[wpt-sync] Sync PR 58943 - [Sanitizer] Ensure content is removed when an exception is thrown.
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox151 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 58943 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/58943
Details from upstream follow.
Daniel Vogelheim <vogelheim@chromium.org> wrote:
[Sanitizer] Ensure content is removed when an exception is thrown.
When the sanitize operation throws an exception, we don't clear the
parse result. Also, the callers will pass through the exception, but
will return the incomplete result to the callers.Fixed: 496524586
Change-Id: I3a6402afacb5d5275f546dfdefdac5d270e96d1f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7705032
Reviewed-by: Noam Rosenthal \<nrosenthal@google.com>
Reviewed-by: Joey Arhar \<jarhar@chromium.org>
Commit-Queue: Daniel Vogelheim \<vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1609133}
| Assignee | ||
Updated•3 months ago
|
| Assignee | ||
Comment 1•3 months ago
|
||
| Assignee | ||
Comment 2•3 months ago
|
||
CI Results
Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 21 tests and 4 subtests
Status Summary
Firefox
OK : 1[GitHub] 21[Gecko-android-em-14-x86_64-debug-geckoview, Gecko-android-em-14-x86_64-lite-opt-geckoview, Gecko-android-em-14-x86_64-opt-geckoview, Gecko-linux2404-64-debug, Gecko-linux2404-64-opt, Gecko-windows11-32-24h2-debug, Gecko-windows11-32-24h2-opt, Gecko-windows11-64-24h2-debug, Gecko-windows11-64-24h2-opt]
PASS: 84[GitHub] 528[Gecko-android-em-14-x86_64-debug-geckoview, Gecko-android-em-14-x86_64-lite-opt-geckoview, Gecko-android-em-14-x86_64-opt-geckoview, Gecko-linux2404-64-debug, Gecko-linux2404-64-opt, Gecko-windows11-32-24h2-debug, Gecko-windows11-32-24h2-opt, Gecko-windows11-64-24h2-debug, Gecko-windows11-64-24h2-opt]
FAIL: 1[GitHub] 104[Gecko-android-em-14-x86_64-debug-geckoview, Gecko-android-em-14-x86_64-lite-opt-geckoview, Gecko-android-em-14-x86_64-opt-geckoview, Gecko-linux2404-64-debug, Gecko-linux2404-64-opt, Gecko-windows11-32-24h2-debug, Gecko-windows11-32-24h2-opt, Gecko-windows11-64-24h2-debug, Gecko-windows11-64-24h2-opt]
Chrome
OK : 1
PASS: 82
FAIL: 3
Safari
OK : 1
PASS: 4
FAIL: 81
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
New Tests That Don't Pass
- /sanitizer-api/sethtml-tree-construction.tentative.html [wpt.fyi]
- Testcase #71, "<table><div><td>", config: "{ "replaceWithChildrenElements": ["table"] }".:
FAIL(Chrome:PASS, Safari:FAIL)
- Testcase #71, "<table><div><td>", config: "{ "replaceWithChildrenElements": ["table"] }".:
- /sanitizer-api/sethtml-with-custom-elements.tentative.html [wpt.fyi]
- Scoped custom element registry still works.:
FAIL
- Scoped custom element registry still works.:
- /sanitizer-api/sethtml-with-trustedtypes-createParserOptions.tentative.html [wpt.fyi]
- ShadowRoot.setHTMLUnsafe: passing a TrustedParserOptions overrides default policy:
FAIL - Element.setHTMLUnsafe: passing a TrustedParserOptions overrides default policy:
FAIL
- ShadowRoot.setHTMLUnsafe: passing a TrustedParserOptions overrides default policy:
- /sanitizer-api/sethtml-with-trustedtypes-immutable.tentative.html [wpt.fyi]
- createParserOptions doesn't mutate original object:
FAIL - createParserOptions doesn't mutate sanitizer object:
FAIL
- createParserOptions doesn't mutate original object:
- /sanitizer-api/sethtml-with-trustedtypes.tentative.html [wpt.fyi]
- ShadowRoot.setHTMLUnsafe: createParserOptions can inject a sanitizer config:
FAIL - ShadowRoot.setHTMLUnsafe: createParserOptions can inject a sanitizer:
FAIL - ShadowRoot.setHTMLUnsafe: createParserOptions can override a sanitizer config:
FAIL - ShadowRoot.setHTMLUnsafe: createParserOptions returning null fails:
FAIL - ShadowRoot.setHTMLUnsafe: createParserOptions returning undefined fails:
FAIL - ShadowRoot.setHTMLUnsafe: createParserOptions returning 0 fails:
FAIL - ShadowRoot.setHTMLUnsafe: createParserOptions returning 123 fails:
FAIL - ShadowRoot.setHTMLUnsafe: createParserOptions returning "foo" fails:
FAIL - ShadowRoot.innerHTML: createParserOptions can inject a sanitizer config:
FAIL - ShadowRoot.innerHTML: createParserOptions can inject a sanitizer:
FAIL - ShadowRoot.innerHTML: createParserOptions can override a sanitizer config:
FAIL - ShadowRoot.innerHTML: createParserOptions returning null fails:
FAIL - ShadowRoot.innerHTML: createParserOptions returning undefined fails:
FAIL - ShadowRoot.innerHTML: createParserOptions returning 0 fails:
FAIL - ShadowRoot.innerHTML: createParserOptions returning 123 fails:
FAIL - ShadowRoot.innerHTML: createParserOptions returning "foo" fails:
FAIL - ShadowRoot.beforebegin: createParserOptions can inject a sanitizer config:
FAIL - ShadowRoot.beforebegin: createParserOptions can inject a sanitizer:
FAIL - ShadowRoot.beforebegin: createParserOptions can override a sanitizer config:
FAIL - ShadowRoot.beforebegin: createParserOptions returning null fails:
FAIL - ShadowRoot.beforebegin: createParserOptions returning undefined fails:
FAIL - ShadowRoot.beforebegin: createParserOptions returning 0 fails:
FAIL - ShadowRoot.beforebegin: createParserOptions returning 123 fails:
FAIL - ShadowRoot.beforebegin: createParserOptions returning "foo" fails:
FAIL - ShadowRoot.afterend: createParserOptions can inject a sanitizer config:
FAIL - ShadowRoot.afterend: createParserOptions can inject a sanitizer:
FAIL - ShadowRoot.afterend: createParserOptions can override a sanitizer config:
FAIL - ShadowRoot.afterend: createParserOptions returning null fails:
FAIL - ShadowRoot.afterend: createParserOptions returning undefined fails:
FAIL - ShadowRoot.afterend: createParserOptions returning 0 fails:
FAIL - ShadowRoot.afterend: createParserOptions returning 123 fails:
FAIL - ShadowRoot.afterend: createParserOptions returning "foo" fails:
FAIL - ShadowRoot.setHTMLUnsafe: createParserOptions works after createHTML:
FAIL - Element.setHTMLUnsafe: createParserOptions can inject a sanitizer config:
FAIL - Element.setHTMLUnsafe: createParserOptions can inject a sanitizer:
FAIL - Element.setHTMLUnsafe: createParserOptions can override a sanitizer config:
FAIL - Element.setHTMLUnsafe: createParserOptions returning null fails:
FAIL - Element.setHTMLUnsafe: createParserOptions returning undefined fails:
FAIL - Element.setHTMLUnsafe: createParserOptions returning 0 fails:
FAIL - Element.setHTMLUnsafe: createParserOptions returning 123 fails:
FAIL - Element.setHTMLUnsafe: createParserOptions returning "foo" fails:
FAIL - Element.innerHTML: createParserOptions can inject a sanitizer config:
FAIL - Element.innerHTML: createParserOptions can inject a sanitizer:
FAIL - Element.innerHTML: createParserOptions can override a sanitizer config:
FAIL - Element.innerHTML: createParserOptions returning null fails:
FAIL - Element.innerHTML: createParserOptions returning undefined fails:
FAIL - Element.innerHTML: createParserOptions returning 0 fails:
FAIL - Element.innerHTML: createParserOptions returning 123 fails:
FAIL - Element.innerHTML: createParserOptions returning "foo" fails:
FAIL - Element.outerHTML: createParserOptions can inject a sanitizer config:
FAIL - Element.outerHTML: createParserOptions can inject a sanitizer:
FAIL - Element.outerHTML: createParserOptions can override a sanitizer config:
FAIL - Element.outerHTML: createParserOptions returning null fails:
FAIL - Element.outerHTML: createParserOptions returning undefined fails:
FAIL - Element.outerHTML: createParserOptions returning 0 fails:
FAIL - Element.outerHTML: createParserOptions returning 123 fails:
FAIL - Element.outerHTML: createParserOptions returning "foo" fails:
FAIL - Element.createContextualFragment: createParserOptions can inject a sanitizer config:
FAIL - Element.createContextualFragment: createParserOptions can inject a sanitizer:
FAIL - Element.createContextualFragment: createParserOptions can override a sanitizer config:
FAIL - Element.createContextualFragment: createParserOptions returning null fails:
FAIL - Element.createContextualFragment: createParserOptions returning undefined fails:
FAIL - Element.createContextualFragment: createParserOptions returning 0 fails:
FAIL - Element.createContextualFragment: createParserOptions returning 123 fails:
FAIL - Element.createContextualFragment: createParserOptions returning "foo" fails:
FAIL - Element.afterbegin: createParserOptions can inject a sanitizer config:
FAIL - Element.afterbegin: createParserOptions can inject a sanitizer:
FAIL - Element.afterbegin: createParserOptions can override a sanitizer config:
FAIL - Element.afterbegin: createParserOptions returning null fails:
FAIL - Element.afterbegin: createParserOptions returning undefined fails:
FAIL - Element.afterbegin: createParserOptions returning 0 fails:
FAIL - Element.afterbegin: createParserOptions returning 123 fails:
FAIL - Element.afterbegin: createParserOptions returning "foo" fails:
FAIL - Element.beforeend: createParserOptions can inject a sanitizer config:
FAIL - Element.beforeend: createParserOptions can inject a sanitizer:
FAIL - Element.beforeend: createParserOptions can override a sanitizer config:
FAIL - Element.beforeend: createParserOptions returning null fails:
FAIL - Element.beforeend: createParserOptions returning undefined fails:
FAIL - Element.beforeend: createParserOptions returning 0 fails:
FAIL - Element.beforeend: createParserOptions returning 123 fails:
FAIL - Element.beforeend: createParserOptions returning "foo" fails:
FAIL - Element.beforebegin: createParserOptions can inject a sanitizer config:
FAIL - Element.beforebegin: createParserOptions can inject a sanitizer:
FAIL - Element.beforebegin: createParserOptions can override a sanitizer config:
FAIL - Element.beforebegin: createParserOptions returning null fails:
FAIL - Element.beforebegin: createParserOptions returning undefined fails:
FAIL - Element.beforebegin: createParserOptions returning 0 fails:
FAIL - Element.beforebegin: createParserOptions returning 123 fails:
FAIL - Element.beforebegin: createParserOptions returning "foo" fails:
FAIL - Element.afterend: createParserOptions can inject a sanitizer config:
FAIL - Element.afterend: createParserOptions can inject a sanitizer:
FAIL - Element.afterend: createParserOptions can override a sanitizer config:
FAIL - Element.afterend: createParserOptions returning null fails:
FAIL - Element.afterend: createParserOptions returning undefined fails:
FAIL - Element.afterend: createParserOptions returning 0 fails:
FAIL - Element.afterend: createParserOptions returning 123 fails:
FAIL - Element.afterend: createParserOptions returning "foo" fails:
FAIL - Element.setHTMLUnsafe: createParserOptions works after createHTML:
FAIL
- ShadowRoot.setHTMLUnsafe: createParserOptions can inject a sanitizer config:
Description
•