mirror of
https://github.com/servo/servo.git
synced 2025-06-06 16:45:39 +00:00
Implement trusted HTML sinks for Element (#36941)
Also implements a conversion for `TrustedHTMLOrNullIsEmptyString` to `TrustedHTMLOrString` to avoid introducing a separate `get_trusted_script_compliant_string` for the new type. Part of #36258 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe
GitHub
parent
a0dd2c1beb
commit
d780fb7695
27 changed files with 118 additions and 212 deletions
|
|
@ -63,6 +63,7 @@ use xml5ever::serialize::TraversalScope::{
|
|||
ChildrenOnly as XmlChildrenOnly, IncludeNode as XmlIncludeNode,
|
||||
};
|
||||
|
||||
use crate::conversions::Convert;
|
||||
use crate::dom::activation::Activatable;
|
||||
use crate::dom::attr::{Attr, AttrHelpersForLayout};
|
||||
use crate::dom::bindings::cell::{DomRefCell, Ref, RefMut, ref_filter_map};
|
||||
|
|
@ -80,7 +81,9 @@ use crate::dom::bindings::codegen::Bindings::ShadowRootBinding::{
|
|||
use crate::dom::bindings::codegen::Bindings::WindowBinding::{
|
||||
ScrollBehavior, ScrollToOptions, WindowMethods,
|
||||
};
|
||||
use crate::dom::bindings::codegen::UnionTypes::{NodeOrString, TrustedScriptURLOrUSVString};
|
||||
use crate::dom::bindings::codegen::UnionTypes::{
|
||||
NodeOrString, TrustedHTMLOrNullIsEmptyString, TrustedHTMLOrString, TrustedScriptURLOrUSVString,
|
||||
};
|
||||
use crate::dom::bindings::conversions::DerivedFrom;
|
||||
use crate::dom::bindings::error::{Error, ErrorResult, Fallible};
|
||||
use crate::dom::bindings::inheritance::{Castable, ElementTypeId, HTMLElementTypeId, NodeTypeId};
|
||||
|
|
@ -152,6 +155,7 @@ use crate::dom::raredata::ElementRareData;
|
|||
use crate::dom::servoparser::ServoParser;
|
||||
use crate::dom::shadowroot::{IsUserAgentWidget, ShadowRoot};
|
||||
use crate::dom::text::Text;
|
||||
use crate::dom::trustedhtml::TrustedHTML;
|
||||
use crate::dom::validation::Validatable;
|
||||
use crate::dom::validitystate::ValidationFlags;
|
||||
use crate::dom::virtualmethods::{VirtualMethods, vtable_for};
|
||||
|
|
@ -2322,18 +2326,25 @@ impl Element {
|
|||
Ok(fragment)
|
||||
}
|
||||
|
||||
/// Step 4 of <https://html.spec.whatwg.org/multipage/#dom-element-insertadjacenthtml>
|
||||
pub(crate) fn fragment_parsing_context(
|
||||
owner_doc: &Document,
|
||||
element: Option<&Self>,
|
||||
can_gc: CanGc,
|
||||
) -> DomRoot<Self> {
|
||||
// If context is not an Element or all of the following are true:
|
||||
match element {
|
||||
Some(elem)
|
||||
// context's node document is an HTML document;
|
||||
// context's local name is "html"; and
|
||||
// context's namespace is the HTML namespace,
|
||||
if elem.local_name() != &local_name!("html") ||
|
||||
!elem.html_element_in_html_document() =>
|
||||
{
|
||||
DomRoot::from_ref(elem)
|
||||
},
|
||||
// set context to the result of creating an element
|
||||
// given this's node document, "body", and the HTML namespace.
|
||||
_ => DomRoot::upcast(HTMLBodyElement::new(
|
||||
local_name!("body"),
|
||||
None,
|
||||
|
|
@ -2446,6 +2457,13 @@ impl Element {
|
|||
Dom::from_ref(&*ElementInternals::new(elem, can_gc))
|
||||
}))
|
||||
}
|
||||
|
||||
pub(crate) fn outer_html(&self, can_gc: CanGc) -> Fallible<DOMString> {
|
||||
match self.GetOuterHTML(can_gc)? {
|
||||
TrustedHTMLOrNullIsEmptyString::NullIsEmptyString(str) => Ok(str),
|
||||
TrustedHTMLOrNullIsEmptyString::TrustedHTML(_) => unreachable!(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl ElementMethods<crate::DomTypeHolder> for Element {
|
||||
|
|
@ -3100,7 +3118,17 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
|
|||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#dom-element-sethtmlunsafe>
|
||||
fn SetHTMLUnsafe(&self, html: DOMString, can_gc: CanGc) {
|
||||
fn SetHTMLUnsafe(&self, html: TrustedHTMLOrString, can_gc: CanGc) -> ErrorResult {
|
||||
// Step 1. Let compliantHTML be the result of invoking the
|
||||
// Get Trusted Type compliant string algorithm with TrustedHTML,
|
||||
// this's relevant global object, html, "Element setHTMLUnsafe", and "script".
|
||||
let html = DOMString::from(TrustedHTML::get_trusted_script_compliant_string(
|
||||
&self.owner_global(),
|
||||
html,
|
||||
"Element",
|
||||
"setHTMLUnsafe",
|
||||
can_gc,
|
||||
)?);
|
||||
// Step 2. Let target be this's template contents if this is a template element; otherwise this.
|
||||
let target = if let Some(template) = self.downcast::<HTMLTemplateElement>() {
|
||||
DomRoot::upcast(template.Content(can_gc))
|
||||
|
|
@ -3110,6 +3138,7 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
|
|||
|
||||
// Step 3. Unsafely set HTML given target, this, and compliantHTML
|
||||
Node::unsafely_set_html(&target, self, html, can_gc);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#dom-element-gethtml>
|
||||
|
|
@ -3125,7 +3154,7 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
|
|||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#dom-element-innerhtml>
|
||||
fn GetInnerHTML(&self, can_gc: CanGc) -> Fallible<DOMString> {
|
||||
fn GetInnerHTML(&self, can_gc: CanGc) -> Fallible<TrustedHTMLOrNullIsEmptyString> {
|
||||
let qname = QualName::new(
|
||||
self.prefix().clone(),
|
||||
self.namespace().clone(),
|
||||
|
|
@ -3142,16 +3171,28 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
|
|||
.xml_serialize(XmlChildrenOnly(Some(qname)))
|
||||
};
|
||||
|
||||
Ok(result)
|
||||
Ok(TrustedHTMLOrNullIsEmptyString::NullIsEmptyString(result))
|
||||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#dom-element-innerhtml>
|
||||
fn SetInnerHTML(&self, value: DOMString, can_gc: CanGc) -> ErrorResult {
|
||||
// Step 2.
|
||||
fn SetInnerHTML(&self, value: TrustedHTMLOrNullIsEmptyString, can_gc: CanGc) -> ErrorResult {
|
||||
// Step 1: Let compliantString be the result of invoking the
|
||||
// Get Trusted Type compliant string algorithm with TrustedHTML,
|
||||
// this's relevant global object, the given value, "Element innerHTML", and "script".
|
||||
let value = DOMString::from(TrustedHTML::get_trusted_script_compliant_string(
|
||||
&self.owner_global(),
|
||||
value.convert(),
|
||||
"Element",
|
||||
"innerHTML",
|
||||
can_gc,
|
||||
)?);
|
||||
// https://github.com/w3c/DOM-Parsing/issues/1
|
||||
let target = if let Some(template) = self.downcast::<HTMLTemplateElement>() {
|
||||
// Step 4: If context is a template element, then set context to
|
||||
// the template element's template contents (a DocumentFragment).
|
||||
DomRoot::upcast(template.Content(can_gc))
|
||||
} else {
|
||||
// Step 2: Let context be this.
|
||||
DomRoot::from_ref(self.upcast())
|
||||
};
|
||||
|
||||
|
|
@ -3168,15 +3209,17 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
|
|||
return Ok(());
|
||||
}
|
||||
|
||||
// Step 1.
|
||||
// Step 3: Let fragment be the result of invoking the fragment parsing algorithm steps
|
||||
// with context and compliantString.
|
||||
let frag = self.parse_fragment(value, can_gc)?;
|
||||
|
||||
// Step 5: Replace all with fragment within context.
|
||||
Node::replace_all(Some(frag.upcast()), &target, can_gc);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#dom-element-outerhtml>
|
||||
fn GetOuterHTML(&self, can_gc: CanGc) -> Fallible<DOMString> {
|
||||
fn GetOuterHTML(&self, can_gc: CanGc) -> Fallible<TrustedHTMLOrNullIsEmptyString> {
|
||||
// FIXME: This should use the fragment serialization algorithm, which takes
|
||||
// care of distinguishing between html/xml documents
|
||||
let result = if self.owner_document().is_html_document() {
|
||||
|
|
@ -3186,27 +3229,39 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
|
|||
self.upcast::<Node>().xml_serialize(XmlIncludeNode)
|
||||
};
|
||||
|
||||
Ok(result)
|
||||
Ok(TrustedHTMLOrNullIsEmptyString::NullIsEmptyString(result))
|
||||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#dom-element-outerhtml>
|
||||
fn SetOuterHTML(&self, value: DOMString, can_gc: CanGc) -> ErrorResult {
|
||||
fn SetOuterHTML(&self, value: TrustedHTMLOrNullIsEmptyString, can_gc: CanGc) -> ErrorResult {
|
||||
// Step 1: Let compliantString be the result of invoking the
|
||||
// Get Trusted Type compliant string algorithm with TrustedHTML,
|
||||
// this's relevant global object, the given value, "Element outerHTML", and "script".
|
||||
let value = DOMString::from(TrustedHTML::get_trusted_script_compliant_string(
|
||||
&self.owner_global(),
|
||||
value.convert(),
|
||||
"Element",
|
||||
"outerHTML",
|
||||
can_gc,
|
||||
)?);
|
||||
let context_document = self.owner_document();
|
||||
let context_node = self.upcast::<Node>();
|
||||
// Step 1.
|
||||
// Step 2: Let parent be this's parent.
|
||||
let context_parent = match context_node.GetParentNode() {
|
||||
None => {
|
||||
// Step 2.
|
||||
// Step 3: If parent is null, return. There would be no way to
|
||||
// obtain a reference to the nodes created even if the remaining steps were run.
|
||||
return Ok(());
|
||||
},
|
||||
Some(parent) => parent,
|
||||
};
|
||||
|
||||
let parent = match context_parent.type_id() {
|
||||
// Step 3.
|
||||
// Step 4: If parent is a Document, throw a "NoModificationAllowedError" DOMException.
|
||||
NodeTypeId::Document(_) => return Err(Error::NoModificationAllowed),
|
||||
|
||||
// Step 4.
|
||||
// Step 5: If parent is a DocumentFragment, set parent to the result of
|
||||
// creating an element given this's node document, "body", and the HTML namespace.
|
||||
NodeTypeId::DocumentFragment(_) => {
|
||||
let body_elem = Element::create(
|
||||
QualName::new(None, ns!(html), local_name!("body")),
|
||||
|
|
@ -3222,9 +3277,10 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
|
|||
_ => context_node.GetParentElement().unwrap(),
|
||||
};
|
||||
|
||||
// Step 5.
|
||||
// Step 6: Let fragment be the result of invoking the
|
||||
// fragment parsing algorithm steps given parent and compliantString.
|
||||
let frag = parent.parse_fragment(value, can_gc)?;
|
||||
// Step 6.
|
||||
// Step 7: Replace this with fragment within this's parent.
|
||||
context_parent.ReplaceChild(frag.upcast(), context_node, can_gc)?;
|
||||
Ok(())
|
||||
}
|
||||
|
|
@ -3391,38 +3447,57 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
|
|||
fn InsertAdjacentHTML(
|
||||
&self,
|
||||
position: DOMString,
|
||||
text: DOMString,
|
||||
text: TrustedHTMLOrString,
|
||||
can_gc: CanGc,
|
||||
) -> ErrorResult {
|
||||
// Step 1.
|
||||
// Step 1: Let compliantString be the result of invoking the
|
||||
// Get Trusted Type compliant string algorithm with TrustedHTML,
|
||||
// this's relevant global object, string, "Element insertAdjacentHTML", and "script".
|
||||
let text = DOMString::from(TrustedHTML::get_trusted_script_compliant_string(
|
||||
&self.owner_global(),
|
||||
text,
|
||||
"Element",
|
||||
"insertAdjacentHTML",
|
||||
can_gc,
|
||||
)?);
|
||||
let position = position.parse::<AdjacentPosition>()?;
|
||||
|
||||
// Step 2: Let context be null.
|
||||
// Step 3: Use the first matching item from this list:
|
||||
let context = match position {
|
||||
// If position is an ASCII case-insensitive match for the string "beforebegin"
|
||||
// If position is an ASCII case-insensitive match for the string "afterend"
|
||||
AdjacentPosition::BeforeBegin | AdjacentPosition::AfterEnd => {
|
||||
match self.upcast::<Node>().GetParentNode() {
|
||||
// Step 3.2: If context is null or a Document, throw a "NoModificationAllowedError" DOMException.
|
||||
Some(ref node) if node.is::<Document>() => {
|
||||
return Err(Error::NoModificationAllowed);
|
||||
},
|
||||
None => return Err(Error::NoModificationAllowed),
|
||||
// Step 3.1: Set context to this's parent.
|
||||
Some(node) => node,
|
||||
}
|
||||
},
|
||||
// If position is an ASCII case-insensitive match for the string "afterbegin"
|
||||
// If position is an ASCII case-insensitive match for the string "beforeend"
|
||||
AdjacentPosition::AfterBegin | AdjacentPosition::BeforeEnd => {
|
||||
// Set context to this.
|
||||
DomRoot::from_ref(self.upcast::<Node>())
|
||||
},
|
||||
};
|
||||
|
||||
// Step 2.
|
||||
// Step 4.
|
||||
let context = Element::fragment_parsing_context(
|
||||
&context.owner_doc(),
|
||||
context.downcast::<Element>(),
|
||||
can_gc,
|
||||
);
|
||||
|
||||
// Step 3.
|
||||
// Step 5: Let fragment be the result of invoking the
|
||||
// fragment parsing algorithm steps with context and compliantString.
|
||||
let fragment = context.parse_fragment(text, can_gc)?;
|
||||
|
||||
// Step 4.
|
||||
// Step 6.
|
||||
self.insert_adjacent(position, fragment.upcast(), can_gc)
|
||||
.map(|_| ())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,8 +6,11 @@ use std::fmt;
|
|||
|
||||
use dom_struct::dom_struct;
|
||||
|
||||
use crate::conversions::Convert;
|
||||
use crate::dom::bindings::codegen::Bindings::TrustedHTMLBinding::TrustedHTMLMethods;
|
||||
use crate::dom::bindings::codegen::UnionTypes::TrustedHTMLOrString;
|
||||
use crate::dom::bindings::codegen::UnionTypes::{
|
||||
TrustedHTMLOrNullIsEmptyString, TrustedHTMLOrString,
|
||||
};
|
||||
use crate::dom::bindings::error::Fallible;
|
||||
use crate::dom::bindings::reflector::{Reflector, reflect_dom_object};
|
||||
use crate::dom::bindings::root::DomRoot;
|
||||
|
|
@ -80,3 +83,16 @@ impl TrustedHTMLMethods<crate::DomTypeHolder> for TrustedHTML {
|
|||
DOMString::from(&*self.data)
|
||||
}
|
||||
}
|
||||
|
||||
impl Convert<TrustedHTMLOrString> for TrustedHTMLOrNullIsEmptyString {
|
||||
fn convert(self) -> TrustedHTMLOrString {
|
||||
match self {
|
||||
TrustedHTMLOrNullIsEmptyString::TrustedHTML(trusted_html) => {
|
||||
TrustedHTMLOrString::TrustedHTML(trusted_html)
|
||||
},
|
||||
TrustedHTMLOrNullIsEmptyString::NullIsEmptyString(str) => {
|
||||
TrustedHTMLOrString::String(str)
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -902,7 +902,7 @@ pub(crate) fn handle_get_page_source(
|
|||
.find_document(pipeline)
|
||||
.ok_or(ErrorStatus::UnknownError)
|
||||
.and_then(|document| match document.GetDocumentElement() {
|
||||
Some(element) => match element.GetOuterHTML(can_gc) {
|
||||
Some(element) => match element.outer_html(can_gc) {
|
||||
Ok(source) => Ok(source.to_string()),
|
||||
Err(_) => {
|
||||
match XMLSerializer::new(document.window(), None, can_gc)
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ interface Element : Node {
|
|||
[Throws]
|
||||
undefined insertAdjacentText(DOMString where_, DOMString data);
|
||||
[CEReactions, Throws]
|
||||
undefined insertAdjacentHTML(DOMString position, DOMString html);
|
||||
undefined insertAdjacentHTML(DOMString position, (TrustedHTML or DOMString) string);
|
||||
|
||||
[Throws, Pref="dom_shadowdom_enabled"] ShadowRoot attachShadow(ShadowRootInit init);
|
||||
readonly attribute ShadowRoot? shadowRoot;
|
||||
|
|
@ -122,11 +122,11 @@ partial interface Element {
|
|||
|
||||
// https://html.spec.whatwg.org/multipage/#dom-parsing-and-serialization
|
||||
partial interface Element {
|
||||
[CEReactions] undefined setHTMLUnsafe(DOMString html);
|
||||
[CEReactions, Throws] undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
|
||||
DOMString getHTML(optional GetHTMLOptions options = {});
|
||||
|
||||
[CEReactions, Throws] attribute [LegacyNullToEmptyString] DOMString innerHTML;
|
||||
[CEReactions, Throws] attribute [LegacyNullToEmptyString] DOMString outerHTML;
|
||||
[CEReactions, Throws] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
|
||||
[CEReactions, Throws] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) outerHTML;
|
||||
};
|
||||
|
||||
dictionary GetHTMLOptions {
|
||||
|
|
|
|||
|
|
@ -16,6 +16,3 @@
|
|||
|
||||
[AsyncGenerator Function constructor is also clipped.]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Types violation sample is clipped to 40 characters excluded the sink name.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,22 +1,10 @@
|
|||
[HTMLElement-generic.html]
|
||||
[TT enabled: div.innerHTML\n = String on a\n connected element\n ]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: div.innerHTML\n = String on a\n non-connected element\n ]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: iframe.srcdoc\n = String on a\n connected element\n ]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: iframe.srcdoc\n = String on a\n non-connected element\n ]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: div.innerHTML\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: div.innerHTML\n = String on a\n non-connected element\n after removing the "require-trusted-types-for 'script' directive]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: iframe.srcdoc\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
[block-string-assignment-to-Element-insertAdjacentHTML.html]
|
||||
[`insertAdjacentHTML(string)` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`insertAdjacentHTML(string)` still throws TypeError when position invalid.]
|
||||
expected: FAIL
|
||||
|
||||
[`insertAdjacentHTML(null)` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`insertAdjacentHTML(string)` assigned via default policy (successful HTML transformation).]
|
||||
expected: FAIL
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
[block-string-assignment-to-Element-outerHTML.html]
|
||||
[`outerHTML = string` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`outerHTML = string` throws TypeError even when parent is a document.]
|
||||
expected: FAIL
|
||||
|
||||
[`outerHTML = null` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`outerHTML = string` assigned via default policy (successful HTML transformation).]
|
||||
expected: FAIL
|
||||
|
||||
[`outerHTML = null` assigned via default policy does not throw]
|
||||
expected: FAIL
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
[block-string-assignment-to-Element-setHTMLUnsafe.html]
|
||||
[`element.setHTMLUnsafe(string)` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`element.setHTMLUnsafe(null)` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`element.setHTMLUnsafe(string)` assigned via default policy (successful HTML transformation).]
|
||||
expected: FAIL
|
||||
|
||||
[`element.setHTMLUnsafe(string)` assigned via default policy does not throw]
|
||||
expected: FAIL
|
||||
|
|
@ -1,12 +1,6 @@
|
|||
[block-string-assignment-to-HTMLElement-generic.html]
|
||||
[div.innerHTML accepts only TrustedHTML]
|
||||
expected: FAIL
|
||||
|
||||
[iframe.srcdoc accepts only TrustedHTML]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML accepts string and null after default policy was created]
|
||||
expected: FAIL
|
||||
|
||||
[iframe.srcdoc accepts string and null after default policy was created]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
[block-string-assignment-to-text-and-url-sinks.html]
|
||||
[Setting HTMLDivElement.innerHTML to a plain string]
|
||||
expected: FAIL
|
||||
|
||||
[Setting HTMLScriptElement.innerHTML to a plain string]
|
||||
expected: FAIL
|
||||
|
||||
[Setting SVGScriptElement.innerHTML to a plain string]
|
||||
expected: FAIL
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
[default-policy.html]
|
||||
expected: OK
|
||||
[Count SecurityPolicyViolation events.]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML no default policy]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML default]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML null]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML throw]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML undefined]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML typeerror]
|
||||
expected: FAIL
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
[empty-default-policy.html]
|
||||
expected: OK
|
||||
[Count SecurityPolicyViolation events.]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML default]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +1,3 @@
|
|||
[require-trusted-types-for-TypeError-belongs-to-the-global-object-realm.html]
|
||||
[Setting innerHTML on a node inserted by the parser.]
|
||||
expected: FAIL
|
||||
|
||||
[Setting innerHTML on a node adopted from a subframe.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
[require-trusted-types-for-report-only.html]
|
||||
[Require trusted types for 'script' block create HTML.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[require-trusted-types-for.html]
|
||||
[Require trusted types for 'script' block create HTML.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,20 +1,5 @@
|
|||
[should-sink-type-mismatch-violation-be-blocked-by-csp-001.html]
|
||||
expected: TIMEOUT
|
||||
[Multiple enforce require-trusted-types-for directives.]
|
||||
expected: FAIL
|
||||
|
||||
[Multiple report-only require-trusted-types-for directives.]
|
||||
expected: FAIL
|
||||
|
||||
[One violated report-only require-trusted-types-for directive followed by multiple enforce directives]
|
||||
expected: FAIL
|
||||
|
||||
[One violated enforce require-trusted-types-for directive followed by multiple report-only directives]
|
||||
expected: FAIL
|
||||
|
||||
[Mixing enforce and report-only require-trusted-types-for directives.]
|
||||
expected: FAIL
|
||||
|
||||
[directive "require-trusted-types-for 'script'%09'script'%0A'script'%0C'script'%0D'script'%20'script'" (required-ascii-whitespace)]
|
||||
expected: TIMEOUT
|
||||
|
||||
|
|
@ -33,9 +18,6 @@
|
|||
[directive "require-trusted-types-for unquoted-invalid 'script' also-unquoted-invalid (unknown sink group)]
|
||||
expected: NOTRUN
|
||||
|
||||
[directive "require-trusted-types-for 'invalid'%09'script'" (required-ascii-whitespace)]
|
||||
expected: FAIL
|
||||
|
||||
[directive "require-trusted-types-for 'invalid'%0A%20'script'" (required-ascii-whitespace)]
|
||||
expected: TIMEOUT
|
||||
|
||||
|
|
|
|||
|
|
@ -1,24 +0,0 @@
|
|||
[trusted-types-createHTMLDocument.html]
|
||||
[Trusted Type instances created in the main doc can be used. (document)]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Type instances created in the main doc can be used. (createHTMLDocument)]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Type instances created in the main doc can be used. (DOMParser)]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Type instances created in the main doc can be used. (XHR)]
|
||||
expected: FAIL
|
||||
|
||||
[Default policy applies. (document)]
|
||||
expected: FAIL
|
||||
|
||||
[Default policy applies. (createHTMLDocument)]
|
||||
expected: FAIL
|
||||
|
||||
[Default policy applies. (DOMParser)]
|
||||
expected: FAIL
|
||||
|
||||
[Default policy applies. (XHR)]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[trusted-types-report-only.html]
|
||||
[Trusted Type violation report-only: assign string to html]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Type violation report-only: assign string to script content]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-Element-innerHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-Element-insertAdjacentHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-Element-outerHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-Element-setHTMLUnsafe.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-HTMLScriptElement-innerHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-SVGScriptElement-innerHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-sandbox-allow-scripts.html]
|
||||
[Default Trusted Types policy in a sandboxed page with allow-scripts.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
[trusted-types-source-file-path.html]
|
||||
[same-document script]
|
||||
expected: FAIL
|
||||
|
||||
[same-origin script]
|
||||
expected: FAIL
|
||||
|
||||
[cross-origin script]
|
||||
expected: FAIL
|
||||
Loading…
Add table
Add a link
Reference in a new issue