserOptions can inject a sanitizer: FAIL
  • Element.setHTML: createParserOptions can override a sanitizer config: FAIL
  • Element.setHTML: createParserOptions can remove a sanitizer: FAIL
  • Element.setHTML: createParserOptions returning null fails: FAIL
  • Element.setHTML: createParserOptions returning undefined fails: FAIL
  • Element.setHTML: createParserOptions returning 0 fails: FAIL
  • Element.setHTML: createParserOptions returning 123 fails: FAIL
  • Element.setHTML: createParserOptions returning "foo" fails: FAIL
  • Element.setHTMLUnsafe: createParserOptions can inject a sanitizer config: FAIL
  • Element.setHTMLUnsafe: createParserOptions can inject a sanitizer: FAIL
  • Element.setHTMLUnsafe: createParserOptions can override a sanitizer config: FAIL
  • Element.setHTMLUnsafe: createParserOptions returning null fails: FAIL
  • Element.setHTMLUnsafe: createParserOptions returning undefined fails: FAIL
  • Element.setHTMLUnsafe: createParserOptions returning 0 fails: FAIL
  • Element.setHTMLUnsafe: createParserOptions returning 123 fails: FAIL
  • Element.setHTMLUnsafe: createParserOptions returning "foo" fails: FAIL
  • Element.innerHTML: createParserOptions can inject a sanitizer config: FAIL
  • Element.innerHTML: createParserOptions can inject a sanitizer: FAIL
  • Element.innerHTML: createParserOptions can override a sanitizer config: FAIL
  • Element.innerHTML: createParserOptions returning null fails: FAIL
  • Element.innerHTML: createParserOptions returning undefined fails: FAIL
  • Element.innerHTML: createParserOptions returning 0 fails: FAIL
  • Element.innerHTML: createParserOptions returning 123 fails: FAIL
  • Element.innerHTML: createParserOptions returning "foo" fails: FAIL
  • Element.outerHTML: createParserOptions can inject a sanitizer config: FAIL
  • Element.outerHTML: createParserOptions can inject a sanitizer: FAIL
  • Element.outerHTML: createParserOptions can override a sanitizer config: FAIL
  • Element.outerHTML: createParserOptions returning null fails: FAIL
  • Element.outerHTML: createParserOptions returning undefined fails: FAIL
  • Element.outerHTML: createParserOptions returning 0 fails: FAIL
  • Element.outerHTML: createParserOptions returning 123 fails: FAIL
  • Element.outerHTML: createParserOptions returning "foo" fails: FAIL
  • Element.createContextualFragment: createParserOptions can inject a sanitizer config: FAIL
  • Element.createContextualFragment: createParserOptions can inject a sanitizer: FAIL
  • Element.createContextualFragment: createParserOptions can override a sanitizer config: FAIL
  • Element.createContextualFragment: createParserOptions returning null fails: FAIL
  • Element.createContextualFragment: createParserOptions returning undefined fails: FAIL
  • Element.createContextualFragment: createParserOptions returning 0 fails: FAIL
  • Element.createContextualFragment: createParserOptions returning 123 fails: FAIL
  • Element.createContextualFragment: createParserOptions returning "foo" fails: FAIL
  • Element.afterbegin: createParserOptions can inject a sanitizer config: FAIL
  • Element.afterbegin: createParserOptions can inject a sanitizer: FAIL
  • Element.afterbegin: createParserOptions can override a sanitizer config: FAIL
  • Element.afterbegin: createParserOptions returning null fails: FAIL
  • Element.afterbegin: createParserOptions returning undefined fails: FAIL
  • Element.afterbegin: createParserOptions returning 0 fails: FAIL
  • Element.afterbegin: createParserOptions returning 123 fails: FAIL
  • Element.afterbegin: createParserOptions returning "foo" fails: FAIL
  • Element.beforeend: createParserOptions can inject a sanitizer config: FAIL
  • Element.beforeend: createParserOptions can inject a sanitizer: FAIL
  • Element.beforeend: createParserOptions can override a sanitizer config: FAIL
  • Element.beforeend: createParserOptions returning null fails: FAIL
  • Element.beforeend: createParserOptions returning undefined fails: FAIL
  • Element.beforeend: createParserOptions returning 0 fails: FAIL
  • Element.beforeend: createParserOptions returning 123 fails: FAIL
  • Element.beforeend: createParserOptions returning "foo" fails: FAIL
  • Element.beforebegin: createParserOptions can inject a sanitizer config: FAIL
  • Element.beforebegin: createParserOptions can inject a sanitizer: FAIL
  • Element.beforebegin: createParserOptions can override a sanitizer config: FAIL
  • Element.beforebegin: createParserOptions returning null fails: FAIL
  • Element.beforebegin: createParserOptions returning undefined fails: FAIL
  • Element.beforebegin: createParserOptions returning 0 fails: FAIL
  • Element.beforebegin: createParserOptions returning 123 fails: FAIL
  • Element.beforebegin: createParserOptions returning "foo" fails: FAIL
  • Element.afterend: createParserOptions can inject a sanitizer config: FAIL
  • Element.afterend: createParserOptions can inject a sanitizer: FAIL
  • Element.afterend: createParserOptions can override a sanitizer config: FAIL
  • Element.afterend: createParserOptions returning null fails: FAIL
  • Element.afterend: createParserOptions returning undefined fails: FAIL
  • Element.afterend: createParserOptions returning 0 fails: FAIL
  • Element.afterend: createParserOptions returning 123 fails: FAIL
  • Element.afterend: createParserOptions returning "foo" fails: FAIL
  • Element.setHTMLUnsafe: createParserOptions works after createHTML: FAIL

Comment 3

[Pulsebot]

Pushed by wptsync@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/66a5fe67f5b1
https://hg.mozilla.org/integration/autoland/rev/590c0a114af8
[wpt PR 58296] - Remove <svg:animateMotion> from svg navigating attribute list., a=testonly
https://github.com/mozilla-firefox/firefox/commit/0e71cd18ed3f
https://hg.mozilla.org/integration/autoland/rev/76c019bd257a
[wpt PR 58296] - Update wpt metadata, a=testonly

Comment 4

[amarc]

https://hg.mozilla.org/mozilla-central/rev/590c0a114af8
https://hg.mozilla.org/mozilla-central/rev/76c019bd257a