From 18e05d3aabf485676a602c63e2392b35dc1d5fd8 Mon Sep 17 00:00:00 2001 From: Tim van der Lippe Date: Fri, 15 Aug 2025 21:18:19 +0200 Subject: [PATCH] Implement trusted types for setAttribute (#38700) Callers now call `set_attribute` directly, to avoid the trusted types machinery, as well as skip validation. That's not required by spec as well. This implements part of the DOM integration from https://github.com/whatwg/dom/pull/1268 Part of #36258 Signed-off-by: Tim van der Lippe --- components/script/devtools.rs | 8 +- components/script/dom/element.rs | 62 ++++++-- components/script/dom/htmlaudioelement.rs | 20 +-- components/script/dom/trustedhtml.rs | 8 +- components/script/dom/trustedscript.rs | 4 +- components/script/dom/trustedscripturl.rs | 8 +- components/script/dom/trustedtypepolicy.rs | 21 ++- .../script/dom/trustedtypepolicyfactory.rs | 149 ++++++++++++++---- .../script_bindings/webidls/Element.webidl | 4 +- .../webidls/TrustedTypePolicyFactory.webidl | 2 + ...te-setAttributeNS-sinks.tentative.html.ini | 21 --- ...ssignment-to-Element-setAttribute.html.ini | 15 -- ...ignment-to-Element-setAttributeNS.html.ini | 3 - ...s-mutations-in-callback.tentative.html.ini | 63 -------- ...uire-trusted-types-default-policy.html.ini | 21 --- ...e-trusted-types-no-default-policy.html.ini | 21 --- ...eporting-for-Element-setAttribute.html.ini | 21 --- ...trusted-types-svg-script-set-href.html.ini | 6 - 18 files changed, 217 insertions(+), 240 deletions(-) delete mode 100644 tests/wpt/meta/trusted-types/Element-setAttribute-setAttributeNS-sinks.tentative.html.ini delete mode 100644 tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.ini diff --git a/components/script/devtools.rs b/components/script/devtools.rs index 05a18a613e5..db46f725fb7 100644 --- a/components/script/devtools.rs +++ b/components/script/devtools.rs @@ -11,11 +11,13 @@ use devtools_traits::{ AttrModification, AutoMargins, ComputedNodeLayout, CssDatabaseProperty, EvaluateJSReply, NodeInfo, NodeStyle, RuleModification, TimelineMarker, TimelineMarkerType, }; +use html5ever::LocalName; use ipc_channel::ipc::IpcSender; use js::conversions::jsstr_to_string; use js::jsval::UndefinedValue; use js::rust::ToString; use servo_config::pref; +use style::attr::AttrValue; use uuid::Uuid; use crate::document_collection::DocumentCollection; @@ -435,9 +437,9 @@ pub(crate) fn handle_modify_attribute( for modification in modifications { match modification.new_value { Some(string) => { - let _ = elem.SetAttribute( - DOMString::from(modification.attribute_name), - DOMString::from(string), + elem.set_attribute( + &LocalName::from(modification.attribute_name), + AttrValue::String(string), can_gc, ); }, diff --git a/components/script/dom/element.rs b/components/script/dom/element.rs index a3ccfabef4b..3dca888ea1a 100644 --- a/components/script/dom/element.rs +++ b/components/script/dom/element.rs @@ -87,7 +87,9 @@ use crate::dom::bindings::codegen::Bindings::WindowBinding::{ }; use crate::dom::bindings::codegen::UnionTypes::{ BooleanOrScrollIntoViewOptions, NodeOrString, TrustedHTMLOrNullIsEmptyString, - TrustedHTMLOrString, TrustedScriptURLOrUSVString, + TrustedHTMLOrString, + TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString as TrustedTypeOrString, + TrustedScriptURLOrUSVString, }; use crate::dom::bindings::conversions::DerivedFrom; use crate::dom::bindings::domname::{ @@ -161,6 +163,7 @@ use crate::dom::servoparser::ServoParser; use crate::dom::shadowroot::{IsUserAgentWidget, ShadowRoot}; use crate::dom::text::Text; use crate::dom::trustedhtml::TrustedHTML; +use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory; use crate::dom::validation::Validatable; use crate::dom::validitystate::ValidationFlags; use crate::dom::virtualmethods::{VirtualMethods, vtable_for}; @@ -752,7 +755,7 @@ impl Element { // https://html.spec.whatwg.org/multipage/#translation-mode pub(crate) fn is_translate_enabled(&self) -> bool { - let name = &html5ever::local_name!("translate"); + let name = &local_name!("translate"); if self.has_attribute(name) { match_ignore_ascii_case! { &*self.get_string_attribute(name), "yes" | "" => return true, @@ -3155,17 +3158,39 @@ impl ElementMethods for Element { } /// - fn SetAttribute(&self, name: DOMString, value: DOMString, can_gc: CanGc) -> ErrorResult { - // Step 1. If qualifiedName is not a valid attribute local name, - // then throw an "InvalidCharacterError" DOMException. + fn SetAttribute( + &self, + name: DOMString, + value: TrustedTypeOrString, + can_gc: CanGc, + ) -> ErrorResult { + // Step 1. If qualifiedName does not match the Name production in XML, + // then throw an "InvalidCharacterError" DOMException. if !is_valid_attribute_local_name(&name) { return Err(Error::InvalidCharacter); } - // Step 2. + // Step 2. If this is in the HTML namespace and its node document is an HTML document, + // then set qualifiedName to qualifiedName in ASCII lowercase. let name = self.parsed_name(name); - // Step 3-5. + // Step 3. Let verifiedValue be the result of calling get + // Trusted Types-compliant attribute value with qualifiedName, null, + // this, and value. [TRUSTED-TYPES] + let value = TrustedTypePolicyFactory::get_trusted_types_compliant_attribute_value( + self.namespace(), + self.local_name(), + &name, + None, + value, + &self.owner_global(), + can_gc, + )?; + + // Step 4. Let attribute be the first attribute in this’s attribute list whose qualified name is qualifiedName, and null otherwise. + // Step 5. If attribute is null, create an attribute whose local name is qualifiedName, value is verifiedValue, and node document + // is this’s node document, then append this attribute to this, and then return. + // Step 6. Change attribute to verifiedValue. let value = self.parse_attribute(&ns!(), &name, value); self.set_first_matching_attribute( name.clone(), @@ -3184,20 +3209,29 @@ impl ElementMethods for Element { &self, namespace: Option, qualified_name: DOMString, - value: DOMString, + value: TrustedTypeOrString, can_gc: CanGc, ) -> ErrorResult { - // Step 1. Let (namespace, prefix, localName) be the result of validating and - // extracting namespace and qualifiedName given "element". - let context = domname::Context::Element; + // Step 1. Let namespace, prefix, and localName be the result of passing namespace and qualifiedName to validate and extract. let (namespace, prefix, local_name) = - domname::validate_and_extract(namespace, &qualified_name, context)?; - let qualified_name = LocalName::from(qualified_name); + domname::validate_and_extract(namespace, &qualified_name, domname::Context::Element)?; + // Step 2. Let verifiedValue be the result of calling get + // Trusted Types-compliant attribute value with localName, namespace, element, and value. [TRUSTED-TYPES] + let value = TrustedTypePolicyFactory::get_trusted_types_compliant_attribute_value( + self.namespace(), + self.local_name(), + &local_name, + Some(&namespace), + value, + &self.owner_global(), + can_gc, + )?; + // Step 3. Set an attribute value for this using localName, verifiedValue, and also prefix and namespace. let value = self.parse_attribute(&namespace, &local_name, value); self.set_first_matching_attribute( local_name.clone(), value, - qualified_name, + LocalName::from(qualified_name), namespace.clone(), prefix, |attr| *attr.local_name() == local_name && *attr.namespace() == namespace, diff --git a/components/script/dom/htmlaudioelement.rs b/components/script/dom/htmlaudioelement.rs index 938c2e7ccd6..b5c89cdde7b 100644 --- a/components/script/dom/htmlaudioelement.rs +++ b/components/script/dom/htmlaudioelement.rs @@ -5,8 +5,8 @@ use dom_struct::dom_struct; use html5ever::{LocalName, Prefix, QualName, local_name, ns}; use js::rust::HandleObject; +use style::attr::AttrValue; -use crate::dom::bindings::codegen::Bindings::ElementBinding::Element_Binding::ElementMethods; use crate::dom::bindings::codegen::Bindings::HTMLAudioElementBinding::HTMLAudioElementMethods; use crate::dom::bindings::codegen::Bindings::WindowBinding::WindowMethods; use crate::dom::bindings::error::Fallible; @@ -75,15 +75,17 @@ impl HTMLAudioElementMethods for HTMLAudioElement { let audio = DomRoot::downcast::(element).unwrap(); - audio - .upcast::() - .SetAttribute(DOMString::from("preload"), DOMString::from("auto"), can_gc) - .expect("should be infallible"); + audio.upcast::().set_attribute( + &local_name!("preload"), + AttrValue::String("auto".to_owned()), + can_gc, + ); if let Some(s) = src { - audio - .upcast::() - .SetAttribute(DOMString::from("src"), s, can_gc) - .expect("should be infallible"); + audio.upcast::().set_attribute( + &local_name!("src"), + AttrValue::String(s.into()), + can_gc, + ); } Ok(audio) diff --git a/components/script/dom/trustedhtml.rs b/components/script/dom/trustedhtml.rs index ce45ac60fd9..905c5e58422 100644 --- a/components/script/dom/trustedhtml.rs +++ b/components/script/dom/trustedhtml.rs @@ -17,7 +17,7 @@ use crate::dom::bindings::root::DomRoot; use crate::dom::bindings::str::DOMString; use crate::dom::globalscope::GlobalScope; use crate::dom::trustedtypepolicy::TrustedType; -use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory; +use crate::dom::trustedtypepolicyfactory::{DEFAULT_SCRIPT_SINK_GROUP, TrustedTypePolicyFactory}; use crate::script_runtime::CanGc; #[dom_struct] @@ -53,7 +53,7 @@ impl TrustedHTML { global, value, sink, - "'script'", + DEFAULT_SCRIPT_SINK_GROUP, can_gc, ) }, @@ -61,6 +61,10 @@ impl TrustedHTML { TrustedHTMLOrString::TrustedHTML(trusted_html) => Ok(trusted_html.data.clone()), } } + + pub(crate) fn data(&self) -> DOMString { + self.data.clone() + } } impl fmt::Display for TrustedHTML { diff --git a/components/script/dom/trustedscript.rs b/components/script/dom/trustedscript.rs index 9e275e0bf96..fb7cc35be02 100644 --- a/components/script/dom/trustedscript.rs +++ b/components/script/dom/trustedscript.rs @@ -16,7 +16,7 @@ use crate::dom::bindings::str::DOMString; use crate::dom::csp::CspReporting; use crate::dom::globalscope::GlobalScope; use crate::dom::trustedtypepolicy::TrustedType; -use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory; +use crate::dom::trustedtypepolicyfactory::{DEFAULT_SCRIPT_SINK_GROUP, TrustedTypePolicyFactory}; use crate::script_runtime::{CanGc, JSContext}; #[dom_struct] @@ -52,7 +52,7 @@ impl TrustedScript { global, value, sink, - "'script'", + DEFAULT_SCRIPT_SINK_GROUP, can_gc, ) }, diff --git a/components/script/dom/trustedscripturl.rs b/components/script/dom/trustedscripturl.rs index 730af503983..0f509efa1eb 100644 --- a/components/script/dom/trustedscripturl.rs +++ b/components/script/dom/trustedscripturl.rs @@ -14,7 +14,7 @@ use crate::dom::bindings::root::DomRoot; use crate::dom::bindings::str::DOMString; use crate::dom::globalscope::GlobalScope; use crate::dom::trustedtypepolicy::TrustedType; -use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory; +use crate::dom::trustedtypepolicyfactory::{DEFAULT_SCRIPT_SINK_GROUP, TrustedTypePolicyFactory}; use crate::script_runtime::CanGc; #[dom_struct] @@ -52,7 +52,7 @@ impl TrustedScriptURL { global, value.as_ref().into(), &sink, - "'script'", + DEFAULT_SCRIPT_SINK_GROUP, can_gc, ) }, @@ -61,6 +61,10 @@ impl TrustedScriptURL { }, } } + + pub(crate) fn data(&self) -> DOMString { + self.data.clone() + } } impl fmt::Display for TrustedScriptURL { diff --git a/components/script/dom/trustedtypepolicy.rs b/components/script/dom/trustedtypepolicy.rs index 012367d9edd..399e031b85c 100644 --- a/components/script/dom/trustedtypepolicy.rs +++ b/components/script/dom/trustedtypepolicy.rs @@ -6,13 +6,14 @@ use std::rc::Rc; use dom_struct::dom_struct; use js::rust::HandleValue; -use strum_macros::IntoStaticStr; +use strum_macros::AsRefStr; use crate::dom::bindings::callback::ExceptionHandling; use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyBinding::TrustedTypePolicyMethods; use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyFactoryBinding::{ CreateHTMLCallback, CreateScriptCallback, CreateScriptURLCallback, TrustedTypePolicyOptions, }; +use crate::dom::bindings::codegen::UnionTypes::TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString as TrustedTypeOrString; use crate::dom::bindings::error::Error::Type; use crate::dom::bindings::error::Fallible; use crate::dom::bindings::reflector::{DomGlobal, DomObject, Reflector, reflect_dom_object}; @@ -38,13 +39,29 @@ pub struct TrustedTypePolicy { create_script_url: Option>, } -#[derive(Clone, IntoStaticStr)] +#[derive(AsRefStr, Clone)] pub(crate) enum TrustedType { TrustedHTML, TrustedScript, TrustedScriptURL, } +impl TrustedType { + pub(crate) fn matches_idl_trusted_type(&self, idl_trusted_type: &TrustedTypeOrString) -> bool { + match self { + TrustedType::TrustedHTML => { + matches!(idl_trusted_type, TrustedTypeOrString::TrustedHTML(_)) + }, + TrustedType::TrustedScript => { + matches!(idl_trusted_type, TrustedTypeOrString::TrustedScript(_)) + }, + TrustedType::TrustedScriptURL => { + matches!(idl_trusted_type, TrustedTypeOrString::TrustedScriptURL(_)) + }, + } + } +} + impl TrustedTypePolicy { fn new_inherited(name: String, options: &TrustedTypePolicyOptions) -> Self { Self { diff --git a/components/script/dom/trustedtypepolicyfactory.rs b/components/script/dom/trustedtypepolicyfactory.rs index 196b2e33bee..25de518a9d9 100644 --- a/components/script/dom/trustedtypepolicyfactory.rs +++ b/components/script/dom/trustedtypepolicyfactory.rs @@ -9,9 +9,11 @@ use js::jsval::NullValue; use js::rust::HandleValue; use script_bindings::conversions::SafeToJSValConvertible; +use crate::conversions::Convert; use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyFactoryBinding::{ TrustedTypePolicyFactoryMethods, TrustedTypePolicyOptions, }; +use crate::dom::bindings::codegen::UnionTypes::TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString as TrustedTypeOrString; use crate::dom::bindings::conversions::root_from_handlevalue; use crate::dom::bindings::error::{Error, Fallible}; use crate::dom::bindings::reflector::{DomGlobal, Reflector, reflect_dom_object}; @@ -33,6 +35,19 @@ pub struct TrustedTypePolicyFactory { policy_names: RefCell>, } +pub(crate) static DEFAULT_SCRIPT_SINK_GROUP: &str = "'script'"; + +impl Convert for TrustedTypeOrString { + fn convert(self) -> DOMString { + match self { + TrustedTypeOrString::TrustedHTML(trusted_html) => trusted_html.data(), + TrustedTypeOrString::TrustedScript(trusted_script) => trusted_script.data(), + TrustedTypeOrString::TrustedScriptURL(trusted_script_url) => trusted_script_url.data(), + TrustedTypeOrString::String(str_) => str_, + } + } +} + impl TrustedTypePolicyFactory { fn new_inherited() -> Self { Self { @@ -97,45 +112,115 @@ impl TrustedTypePolicyFactory { /// #[allow(clippy::if_same_then_else)] fn get_trusted_type_data_for_attribute( - element: QualName, - attribute: String, - attribute_namespace: Option, - ) -> Option { + element_namespace: &Namespace, + element_name: &LocalName, + attribute: &str, + attribute_namespace: Option<&Namespace>, + ) -> Option<(TrustedType, String)> { // Step 1: Let data be null. - let mut data = None; + // + // We return the if directly // Step 2: If attributeNs is null, and attribute is the name of an event handler content attribute, then: // TODO(36258): look up event handlers // Step 3: Find the row in the following table, where element is in the first column, // attributeNs is in the second column, and attribute is in the third column. // If a matching row is found, set data to that row. - if element.ns == ns!(html) && - element.local == local_name!("iframe") && + // Step 4: Return data. + if *element_namespace == ns!(html) && + *element_name == local_name!("iframe") && attribute_namespace.is_none() && attribute == "srcdoc" { - data = Some(DOMString::from("TrustedHTML")) - } else if element.ns == ns!(html) && - element.local == local_name!("script") && + Some(( + TrustedType::TrustedHTML, + "HTMLIFrameElement srcdoc".to_owned(), + )) + } else if *element_namespace == ns!(html) && + *element_name == local_name!("script") && attribute_namespace.is_none() && attribute == "src" { - data = Some(DOMString::from("TrustedScriptURL")) - } else if element.ns == ns!(svg) && - element.local == local_name!("script") && + Some(( + TrustedType::TrustedScriptURL, + "HTMLScriptElement src".to_owned(), + )) + } else if *element_namespace == ns!(svg) && + *element_name == local_name!("script") && attribute_namespace.is_none() && attribute == "href" { - data = Some(DOMString::from("TrustedScriptURL")) - } else if element.ns == ns!(svg) && - element.local == local_name!("script") && - attribute_namespace == Some(ns!(xlink)) && + Some(( + TrustedType::TrustedScriptURL, + "SVGScriptElement href".to_owned(), + )) + } else if *element_namespace == ns!(svg) && + *element_name == local_name!("script") && + attribute_namespace == Some(&ns!(xlink)) && attribute == "href" { - data = Some(DOMString::from("TrustedScriptURL")) + Some(( + TrustedType::TrustedScriptURL, + "SVGScriptElement href".to_owned(), + )) + } else { + None } - // Step 4: Return data. - data } + + /// + pub(crate) fn get_trusted_types_compliant_attribute_value( + element_namespace: &Namespace, + element_name: &LocalName, + attribute: &str, + attribute_namespace: Option<&Namespace>, + new_value: TrustedTypeOrString, + global: &GlobalScope, + can_gc: CanGc, + ) -> Fallible { + // Step 1. If attributeNs is the empty string, set attributeNs to null. + let attribute_namespace = + attribute_namespace.and_then(|a| if *a == ns!() { None } else { Some(a) }); + // Step 2. Set attributeData to the result of Get Trusted Type data for attribute algorithm, + // with the following arguments: + let Some(attribute_data) = Self::get_trusted_type_data_for_attribute( + element_namespace, + element_name, + attribute, + attribute_namespace, + ) else { + // Step 3. If attributeData is null, then: + // Step 3.1. If newValue is a string, return newValue. + // Step 3.2. Assert: newValue is TrustedHTML or TrustedScript or TrustedScriptURL. + // Step 3.3. Return value’s associated data. + return Ok(new_value.convert()); + }; + // Step 4. Let expectedType be the value of the fourth member of attributeData. + // Step 5. Let sink be the value of the fifth member of attributeData. + let (expected_type, sink) = attribute_data; + let new_value = if let TrustedTypeOrString::String(str_) = new_value { + str_ + } else { + // If the type was already trusted, we should return immediately as + // all callers of `get_trusted_type_compliant_string` implement this + // check themselves. However, we should only do this if it matches + // the expected type. + if expected_type.matches_idl_trusted_type(&new_value) { + return Ok(new_value.convert()); + } + new_value.convert() + }; + // Step 6. Return the result of executing Get Trusted Type compliant string with the following arguments: + // If the algorithm threw an error, rethrow the error. + Self::get_trusted_type_compliant_string( + expected_type, + global, + new_value, + &sink, + DEFAULT_SCRIPT_SINK_GROUP, + can_gc, + ) + } + /// pub(crate) fn process_value_with_default_policy( expected_type: TrustedType, @@ -154,8 +239,10 @@ impl TrustedTypePolicyFactory { // Step 2: Let policyValue be the result of executing Get Trusted Type policy value, // with the following arguments: rooted!(in(*cx) let mut trusted_type_name_value = NullValue()); - let trusted_type_name: &'static str = expected_type.clone().into(); - trusted_type_name.safe_to_jsval(cx, trusted_type_name_value.handle_mut()); + expected_type + .clone() + .as_ref() + .safe_to_jsval(cx, trusted_type_name_value.handle_mut()); rooted!(in(*cx) let mut sink_value = NullValue()); sink.safe_to_jsval(cx, sink_value.handle_mut()); @@ -303,23 +390,19 @@ impl TrustedTypePolicyFactoryMethods for TrustedTypePolicy Some(_) | None => None, }; // Step 5: Let interface be the element interface for localName and elementNs. - let interface = QualName::new(None, element_namespace, LocalName::from(local_name)); // Step 6: Let expectedType be null. - let mut expected_type = None; // Step 7: Set attributeData to the result of Get Trusted Type data for attribute algorithm, // with the following arguments: interface as element, attribute, attrNs - let attribute_data = TrustedTypePolicyFactory::get_trusted_type_data_for_attribute( - interface, - attribute, - attribute_namespace, - ); // Step 8: If attributeData is not null, then set expectedType to the interface’s name of // the value of the fourth member of attributeData. - if let Some(trusted_type) = attribute_data { - expected_type = Some(trusted_type) - } // Step 9: Return expectedType. - expected_type + TrustedTypePolicyFactory::get_trusted_type_data_for_attribute( + &element_namespace, + &LocalName::from(local_name), + &attribute, + attribute_namespace.as_ref(), + ) + .map(|tuple| DOMString::from(tuple.0.as_ref())) } /// #[allow(clippy::if_same_then_else)] diff --git a/components/script_bindings/webidls/Element.webidl b/components/script_bindings/webidls/Element.webidl index dcaeed41fe9..15dc236d3f8 100644 --- a/components/script_bindings/webidls/Element.webidl +++ b/components/script_bindings/webidls/Element.webidl @@ -45,9 +45,9 @@ interface Element : Node { [CEReactions, Throws] boolean toggleAttribute(DOMString name, optional boolean force); [CEReactions, Throws] - undefined setAttribute(DOMString name, DOMString value); + undefined setAttribute(DOMString name, (TrustedType or DOMString) value); [CEReactions, Throws] - undefined setAttributeNS(DOMString? namespace, DOMString name, DOMString value); + undefined setAttributeNS(DOMString? namespace, DOMString name, (TrustedType or DOMString) value); [CEReactions] undefined removeAttribute(DOMString name); [CEReactions] diff --git a/components/script_bindings/webidls/TrustedTypePolicyFactory.webidl b/components/script_bindings/webidls/TrustedTypePolicyFactory.webidl index a568ec437f4..3d385f3a0cd 100644 --- a/components/script_bindings/webidls/TrustedTypePolicyFactory.webidl +++ b/components/script_bindings/webidls/TrustedTypePolicyFactory.webidl @@ -36,3 +36,5 @@ dictionary TrustedTypePolicyOptions { callback CreateHTMLCallback = DOMString? (DOMString input, any... arguments); callback CreateScriptCallback = DOMString? (DOMString input, any... arguments); callback CreateScriptURLCallback = USVString? (DOMString input, any... arguments); + +typedef (TrustedHTML or TrustedScript or TrustedScriptURL) TrustedType; diff --git a/tests/wpt/meta/trusted-types/Element-setAttribute-setAttributeNS-sinks.tentative.html.ini b/tests/wpt/meta/trusted-types/Element-setAttribute-setAttributeNS-sinks.tentative.html.ini deleted file mode 100644 index 965d640d7b4..00000000000 --- a/tests/wpt/meta/trusted-types/Element-setAttribute-setAttributeNS-sinks.tentative.html.ini +++ /dev/null @@ -1,21 +0,0 @@ -[Element-setAttribute-setAttributeNS-sinks.tentative.html] - [HTMLIFrameElement.setAttribute('srcdoc', plain_string)] - expected: FAIL - - [HTMLIFrameElement.setAttributeNS(null, 'srcdoc', plain_string)] - expected: FAIL - - [HTMLScriptElement.setAttribute('src', plain_string)] - expected: FAIL - - [HTMLScriptElement.setAttributeNS(null, 'src', plain_string)] - expected: FAIL - - [SVGScriptElement.setAttribute('href', plain_string)] - expected: FAIL - - [SVGScriptElement.setAttributeNS(null, 'href', plain_string)] - expected: FAIL - - [SVGScriptElement.setAttributeNS(NSURI_XLINK, 'href', plain_string)] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini b/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini index 0df917b86be..779d8a54c56 100644 --- a/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini +++ b/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini @@ -1,22 +1,7 @@ [block-string-assignment-to-Element-setAttribute.html] - [script.src accepts only TrustedScriptURL] - expected: FAIL - - [iframe.srcdoc accepts only TrustedHTML] - expected: FAIL - [div.onclick accepts only TrustedScript] expected: FAIL - [`Script.prototype.setAttribute.SrC = string` throws.] - expected: FAIL - - [script.src's mutationobservers receive the default policy's value.] - expected: FAIL - - [iframe.srcdoc's mutationobservers receive the default policy's value.] - expected: FAIL - [div.onclick's mutationobservers receive the default policy's value.] expected: FAIL diff --git a/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.ini b/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.ini deleted file mode 100644 index c5bf59b26b1..00000000000 --- a/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[block-string-assignment-to-Element-setAttributeNS.html] - [Blocking non-TrustedScriptURL assignment to works] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/set-attributes-mutations-in-callback.tentative.html.ini b/tests/wpt/meta/trusted-types/set-attributes-mutations-in-callback.tentative.html.ini index 07e55bdc199..a6dca6345cf 100644 --- a/tests/wpt/meta/trusted-types/set-attributes-mutations-in-callback.tentative.html.ini +++ b/tests/wpt/meta/trusted-types/set-attributes-mutations-in-callback.tentative.html.ini @@ -8,15 +8,6 @@ [Element.setAttribute works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (delete other attribute before)] expected: FAIL - [Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (delete other attribute before)] - expected: FAIL - - [Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (delete other attribute before)] - expected: FAIL - - [Element.setAttribute works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (delete other attribute before)] - expected: FAIL - [Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (delete other attribute before)] expected: FAIL @@ -26,18 +17,6 @@ [Element.setAttributeNS works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (delete other attribute before)] expected: FAIL - [Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (delete other attribute before)] - expected: FAIL - - [Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (delete other attribute before)] - expected: FAIL - - [Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (delete other attribute before)] - expected: FAIL - - [Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href (delete other attribute before)] - expected: FAIL - [Element.setAttributeNode works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (delete other attribute before)] expected: FAIL @@ -194,15 +173,6 @@ [Element.setAttribute works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (delete attribute)] expected: FAIL - [Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (delete attribute)] - expected: FAIL - - [Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (delete attribute)] - expected: FAIL - - [Element.setAttribute works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (delete attribute)] - expected: FAIL - [Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (delete attribute)] expected: FAIL @@ -212,18 +182,6 @@ [Element.setAttributeNS works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (delete attribute)] expected: FAIL - [Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (delete attribute)] - expected: FAIL - - [Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (delete attribute)] - expected: FAIL - - [Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (delete attribute)] - expected: FAIL - - [Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href (delete attribute)] - expected: FAIL - [Element.setAttributeNode works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (delete attribute)] expected: FAIL @@ -380,15 +338,6 @@ [Element.setAttribute works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (modify attribute)] expected: FAIL - [Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (modify attribute)] - expected: FAIL - - [Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (modify attribute)] - expected: FAIL - - [Element.setAttribute works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (modify attribute)] - expected: FAIL - [Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (modify attribute)] expected: FAIL @@ -398,18 +347,6 @@ [Element.setAttributeNS works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (modify attribute)] expected: FAIL - [Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (modify attribute)] - expected: FAIL - - [Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (modify attribute)] - expected: FAIL - - [Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (modify attribute)] - expected: FAIL - - [Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href (modify attribute)] - expected: FAIL - [Element.setAttributeNode works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (modify attribute)] expected: FAIL diff --git a/tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-default-policy.html.ini b/tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-default-policy.html.ini index ed7a3e60f80..589148c23f2 100644 --- a/tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-default-policy.html.ini +++ b/tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-default-policy.html.ini @@ -8,15 +8,6 @@ [Element.setAttribute applies default policy for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown] expected: FAIL - [Element.setAttribute applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc] - expected: FAIL - - [Element.setAttribute applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src] - expected: FAIL - - [Element.setAttribute applies default policy for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href] - expected: FAIL - [Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick] expected: FAIL @@ -26,18 +17,6 @@ [Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown] expected: FAIL - [Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc] - expected: FAIL - - [Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src] - expected: FAIL - - [Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href] - expected: FAIL - - [Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href] - expected: FAIL - [Element.setAttributeNode applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick] expected: FAIL diff --git a/tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-no-default-policy.html.ini b/tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-no-default-policy.html.ini index d909e5f1d16..c9523b6371f 100644 --- a/tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-no-default-policy.html.ini +++ b/tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-no-default-policy.html.ini @@ -8,15 +8,6 @@ [Element.setAttribute throws for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown with a plain string] expected: FAIL - [Element.setAttribute throws for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc with a plain string] - expected: FAIL - - [Element.setAttribute throws for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src with a plain string] - expected: FAIL - - [Element.setAttribute throws for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href with a plain string] - expected: FAIL - [Element.setAttributeNS throws for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick with a plain string] expected: FAIL @@ -26,18 +17,6 @@ [Element.setAttributeNS throws for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown with a plain string] expected: FAIL - [Element.setAttributeNS throws for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc with a plain string] - expected: FAIL - - [Element.setAttributeNS throws for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src with a plain string] - expected: FAIL - - [Element.setAttributeNS throws for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href with a plain string] - expected: FAIL - - [Element.setAttributeNS throws for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href with a plain string] - expected: FAIL - [Element.setAttributeNode throws for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick with a plain string] expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-Element-setAttribute.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-Element-setAttribute.html.ini index a8de55a3adf..c05d2accfe0 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-Element-setAttribute.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-Element-setAttribute.html.ini @@ -1,27 +1,6 @@ [trusted-types-reporting-for-Element-setAttribute.html] - [Violation report for HTMLIFrameElement.setAttribute('srcdoc', plain_string)] - expected: FAIL - - [Violation report for HTMLIFrameElement.setAttributeNS(null, 'srcdoc', plain_string)] - expected: FAIL - [Violation report for Element.setAttribute('onclick', plain_string)] expected: FAIL [Violation report for Element.setAttributeNS(null, 'onclick', plain_string)] expected: FAIL - - [Violation report for HTMLScriptElement.setAttribute('src', plain_string)] - expected: FAIL - - [Violation report for HTMLScriptElement.setAttributeNS(null, 'src', plain_string)] - expected: FAIL - - [Violation report for SVGScriptElement.setAttribute('href', plain_string)] - expected: FAIL - - [Violation report for SVGScriptElement.setAttributeNS(null, 'href', plain_string)] - expected: FAIL - - [Violation report for SVGScriptElement.setAttributeNS(http://www.w3.org/1999/xlink, 'href', plain_string)] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-svg-script-set-href.html.ini b/tests/wpt/meta/trusted-types/trusted-types-svg-script-set-href.html.ini index 2a43867e2bf..a87284dc752 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-svg-script-set-href.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-svg-script-set-href.html.ini @@ -5,15 +5,9 @@ [Assign TrustedScriptURL to SVGScriptElement.href.baseVal.] expected: FAIL - [Assign string to non-attached SVGScriptElement.href via setAttribute.] - expected: FAIL - [Assign TrustedScriptURL to non-attached SVGScriptElement.href via setAttribute.] expected: FAIL - [Assign string to attached SVGScriptElement.href via setAttribute.] - expected: FAIL - [Assign TrustedScriptURL to attached SVGScriptElement.href via setAttribute.] expected: FAIL