Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-09-29 16:19:14 +01:00
Code Issues Projects Releases Packages Wiki Activity

Implement trusted types for setAttribute (#38700)

Browse source 
Callers now call `set_attribute` directly, to avoid the trusted types
machinery, as well as skip validation. That's not required by spec as
well.

This implements part of the DOM integration from
https://github.com/whatwg/dom/pull/1268

Part of #36258

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe 2025-08-15 21:18:19 +02:00 committed by GitHub
parent 8290761066
commit 18e05d3aab
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
18 changed files with 217 additions and 240 deletions
Download patch file Download diff file Expand all files Collapse all files

8
components/script/devtools.rs
View file

@ -11,11 +11,13 @@ use devtools_traits::{
AttrModification, AutoMargins, ComputedNodeLayout, CssDatabaseProperty, EvaluateJSReply,
NodeInfo, NodeStyle, RuleModification, TimelineMarker, TimelineMarkerType,
};
use html5ever::LocalName;
use ipc_channel::ipc::IpcSender;
use js::conversions::jsstr_to_string;
use js::jsval::UndefinedValue;
use js::rust::ToString;
use servo_config::pref;
use style::attr::AttrValue;
use uuid::Uuid;
use crate::document_collection::DocumentCollection;
@ -435,9 +437,9 @@ pub(crate) fn handle_modify_attribute(
for modification in modifications {
match modification.new_value {
Some(string) => {
let _ = elem.SetAttribute(
DOMString::from(modification.attribute_name),
DOMString::from(string),
elem.set_attribute(
&LocalName::from(modification.attribute_name),
AttrValue::String(string),
can_gc,
);
},

62
components/script/dom/element.rs
View file

@ -87,7 +87,9 @@ use crate::dom::bindings::codegen::Bindings::WindowBinding::{
};
use crate::dom::bindings::codegen::UnionTypes::{
BooleanOrScrollIntoViewOptions, NodeOrString, TrustedHTMLOrNullIsEmptyString,
TrustedHTMLOrString, TrustedScriptURLOrUSVString,
TrustedHTMLOrString,
TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString as TrustedTypeOrString,
TrustedScriptURLOrUSVString,
};
use crate::dom::bindings::conversions::DerivedFrom;
use crate::dom::bindings::domname::{
@ -161,6 +163,7 @@ use crate::dom::servoparser::ServoParser;
use crate::dom::shadowroot::{IsUserAgentWidget, ShadowRoot};
use crate::dom::text::Text;
use crate::dom::trustedhtml::TrustedHTML;
use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory;
use crate::dom::validation::Validatable;
use crate::dom::validitystate::ValidationFlags;
use crate::dom::virtualmethods::{VirtualMethods, vtable_for};
@ -752,7 +755,7 @@ impl Element {
// https://html.spec.whatwg.org/multipage/#translation-mode
pub(crate) fn is_translate_enabled(&self) -> bool {
let name = &html5ever::local_name!("translate");
let name = &local_name!("translate");
if self.has_attribute(name) {
match_ignore_ascii_case! { &*self.get_string_attribute(name),
"yes" | "" => return true,
@ -3155,17 +3158,39 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
}
/// <https://dom.spec.whatwg.org/#dom-element-setattribute>
fn SetAttribute(&self, name: DOMString, value: DOMString, can_gc: CanGc) -> ErrorResult {
// Step 1. If qualifiedName is not a valid attribute local name,
// then throw an "InvalidCharacterError" DOMException.
fn SetAttribute(
&self,
name: DOMString,
value: TrustedTypeOrString,
can_gc: CanGc,
) -> ErrorResult {
// Step 1. If qualifiedName does not match the Name production in XML,
// then throw an "InvalidCharacterError" DOMException.
if !is_valid_attribute_local_name(&name) {
return Err(Error::InvalidCharacter);
}
// Step 2.
// Step 2. If this is in the HTML namespace and its node document is an HTML document,
// then set qualifiedName to qualifiedName in ASCII lowercase.
let name = self.parsed_name(name);
// Step 3-5.
// Step 3. Let verifiedValue be the result of calling get
// Trusted Types-compliant attribute value with qualifiedName, null,
// this, and value. [TRUSTED-TYPES]
let value = TrustedTypePolicyFactory::get_trusted_types_compliant_attribute_value(
self.namespace(),
self.local_name(),
&name,
None,
value,
&self.owner_global(),
can_gc,
)?;
// Step 4. Let attribute be the first attribute in thiss attribute list whose qualified name is qualifiedName, and null otherwise.
// Step 5. If attribute is null, create an attribute whose local name is qualifiedName, value is verifiedValue, and node document
// is thiss node document, then append this attribute to this, and then return.
// Step 6. Change attribute to verifiedValue.
let value = self.parse_attribute(&ns!(), &name, value);
self.set_first_matching_attribute(
name.clone(),
@ -3184,20 +3209,29 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
&self,
namespace: Option<DOMString>,
qualified_name: DOMString,
value: DOMString,
value: TrustedTypeOrString,
can_gc: CanGc,
) -> ErrorResult {
// Step 1. Let (namespace, prefix, localName) be the result of validating and
// extracting namespace and qualifiedName given "element".
let context = domname::Context::Element;
// Step 1. Let namespace, prefix, and localName be the result of passing namespace and qualifiedName to validate and extract.
let (namespace, prefix, local_name) =
domname::validate_and_extract(namespace, &qualified_name, context)?;
let qualified_name = LocalName::from(qualified_name);
domname::validate_and_extract(namespace, &qualified_name, domname::Context::Element)?;
// Step 2. Let verifiedValue be the result of calling get
// Trusted Types-compliant attribute value with localName, namespace, element, and value. [TRUSTED-TYPES]
let value = TrustedTypePolicyFactory::get_trusted_types_compliant_attribute_value(
self.namespace(),
self.local_name(),
&local_name,
Some(&namespace),
value,
&self.owner_global(),
can_gc,
)?;
// Step 3. Set an attribute value for this using localName, verifiedValue, and also prefix and namespace.
let value = self.parse_attribute(&namespace, &local_name, value);
self.set_first_matching_attribute(
local_name.clone(),
value,
qualified_name,
LocalName::from(qualified_name),
namespace.clone(),
prefix,
|attr| *attr.local_name() == local_name && *attr.namespace() == namespace,

20
components/script/dom/htmlaudioelement.rs
View file

@ -5,8 +5,8 @@
use dom_struct::dom_struct;
use html5ever::{LocalName, Prefix, QualName, local_name, ns};
use js::rust::HandleObject;
use style::attr::AttrValue;
use crate::dom::bindings::codegen::Bindings::ElementBinding::Element_Binding::ElementMethods;
use crate::dom::bindings::codegen::Bindings::HTMLAudioElementBinding::HTMLAudioElementMethods;
use crate::dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
use crate::dom::bindings::error::Fallible;
@ -75,15 +75,17 @@ impl HTMLAudioElementMethods<crate::DomTypeHolder> for HTMLAudioElement {
let audio = DomRoot::downcast::<HTMLAudioElement>(element).unwrap();
audio
.upcast::<Element>()
.SetAttribute(DOMString::from("preload"), DOMString::from("auto"), can_gc)
.expect("should be infallible");
audio.upcast::<Element>().set_attribute(
&local_name!("preload"),
AttrValue::String("auto".to_owned()),
can_gc,
);
if let Some(s) = src {
audio
.upcast::<Element>()
.SetAttribute(DOMString::from("src"), s, can_gc)
.expect("should be infallible");
audio.upcast::<Element>().set_attribute(
&local_name!("src"),
AttrValue::String(s.into()),
can_gc,
);
}
Ok(audio)

8
components/script/dom/trustedhtml.rs
View file

@ -17,7 +17,7 @@ use crate::dom::bindings::root::DomRoot;
use crate::dom::bindings::str::DOMString;
use crate::dom::globalscope::GlobalScope;
use crate::dom::trustedtypepolicy::TrustedType;
use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory;
use crate::dom::trustedtypepolicyfactory::{DEFAULT_SCRIPT_SINK_GROUP, TrustedTypePolicyFactory};
use crate::script_runtime::CanGc;
#[dom_struct]
@ -53,7 +53,7 @@ impl TrustedHTML {
global,
value,
sink,
"'script'",
DEFAULT_SCRIPT_SINK_GROUP,
can_gc,
)
},
@ -61,6 +61,10 @@ impl TrustedHTML {
TrustedHTMLOrString::TrustedHTML(trusted_html) => Ok(trusted_html.data.clone()),
}
}
pub(crate) fn data(&self) -> DOMString {
self.data.clone()
}
}
impl fmt::Display for TrustedHTML {

4
components/script/dom/trustedscript.rs
View file

@ -16,7 +16,7 @@ use crate::dom::bindings::str::DOMString;
use crate::dom::csp::CspReporting;
use crate::dom::globalscope::GlobalScope;
use crate::dom::trustedtypepolicy::TrustedType;
use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory;
use crate::dom::trustedtypepolicyfactory::{DEFAULT_SCRIPT_SINK_GROUP, TrustedTypePolicyFactory};
use crate::script_runtime::{CanGc, JSContext};
#[dom_struct]
@ -52,7 +52,7 @@ impl TrustedScript {
global,
value,
sink,
"'script'",
DEFAULT_SCRIPT_SINK_GROUP,
can_gc,
)
},

8
components/script/dom/trustedscripturl.rs
View file

@ -14,7 +14,7 @@ use crate::dom::bindings::root::DomRoot;
use crate::dom::bindings::str::DOMString;
use crate::dom::globalscope::GlobalScope;
use crate::dom::trustedtypepolicy::TrustedType;
use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory;
use crate::dom::trustedtypepolicyfactory::{DEFAULT_SCRIPT_SINK_GROUP, TrustedTypePolicyFactory};
use crate::script_runtime::CanGc;
#[dom_struct]
@ -52,7 +52,7 @@ impl TrustedScriptURL {
global,
value.as_ref().into(),
&sink,
"'script'",
DEFAULT_SCRIPT_SINK_GROUP,
can_gc,
)
},
@ -61,6 +61,10 @@ impl TrustedScriptURL {
},
}
}
pub(crate) fn data(&self) -> DOMString {
self.data.clone()
}
}
impl fmt::Display for TrustedScriptURL {

21
components/script/dom/trustedtypepolicy.rs
View file

@ -6,13 +6,14 @@ use std::rc::Rc;
use dom_struct::dom_struct;
use js::rust::HandleValue;
use strum_macros::IntoStaticStr;
use strum_macros::AsRefStr;
use crate::dom::bindings::callback::ExceptionHandling;
use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyBinding::TrustedTypePolicyMethods;
use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyFactoryBinding::{
CreateHTMLCallback, CreateScriptCallback, CreateScriptURLCallback, TrustedTypePolicyOptions,
};
use crate::dom::bindings::codegen::UnionTypes::TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString as TrustedTypeOrString;
use crate::dom::bindings::error::Error::Type;
use crate::dom::bindings::error::Fallible;
use crate::dom::bindings::reflector::{DomGlobal, DomObject, Reflector, reflect_dom_object};
@ -38,13 +39,29 @@ pub struct TrustedTypePolicy {
create_script_url: Option<Rc<CreateScriptURLCallback>>,
}
#[derive(Clone, IntoStaticStr)]
#[derive(AsRefStr, Clone)]
pub(crate) enum TrustedType {
TrustedHTML,
TrustedScript,
TrustedScriptURL,
}
impl TrustedType {
pub(crate) fn matches_idl_trusted_type(&self, idl_trusted_type: &TrustedTypeOrString) -> bool {
match self {
TrustedType::TrustedHTML => {
matches!(idl_trusted_type, TrustedTypeOrString::TrustedHTML(_))
},
TrustedType::TrustedScript => {
matches!(idl_trusted_type, TrustedTypeOrString::TrustedScript(_))
},
TrustedType::TrustedScriptURL => {
matches!(idl_trusted_type, TrustedTypeOrString::TrustedScriptURL(_))
},
}
}
}
impl TrustedTypePolicy {
fn new_inherited(name: String, options: &TrustedTypePolicyOptions) -> Self {
Self {

149
components/script/dom/trustedtypepolicyfactory.rs
View file

@ -9,9 +9,11 @@ use js::jsval::NullValue;
use js::rust::HandleValue;
use script_bindings::conversions::SafeToJSValConvertible;
use crate::conversions::Convert;
use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyFactoryBinding::{
TrustedTypePolicyFactoryMethods, TrustedTypePolicyOptions,
};
use crate::dom::bindings::codegen::UnionTypes::TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString as TrustedTypeOrString;
use crate::dom::bindings::conversions::root_from_handlevalue;
use crate::dom::bindings::error::{Error, Fallible};
use crate::dom::bindings::reflector::{DomGlobal, Reflector, reflect_dom_object};
@ -33,6 +35,19 @@ pub struct TrustedTypePolicyFactory {
policy_names: RefCell<Vec<String>>,
}
pub(crate) static DEFAULT_SCRIPT_SINK_GROUP: &str = "'script'";
impl Convert<DOMString> for TrustedTypeOrString {
fn convert(self) -> DOMString {
match self {
TrustedTypeOrString::TrustedHTML(trusted_html) => trusted_html.data(),
TrustedTypeOrString::TrustedScript(trusted_script) => trusted_script.data(),
TrustedTypeOrString::TrustedScriptURL(trusted_script_url) => trusted_script_url.data(),
TrustedTypeOrString::String(str_) => str_,
}
}
}
impl TrustedTypePolicyFactory {
fn new_inherited() -> Self {
Self {
@ -97,45 +112,115 @@ impl TrustedTypePolicyFactory {
/// <https://w3c.github.io/trusted-types/dist/spec/#abstract-opdef-get-trusted-type-data-for-attribute>
#[allow(clippy::if_same_then_else)]
fn get_trusted_type_data_for_attribute(
element: QualName,
attribute: String,
attribute_namespace: Option<Namespace>,
) -> Option<DOMString> {
element_namespace: &Namespace,
element_name: &LocalName,
attribute: &str,
attribute_namespace: Option<&Namespace>,
) -> Option<(TrustedType, String)> {
// Step 1: Let data be null.
let mut data = None;
//
// We return the if directly
// Step 2: If attributeNs is null, and attribute is the name of an event handler content attribute, then:
// TODO(36258): look up event handlers
// Step 3: Find the row in the following table, where element is in the first column,
// attributeNs is in the second column, and attribute is in the third column.
// If a matching row is found, set data to that row.
if element.ns == ns!(html) &&
element.local == local_name!("iframe") &&
// Step 4: Return data.
if *element_namespace == ns!(html) &&
*element_name == local_name!("iframe") &&
attribute_namespace.is_none() &&
attribute == "srcdoc"
{
data = Some(DOMString::from("TrustedHTML"))
} else if element.ns == ns!(html) &&
element.local == local_name!("script") &&
Some((
TrustedType::TrustedHTML,
"HTMLIFrameElement srcdoc".to_owned(),
))
} else if *element_namespace == ns!(html) &&
*element_name == local_name!("script") &&
attribute_namespace.is_none() &&
attribute == "src"
{
data = Some(DOMString::from("TrustedScriptURL"))
} else if element.ns == ns!(svg) &&
element.local == local_name!("script") &&
Some((
TrustedType::TrustedScriptURL,
"HTMLScriptElement src".to_owned(),
))
} else if *element_namespace == ns!(svg) &&
*element_name == local_name!("script") &&
attribute_namespace.is_none() &&
attribute == "href"
{
data = Some(DOMString::from("TrustedScriptURL"))
} else if element.ns == ns!(svg) &&
element.local == local_name!("script") &&
attribute_namespace == Some(ns!(xlink)) &&
Some((
TrustedType::TrustedScriptURL,
"SVGScriptElement href".to_owned(),
))
} else if *element_namespace == ns!(svg) &&
*element_name == local_name!("script") &&
attribute_namespace == Some(&ns!(xlink)) &&
attribute == "href"
{
data = Some(DOMString::from("TrustedScriptURL"))
Some((
TrustedType::TrustedScriptURL,
"SVGScriptElement href".to_owned(),
))
} else {
None
}
// Step 4: Return data.
data
}
/// <https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation>
pub(crate) fn get_trusted_types_compliant_attribute_value(
element_namespace: &Namespace,
element_name: &LocalName,
attribute: &str,
attribute_namespace: Option<&Namespace>,
new_value: TrustedTypeOrString,
global: &GlobalScope,
can_gc: CanGc,
) -> Fallible<DOMString> {
// Step 1. If attributeNs is the empty string, set attributeNs to null.
let attribute_namespace =
attribute_namespace.and_then(|a| if *a == ns!() { None } else { Some(a) });
// Step 2. Set attributeData to the result of Get Trusted Type data for attribute algorithm,
// with the following arguments:
let Some(attribute_data) = Self::get_trusted_type_data_for_attribute(
element_namespace,
element_name,
attribute,
attribute_namespace,
) else {
// Step 3. If attributeData is null, then:
// Step 3.1. If newValue is a string, return newValue.
// Step 3.2. Assert: newValue is TrustedHTML or TrustedScript or TrustedScriptURL.
// Step 3.3. Return values associated data.
return Ok(new_value.convert());
};
// Step 4. Let expectedType be the value of the fourth member of attributeData.
// Step 5. Let sink be the value of the fifth member of attributeData.
let (expected_type, sink) = attribute_data;
let new_value = if let TrustedTypeOrString::String(str_) = new_value {
str_
} else {
// If the type was already trusted, we should return immediately as
// all callers of `get_trusted_type_compliant_string` implement this
// check themselves. However, we should only do this if it matches
// the expected type.
if expected_type.matches_idl_trusted_type(&new_value) {
return Ok(new_value.convert());
}
new_value.convert()
};
// Step 6. Return the result of executing Get Trusted Type compliant string with the following arguments:
// If the algorithm threw an error, rethrow the error.
Self::get_trusted_type_compliant_string(
expected_type,
global,
new_value,
&sink,
DEFAULT_SCRIPT_SINK_GROUP,
can_gc,
)
}
/// <https://w3c.github.io/trusted-types/dist/spec/#process-value-with-a-default-policy-algorithm>
pub(crate) fn process_value_with_default_policy(
expected_type: TrustedType,
@ -154,8 +239,10 @@ impl TrustedTypePolicyFactory {
// Step 2: Let policyValue be the result of executing Get Trusted Type policy value,
// with the following arguments:
rooted!(in(*cx) let mut trusted_type_name_value = NullValue());
let trusted_type_name: &'static str = expected_type.clone().into();
trusted_type_name.safe_to_jsval(cx, trusted_type_name_value.handle_mut());
expected_type
.clone()
.as_ref()
.safe_to_jsval(cx, trusted_type_name_value.handle_mut());
rooted!(in(*cx) let mut sink_value = NullValue());
sink.safe_to_jsval(cx, sink_value.handle_mut());
@ -303,23 +390,19 @@ impl TrustedTypePolicyFactoryMethods<crate::DomTypeHolder> for TrustedTypePolicy
Some(_) | None => None,
};
// Step 5: Let interface be the element interface for localName and elementNs.
let interface = QualName::new(None, element_namespace, LocalName::from(local_name));
// Step 6: Let expectedType be null.
let mut expected_type = None;
// Step 7: Set attributeData to the result of Get Trusted Type data for attribute algorithm,
// with the following arguments: interface as element, attribute, attrNs
let attribute_data = TrustedTypePolicyFactory::get_trusted_type_data_for_attribute(
interface,
attribute,
attribute_namespace,
);
// Step 8: If attributeData is not null, then set expectedType to the interfaces name of
// the value of the fourth member of attributeData.
if let Some(trusted_type) = attribute_data {
expected_type = Some(trusted_type)
}
// Step 9: Return expectedType.
expected_type
TrustedTypePolicyFactory::get_trusted_type_data_for_attribute(
&element_namespace,
&LocalName::from(local_name),
&attribute,
attribute_namespace.as_ref(),
)
.map(|tuple| DOMString::from(tuple.0.as_ref()))
}
/// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-getpropertytype>
#[allow(clippy::if_same_then_else)]

4
components/script_bindings/webidls/Element.webidl
View file

@ -45,9 +45,9 @@ interface Element : Node {
[CEReactions, Throws]
boolean toggleAttribute(DOMString name, optional boolean force);
[CEReactions, Throws]
undefined setAttribute(DOMString name, DOMString value);
undefined setAttribute(DOMString name, (TrustedType or DOMString) value);
[CEReactions, Throws]
undefined setAttributeNS(DOMString? namespace, DOMString name, DOMString value);
undefined setAttributeNS(DOMString? namespace, DOMString name, (TrustedType or DOMString) value);
[CEReactions]
undefined removeAttribute(DOMString name);
[CEReactions]

2
components/script_bindings/webidls/TrustedTypePolicyFactory.webidl
View file

@ -36,3 +36,5 @@ dictionary TrustedTypePolicyOptions {
callback CreateHTMLCallback = DOMString? (DOMString input, any... arguments);
callback CreateScriptCallback = DOMString? (DOMString input, any... arguments);
callback CreateScriptURLCallback = USVString? (DOMString input, any... arguments);
typedef (TrustedHTML or TrustedScript or TrustedScriptURL) TrustedType;

21
tests/wpt/meta/trusted-types/Element-setAttribute-setAttributeNS-sinks.tentative.html.ini vendored
View file

@ -1,21 +0,0 @@
[Element-setAttribute-setAttributeNS-sinks.tentative.html]
[HTMLIFrameElement.setAttribute('srcdoc', plain_string)]
expected: FAIL
[HTMLIFrameElement.setAttributeNS(null, 'srcdoc', plain_string)]
expected: FAIL
[HTMLScriptElement.setAttribute('src', plain_string)]
expected: FAIL
[HTMLScriptElement.setAttributeNS(null, 'src', plain_string)]
expected: FAIL
[SVGScriptElement.setAttribute('href', plain_string)]
expected: FAIL
[SVGScriptElement.setAttributeNS(null, 'href', plain_string)]
expected: FAIL
[SVGScriptElement.setAttributeNS(NSURI_XLINK, 'href', plain_string)]
expected: FAIL

15
tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini vendored
View file

@ -1,22 +1,7 @@
[block-string-assignment-to-Element-setAttribute.html]
[script.src accepts only TrustedScriptURL]
expected: FAIL
[iframe.srcdoc accepts only TrustedHTML]
expected: FAIL
[div.onclick accepts only TrustedScript]
expected: FAIL
[`Script.prototype.setAttribute.SrC = string` throws.]
expected: FAIL
[script.src's mutationobservers receive the default policy's value.]
expected: FAIL
[iframe.srcdoc's mutationobservers receive the default policy's value.]
expected: FAIL
[div.onclick's mutationobservers receive the default policy's value.]
expected: FAIL

3
tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.ini vendored
View file

@ -1,3 +0,0 @@
[block-string-assignment-to-Element-setAttributeNS.html]
[Blocking non-TrustedScriptURL assignment to <svg:script xlink:href=...> works]
expected: FAIL

63
tests/wpt/meta/trusted-types/set-attributes-mutations-in-callback.tentative.html.ini vendored
View file

@ -8,15 +8,6 @@
[Element.setAttribute works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (delete other attribute before)]
expected: FAIL
[Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (delete other attribute before)]
expected: FAIL
[Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (delete other attribute before)]
expected: FAIL
[Element.setAttribute works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (delete other attribute before)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (delete other attribute before)]
expected: FAIL
@ -26,18 +17,6 @@
[Element.setAttributeNS works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (delete other attribute before)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (delete other attribute before)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (delete other attribute before)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (delete other attribute before)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href (delete other attribute before)]
expected: FAIL
[Element.setAttributeNode works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (delete other attribute before)]
expected: FAIL
@ -194,15 +173,6 @@
[Element.setAttribute works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (delete attribute)]
expected: FAIL
[Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (delete attribute)]
expected: FAIL
[Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (delete attribute)]
expected: FAIL
[Element.setAttribute works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (delete attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (delete attribute)]
expected: FAIL
@ -212,18 +182,6 @@
[Element.setAttributeNS works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (delete attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (delete attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (delete attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (delete attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href (delete attribute)]
expected: FAIL
[Element.setAttributeNode works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (delete attribute)]
expected: FAIL
@ -380,15 +338,6 @@
[Element.setAttribute works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (modify attribute)]
expected: FAIL
[Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (modify attribute)]
expected: FAIL
[Element.setAttribute works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (modify attribute)]
expected: FAIL
[Element.setAttribute works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (modify attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (modify attribute)]
expected: FAIL
@ -398,18 +347,6 @@
[Element.setAttributeNS works for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown (modify attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc (modify attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src (modify attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href (modify attribute)]
expected: FAIL
[Element.setAttributeNS works for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href (modify attribute)]
expected: FAIL
[Element.setAttributeNode works for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick (modify attribute)]
expected: FAIL

21
tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-default-policy.html.ini vendored
View file

@ -8,15 +8,6 @@
[Element.setAttribute applies default policy for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown]
expected: FAIL
[Element.setAttribute applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc]
expected: FAIL
[Element.setAttribute applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src]
expected: FAIL
[Element.setAttribute applies default policy for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href]
expected: FAIL
[Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick]
expected: FAIL
@ -26,18 +17,6 @@
[Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown]
expected: FAIL
[Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc]
expected: FAIL
[Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src]
expected: FAIL
[Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href]
expected: FAIL
[Element.setAttributeNS applies default policy for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href]
expected: FAIL
[Element.setAttributeNode applies default policy for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick]
expected: FAIL

21
tests/wpt/meta/trusted-types/set-attributes-require-trusted-types-no-default-policy.html.ini vendored
View file

@ -8,15 +8,6 @@
[Element.setAttribute throws for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown with a plain string]
expected: FAIL
[Element.setAttribute throws for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc with a plain string]
expected: FAIL
[Element.setAttribute throws for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src with a plain string]
expected: FAIL
[Element.setAttribute throws for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href with a plain string]
expected: FAIL
[Element.setAttributeNS throws for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick with a plain string]
expected: FAIL
@ -26,18 +17,6 @@
[Element.setAttributeNS throws for elementNS=http://www.w3.org/1998/Math/MathML, element=mrow, attrName=onmousedown with a plain string]
expected: FAIL
[Element.setAttributeNS throws for elementNS=http://www.w3.org/1999/xhtml, element=IFRAME, attrName=srcdoc with a plain string]
expected: FAIL
[Element.setAttributeNS throws for elementNS=http://www.w3.org/1999/xhtml, element=SCRIPT, attrName=src with a plain string]
expected: FAIL
[Element.setAttributeNS throws for elementNS=http://www.w3.org/2000/svg, element=script, attrName=href with a plain string]
expected: FAIL
[Element.setAttributeNS throws for elementNS=http://www.w3.org/2000/svg, element=script, attrNS=http://www.w3.org/1999/xlink, attrName=href with a plain string]
expected: FAIL
[Element.setAttributeNode throws for elementNS=http://www.w3.org/1999/xhtml, element=DIV, attrName=onclick with a plain string]
expected: FAIL

21
tests/wpt/meta/trusted-types/trusted-types-reporting-for-Element-setAttribute.html.ini vendored
View file

@ -1,27 +1,6 @@
[trusted-types-reporting-for-Element-setAttribute.html]
[Violation report for HTMLIFrameElement.setAttribute('srcdoc', plain_string)]
expected: FAIL
[Violation report for HTMLIFrameElement.setAttributeNS(null, 'srcdoc', plain_string)]
expected: FAIL
[Violation report for Element.setAttribute('onclick', plain_string)]
expected: FAIL
[Violation report for Element.setAttributeNS(null, 'onclick', plain_string)]
expected: FAIL
[Violation report for HTMLScriptElement.setAttribute('src', plain_string)]
expected: FAIL
[Violation report for HTMLScriptElement.setAttributeNS(null, 'src', plain_string)]
expected: FAIL
[Violation report for SVGScriptElement.setAttribute('href', plain_string)]
expected: FAIL
[Violation report for SVGScriptElement.setAttributeNS(null, 'href', plain_string)]
expected: FAIL
[Violation report for SVGScriptElement.setAttributeNS(http://www.w3.org/1999/xlink, 'href', plain_string)]
expected: FAIL

6
tests/wpt/meta/trusted-types/trusted-types-svg-script-set-href.html.ini vendored
View file

@ -5,15 +5,9 @@
[Assign TrustedScriptURL to SVGScriptElement.href.baseVal.]
expected: FAIL
[Assign string to non-attached SVGScriptElement.href via setAttribute.]
expected: FAIL
[Assign TrustedScriptURL to non-attached SVGScriptElement.href via setAttribute.]
expected: FAIL
[Assign string to attached SVGScriptElement.href via setAttribute.]
expected: FAIL
[Assign TrustedScriptURL to attached SVGScriptElement.href via setAttribute.]
expected: FAIL