From 9a14ad8535efa05b185b46c59e03d127dd6149ad Mon Sep 17 00:00:00 2001 From: Tim van der Lippe Date: Mon, 21 Apr 2025 14:47:06 +0200 Subject: [PATCH] Set correct policy-container for worker construction (#36603) This makes sure that when workers are created, their global scope has the correct policy-container set so that we can do CSP-checks. Signed-off-by: Tim van der Lippe --- .../script/dom/dedicatedworkerglobalscope.rs | 1 + components/script/dom/globalscope.rs | 29 ++++++++++++++-- components/script/dom/servoparser/mod.rs | 29 +++------------- components/script/dom/workerglobalscope.rs | 6 ++++ .../worker-connect-src-blocked.sub.html.ini | 3 -- .../dedicatedworker-connect-src.html.ini | 9 ----- .../dedicatedworker-script-src.html.ini | 12 ++++--- .../worker-eval-blocked.sub.html.ini | 3 -- ...ker-function-function-blocked.sub.html.ini | 3 -- .../worker-importscripts.sub.html.ini | 3 -- .../worker-set-timeout.sub.html.ini | 3 -- .../inside-dedicated-worker.html.ini | 3 -- .../default-src-blocks-wasm.any.js.ini | 3 -- .../script-src-blocks-wasm.any.js.ini | 3 -- .../script-src-spv-asynch.any.js.ini | 3 +- .../api/policies/csp-blocked-worker.html.ini | 3 -- ...tion-be-blocked-by-csp-002-worker.html.ini | 6 ++-- ...tion-be-blocked-by-csp-004-worker.html.ini | 12 +++---- ...ort-DedicatedWorker-sink-mismatch.html.ini | 3 -- ...orker-DedicatedWorker-constructor.html.ini | 6 +--- ...iceWorkerContainer-register.https.html.ini | 5 ++- ...eporting-for-DedicatedWorker-eval.html.ini | 5 ++- ...icatedWorker-function-constructor.html.ini | 33 +++---------------- ...for-DedicatedWorker-importScripts.html.ini | 6 +--- ...atedWorker-setTimeout-setInterval.html.ini | 11 ++----- 25 files changed, 67 insertions(+), 136 deletions(-) delete mode 100644 tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini delete mode 100644 tests/wpt/meta/fetch/api/policies/csp-blocked-worker.html.ini diff --git a/components/script/dom/dedicatedworkerglobalscope.rs b/components/script/dom/dedicatedworkerglobalscope.rs index c2a4e4f4c1a..972a9d90948 100644 --- a/components/script/dom/dedicatedworkerglobalscope.rs +++ b/components/script/dom/dedicatedworkerglobalscope.rs @@ -479,6 +479,7 @@ impl DedicatedWorkerGlobalScope { Ok((metadata, bytes)) => (metadata, bytes), }; scope.set_url(metadata.final_url); + scope.set_csp_list(GlobalScope::parse_csp_list_from_metadata(&metadata.headers)); global_scope.set_https_state(metadata.https_state); let source = String::from_utf8_lossy(&bytes); diff --git a/components/script/dom/globalscope.rs b/components/script/dom/globalscope.rs index 9c7139a9a55..2658911c795 100644 --- a/components/script/dom/globalscope.rs +++ b/components/script/dom/globalscope.rs @@ -22,7 +22,7 @@ use constellation_traits::{ ScriptToConstellationChan, ScriptToConstellationMessage, }; use content_security_policy::{ - CheckResult, CspList, PolicyDisposition, Violation, ViolationResource, + CheckResult, CspList, PolicyDisposition, PolicySource, Violation, ViolationResource, }; use crossbeam_channel::Sender; use devtools_traits::{PageError, ScriptToDevtoolsControlMsg}; @@ -30,6 +30,8 @@ use dom_struct::dom_struct; use embedder_traits::{ EmbedderMsg, GamepadEvent, GamepadSupportedHapticEffects, GamepadUpdateType, }; +use http::HeaderMap; +use hyper_serde::Serde; use ipc_channel::ipc::{self, IpcSender}; use ipc_channel::router::ROUTER; use js::glue::{IsWrapper, UnwrapObjectDynamic}; @@ -2415,6 +2417,27 @@ impl GlobalScope { unreachable!(); } + /// + pub(crate) fn parse_csp_list_from_metadata( + headers: &Option>, + ) -> Option { + // TODO: Implement step 1 (local scheme special case) + let mut csp = headers.as_ref()?.get_all("content-security-policy").iter(); + // This silently ignores the CSP if it contains invalid Unicode. + // We should probably report an error somewhere. + let c = csp.next().and_then(|c| c.to_str().ok())?; + let mut csp_list = CspList::parse(c, PolicySource::Header, PolicyDisposition::Enforce); + for c in csp { + let c = c.to_str().ok()?; + csp_list.append(CspList::parse( + c, + PolicySource::Header, + PolicyDisposition::Enforce, + )); + } + Some(csp_list) + } + /// Get the [base url](https://html.spec.whatwg.org/multipage/#api-base-url) /// for this global scope. pub(crate) fn api_base_url(&self) -> ServoUrl { @@ -3089,10 +3112,10 @@ impl GlobalScope { /// pub(crate) fn get_csp_list(&self) -> Option { - if self.downcast::().is_some() { + if self.downcast::().is_some() || self.downcast::().is_some() { return self.policy_container().csp_list; } - // TODO: Worker and Worklet global scopes. + // TODO: Worklet global scopes. None } diff --git a/components/script/dom/servoparser/mod.rs b/components/script/dom/servoparser/mod.rs index 23ef1bab3ef..0650fde676e 100644 --- a/components/script/dom/servoparser/mod.rs +++ b/components/script/dom/servoparser/mod.rs @@ -9,7 +9,7 @@ use base::cross_process_instant::CrossProcessInstant; use base::id::PipelineId; use base64::Engine as _; use base64::engine::general_purpose; -use content_security_policy::{self as csp, CspList}; +use content_security_policy as csp; use dom_struct::dom_struct; use embedder_traits::resources::{self, Resource}; use encoding_rs::Encoding; @@ -59,6 +59,7 @@ use crate::dom::document::{Document, DocumentSource, HasBrowsingContext, IsHTMLD use crate::dom::documentfragment::DocumentFragment; use crate::dom::documenttype::DocumentType; use crate::dom::element::{CustomElementCreationMode, Element, ElementCreator}; +use crate::dom::globalscope::GlobalScope; use crate::dom::htmlformelement::{FormControlElementHelpers, HTMLFormElement}; use crate::dom::htmlimageelement::HTMLImageElement; use crate::dom::htmlinputelement::HTMLInputElement; @@ -850,29 +851,9 @@ impl FetchResponseListener for ParserContext { .map(Serde::into_inner) .map(Into::into); - // https://www.w3.org/TR/CSP/#initialize-document-csp - // TODO: Implement step 1 (local scheme special case) - let csp_list = metadata.as_ref().and_then(|m| { - let h = m.headers.as_ref()?; - let mut csp = h.get_all("content-security-policy").iter(); - // This silently ignores the CSP if it contains invalid Unicode. - // We should probably report an error somewhere. - let c = csp.next().and_then(|c| c.to_str().ok())?; - let mut csp_list = CspList::parse( - c, - csp::PolicySource::Header, - csp::PolicyDisposition::Enforce, - ); - for c in csp { - let c = c.to_str().ok()?; - csp_list.append(CspList::parse( - c, - csp::PolicySource::Header, - csp::PolicyDisposition::Enforce, - )); - } - Some(csp_list) - }); + let csp_list = metadata + .as_ref() + .and_then(|m| GlobalScope::parse_csp_list_from_metadata(&m.headers)); let parser = match ScriptThread::page_headers_available(&self.id, metadata, CanGc::note()) { Some(parser) => parser, diff --git a/components/script/dom/workerglobalscope.rs b/components/script/dom/workerglobalscope.rs index 5775375c385..695119715e4 100644 --- a/components/script/dom/workerglobalscope.rs +++ b/components/script/dom/workerglobalscope.rs @@ -12,6 +12,7 @@ use std::time::Duration; use base::cross_process_instant::CrossProcessInstant; use base::id::{PipelineId, PipelineNamespace}; use constellation_traits::WorkerGlobalScopeInit; +use content_security_policy::CspList; use crossbeam_channel::Receiver; use devtools_traits::{DevtoolScriptControlMsg, WorkerId}; use dom_struct::dom_struct; @@ -246,6 +247,10 @@ impl WorkerGlobalScope { self.policy_container.borrow() } + pub(crate) fn set_csp_list(&self, csp_list: Option) { + self.policy_container.borrow_mut().set_csp_list(csp_list); + } + /// Get a mutable reference to the [`TimerScheduler`] for this [`ServiceWorkerGlobalScope`]. pub(crate) fn timer_scheduler(&self) -> RefMut { self.timer_scheduler.borrow_mut() @@ -300,6 +305,7 @@ impl WorkerGlobalScopeMethods for WorkerGlobalScope { .use_url_credentials(true) .origin(global_scope.origin().immutable().clone()) .insecure_requests_policy(self.insecure_requests_policy()) + .policy_container(global_scope.policy_container()) .has_trustworthy_ancestor_origin( global_scope.has_trustworthy_ancestor_or_current_origin(), ) diff --git a/tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini deleted file mode 100644 index edd86ff9e10..00000000000 --- a/tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[worker-connect-src-blocked.sub.html] - [Expecting logs: ["xhr blocked","TEST COMPLETE"\]] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini index 9aff7028839..ad01d630c28 100644 --- a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini +++ b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini @@ -1,16 +1,7 @@ [dedicatedworker-connect-src.html] - [Cross-origin 'fetch()' in http: with connect-src 'self'] - expected: FAIL - - [Cross-origin XHR in http: with connect-src 'self'] - expected: FAIL - [Same-origin => cross-origin 'fetch()' in http: with connect-src 'self'] expected: FAIL - [WebSocket in http: with connect-src 'self'] - expected: FAIL - [Reports match in http: with connect-src 'self'] expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini index a630ac3bcc1..3bc4ce7feda 100644 --- a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini +++ b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini @@ -1,15 +1,16 @@ [dedicatedworker-script-src.html] + expected: TIMEOUT [Cross-origin `importScripts()` blocked in http: with script-src 'self'] - expected: FAIL + expected: TIMEOUT [`eval()` blocked in http: with script-src 'self'] - expected: FAIL + expected: NOTRUN [`setTimeout([string\])` blocked in http: with script-src 'self'] - expected: FAIL + expected: NOTRUN [Reports are sent for http: with script-src 'self'] - expected: FAIL + expected: NOTRUN [Cross-origin `importScripts()` blocked in blob: with script-src 'self'] expected: FAIL @@ -22,3 +23,6 @@ [Reports are sent for blob: with script-src 'self'] expected: FAIL + + [dedicatedworker-script-src] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini deleted file mode 100644 index d9edf485e4a..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[worker-eval-blocked.sub.html] - [Expecting logs: ["eval blocked"\]] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini deleted file mode 100644 index 95343a8cd4c..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[worker-function-function-blocked.sub.html] - [Expecting logs: ["Function() function blocked"\]] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini index cc36e7c5326..69268dc710f 100644 --- a/tests/wpt/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini @@ -1,6 +1,3 @@ [worker-importscripts.sub.html] - [Dedicated worker delivers its own CSP] - expected: FAIL - [Shared worker delivers its own CSP] expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini index e9b5a17d05e..f070a322a17 100644 --- a/tests/wpt/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini @@ -1,6 +1,3 @@ [worker-set-timeout.sub.html] - [Dedicated worker delivers its own CSP] - expected: FAIL - [Shared worker delivers its own CSP] expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini index e9b33bc5d39..0ee98ae20c9 100644 --- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini @@ -1,7 +1,4 @@ [inside-dedicated-worker.html] expected: TIMEOUT - [SecurityPolicyViolation event fired on global.] - expected: FAIL - [SecurityPolicyViolation event fired on global with the correct blockedURI.] expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.ini b/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.ini index e6fefbf0518..f7eabdba90c 100644 --- a/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.ini +++ b/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.ini @@ -1,7 +1,4 @@ [default-src-blocks-wasm.any.worker.html] - [default-src-blocks-wasm] - expected: FAIL - [default-src-blocks-wasm.any.html] diff --git a/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.ini b/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.ini index e5b65e2f659..13e5909d431 100644 --- a/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.ini +++ b/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.ini @@ -2,9 +2,6 @@ expected: ERROR [script-src-blocks-wasm.any.worker.html] - [script-src-blocks-wasm] - expected: FAIL - [script-src-blocks-wasm.any.html] diff --git a/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.ini b/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.ini index f9ebe61a198..d0ccabd1ef8 100644 --- a/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.ini +++ b/tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.ini @@ -7,9 +7,8 @@ [script-src-spv-asynch.any.worker.html] - expected: TIMEOUT [Securitypolicyviolation event looks like it should] - expected: TIMEOUT + expected: FAIL [script-src-spv-asynch.any.serviceworker.html] diff --git a/tests/wpt/meta/fetch/api/policies/csp-blocked-worker.html.ini b/tests/wpt/meta/fetch/api/policies/csp-blocked-worker.html.ini deleted file mode 100644 index 4488e49c2e8..00000000000 --- a/tests/wpt/meta/fetch/api/policies/csp-blocked-worker.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[csp-blocked-worker.html] - [Fetch is blocked by CSP, got a TypeError] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/should-sink-type-mismatch-violation-be-blocked-by-csp-002-worker.html.ini b/tests/wpt/meta/trusted-types/should-sink-type-mismatch-violation-be-blocked-by-csp-002-worker.html.ini index e8715da1955..ee46bfc3d0e 100644 --- a/tests/wpt/meta/trusted-types/should-sink-type-mismatch-violation-be-blocked-by-csp-002-worker.html.ini +++ b/tests/wpt/meta/trusted-types/should-sink-type-mismatch-violation-be-blocked-by-csp-002-worker.html.ini @@ -1,4 +1,6 @@ [should-sink-type-mismatch-violation-be-blocked-by-csp-002-worker.html] - expected: TIMEOUT [Checking reported violations for setTimeout(';;;;;') from DedicatedWorker] - expected: TIMEOUT + expected: FAIL + + [Location of required-trusted-types-for violations.] + expected: FAIL diff --git a/tests/wpt/meta/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-004-worker.html.ini b/tests/wpt/meta/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-004-worker.html.ini index 7fa05229fd8..e9ae8caa720 100644 --- a/tests/wpt/meta/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-004-worker.html.ini +++ b/tests/wpt/meta/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-004-worker.html.ini @@ -1,10 +1,6 @@ [should-trusted-type-policy-creation-be-blocked-by-csp-004-worker.html] - expected: TIMEOUT - [No violation/exception for allowed policy names (tt-policy-name-1 tt-policy-name-2 tt-policy-name-3).] - expected: TIMEOUT + [Exception and violations for CSP with multiple enforce and report-only policies.] + expected: FAIL - [Violation and exception for duplicate policy names (tt-policy-name-1 tt-policy-name-2 tt-policy-name-3).] - expected: NOTRUN - - [Violation and exception for forbidden policy name (tt-policy-name-1 tt-policy-name-2 tt-policy-name-3).] - expected: NOTRUN + [Location of trusted-types violations.] + expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-check-report-DedicatedWorker-sink-mismatch.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-check-report-DedicatedWorker-sink-mismatch.html.ini index 954a9251456..ab6655af205 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-check-report-DedicatedWorker-sink-mismatch.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-reporting-check-report-DedicatedWorker-sink-mismatch.html.ini @@ -1,7 +1,4 @@ [trusted-types-reporting-check-report-DedicatedWorker-sink-mismatch.html] - [Passing a plain string to eval throws.] - expected: FAIL - [Test report-uri works with require-trusted-types-for violation.] expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html.ini index 80f25b3f1e1..316b249d12a 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html.ini @@ -1,7 +1,3 @@ [trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html] - expected: TIMEOUT - [No violation reported for Worker constructor with TrustedScriptURL.] - expected: TIMEOUT - [Violation report for Worker constructor with plain string.] - expected: NOTRUN + expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-ServiceWorkerContainer-register.https.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-ServiceWorkerContainer-register.https.html.ini index 04ff6451729..f8ed3f58819 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-ServiceWorkerContainer-register.https.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-ServiceWorkerContainer-register.https.html.ini @@ -1,7 +1,6 @@ [trusted-types-reporting-for-DedicatedWorker-ServiceWorkerContainer-register.https.html] - expected: TIMEOUT [No violation reported for ServiceWorkerContainer register with TrustedScriptURL.] - expected: TIMEOUT + expected: FAIL [Violation report for ServiceWorkerContainer register with plain string.] - expected: NOTRUN + expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-eval.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-eval.html.ini index 6a56d8a22e1..7416ede533c 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-eval.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-eval.html.ini @@ -1,7 +1,6 @@ [trusted-types-reporting-for-DedicatedWorker-eval.html] - expected: TIMEOUT [No violation reported for eval with TrustedScript.] - expected: TIMEOUT + expected: FAIL [Violation report for eval with plain string.] - expected: NOTRUN + expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-function-constructor.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-function-constructor.html.ini index 226dc134f45..bd23b64efec 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-function-constructor.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-function-constructor.html.ini @@ -1,37 +1,12 @@ [trusted-types-reporting-for-DedicatedWorker-function-constructor.html] - expected: TIMEOUT - [No violation reported for Function with TrustedScript.] - expected: TIMEOUT - - [No violation reported for Function with multiple TrustedScript args.] - expected: NOTRUN - [Violation report for Function with plain string.] - expected: NOTRUN - - [No violation reported for AsyncFunction with TrustedScript.] - expected: NOTRUN - - [No violation reported for AsyncFunction with multiple TrustedScript args.] - expected: NOTRUN + expected: FAIL [Violation report for AsyncFunction with plain string.] - expected: NOTRUN - - [No violation reported for GeneratorFunction with TrustedScript.] - expected: NOTRUN - - [No violation reported for GeneratorFunction with multiple TrustedScript args.] - expected: NOTRUN + expected: FAIL [Violation report for GeneratorFunction with plain string.] - expected: NOTRUN - - [No violation reported for AsyncGeneratorFunction with TrustedScript.] - expected: NOTRUN - - [No violation reported for AsyncGeneratorFunction with multiple TrustedScript args.] - expected: NOTRUN + expected: FAIL [Violation report for AsyncGeneratorFunction with plain string.] - expected: NOTRUN + expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-importScripts.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-importScripts.html.ini index 2603d1f51c5..d4731f55e66 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-importScripts.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-importScripts.html.ini @@ -1,7 +1,3 @@ [trusted-types-reporting-for-DedicatedWorker-importScripts.html] - expected: TIMEOUT - [No violation reported for importScripts with TrustedScriptURL.] - expected: TIMEOUT - [Violation report for importScripts with plain string.] - expected: NOTRUN + expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-setTimeout-setInterval.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-setTimeout-setInterval.html.ini index 94fc040f2d9..851dccf8dd1 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-setTimeout-setInterval.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-setTimeout-setInterval.html.ini @@ -1,13 +1,6 @@ [trusted-types-reporting-for-DedicatedWorker-setTimeout-setInterval.html] - expected: TIMEOUT - [No violation reported for setTimeout with TrustedScript.] - expected: TIMEOUT - - [No violation reported for setInterval with TrustedScript.] - expected: NOTRUN - [Violation report for setTimeout with plain string.] - expected: NOTRUN + expected: FAIL [Violation report for setInterval with plain string.] - expected: NOTRUN + expected: FAIL