mirror of
https://github.com/servo/servo.git
synced 2025-08-03 04:30:10 +01:00
Implement trusted HTML sinks for Element (#36941)
Also implements a conversion for `TrustedHTMLOrNullIsEmptyString` to `TrustedHTMLOrString` to avoid introducing a separate `get_trusted_script_compliant_string` for the new type. Part of #36258 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
parent
a0dd2c1beb
commit
d780fb7695
27 changed files with 118 additions and 212 deletions
|
@ -16,6 +16,3 @@
|
|||
|
||||
[AsyncGenerator Function constructor is also clipped.]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Types violation sample is clipped to 40 characters excluded the sink name.]
|
||||
expected: FAIL
|
||||
|
|
|
@ -1,22 +1,10 @@
|
|||
[HTMLElement-generic.html]
|
||||
[TT enabled: div.innerHTML\n = String on a\n connected element\n ]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: div.innerHTML\n = String on a\n non-connected element\n ]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: iframe.srcdoc\n = String on a\n connected element\n ]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: iframe.srcdoc\n = String on a\n non-connected element\n ]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: div.innerHTML\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: div.innerHTML\n = String on a\n non-connected element\n after removing the "require-trusted-types-for 'script' directive]
|
||||
expected: FAIL
|
||||
|
||||
[TT enabled: iframe.srcdoc\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
[block-string-assignment-to-Element-insertAdjacentHTML.html]
|
||||
[`insertAdjacentHTML(string)` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`insertAdjacentHTML(string)` still throws TypeError when position invalid.]
|
||||
expected: FAIL
|
||||
|
||||
[`insertAdjacentHTML(null)` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`insertAdjacentHTML(string)` assigned via default policy (successful HTML transformation).]
|
||||
expected: FAIL
|
|
@ -1,15 +0,0 @@
|
|||
[block-string-assignment-to-Element-outerHTML.html]
|
||||
[`outerHTML = string` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`outerHTML = string` throws TypeError even when parent is a document.]
|
||||
expected: FAIL
|
||||
|
||||
[`outerHTML = null` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`outerHTML = string` assigned via default policy (successful HTML transformation).]
|
||||
expected: FAIL
|
||||
|
||||
[`outerHTML = null` assigned via default policy does not throw]
|
||||
expected: FAIL
|
|
@ -1,12 +0,0 @@
|
|||
[block-string-assignment-to-Element-setHTMLUnsafe.html]
|
||||
[`element.setHTMLUnsafe(string)` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`element.setHTMLUnsafe(null)` throws.]
|
||||
expected: FAIL
|
||||
|
||||
[`element.setHTMLUnsafe(string)` assigned via default policy (successful HTML transformation).]
|
||||
expected: FAIL
|
||||
|
||||
[`element.setHTMLUnsafe(string)` assigned via default policy does not throw]
|
||||
expected: FAIL
|
|
@ -1,12 +1,6 @@
|
|||
[block-string-assignment-to-HTMLElement-generic.html]
|
||||
[div.innerHTML accepts only TrustedHTML]
|
||||
expected: FAIL
|
||||
|
||||
[iframe.srcdoc accepts only TrustedHTML]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML accepts string and null after default policy was created]
|
||||
expected: FAIL
|
||||
|
||||
[iframe.srcdoc accepts string and null after default policy was created]
|
||||
expected: FAIL
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
[block-string-assignment-to-text-and-url-sinks.html]
|
||||
[Setting HTMLDivElement.innerHTML to a plain string]
|
||||
expected: FAIL
|
||||
|
||||
[Setting HTMLScriptElement.innerHTML to a plain string]
|
||||
expected: FAIL
|
||||
|
||||
[Setting SVGScriptElement.innerHTML to a plain string]
|
||||
expected: FAIL
|
|
@ -1,22 +0,0 @@
|
|||
[default-policy.html]
|
||||
expected: OK
|
||||
[Count SecurityPolicyViolation events.]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML no default policy]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML default]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML null]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML throw]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML undefined]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML typeerror]
|
||||
expected: FAIL
|
|
@ -1,7 +0,0 @@
|
|||
[empty-default-policy.html]
|
||||
expected: OK
|
||||
[Count SecurityPolicyViolation events.]
|
||||
expected: FAIL
|
||||
|
||||
[div.innerHTML default]
|
||||
expected: FAIL
|
|
@ -1,6 +1,3 @@
|
|||
[require-trusted-types-for-TypeError-belongs-to-the-global-object-realm.html]
|
||||
[Setting innerHTML on a node inserted by the parser.]
|
||||
expected: FAIL
|
||||
|
||||
[Setting innerHTML on a node adopted from a subframe.]
|
||||
expected: FAIL
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
[require-trusted-types-for-report-only.html]
|
||||
[Require trusted types for 'script' block create HTML.]
|
||||
expected: FAIL
|
|
@ -1,3 +0,0 @@
|
|||
[require-trusted-types-for.html]
|
||||
[Require trusted types for 'script' block create HTML.]
|
||||
expected: FAIL
|
|
@ -1,20 +1,5 @@
|
|||
[should-sink-type-mismatch-violation-be-blocked-by-csp-001.html]
|
||||
expected: TIMEOUT
|
||||
[Multiple enforce require-trusted-types-for directives.]
|
||||
expected: FAIL
|
||||
|
||||
[Multiple report-only require-trusted-types-for directives.]
|
||||
expected: FAIL
|
||||
|
||||
[One violated report-only require-trusted-types-for directive followed by multiple enforce directives]
|
||||
expected: FAIL
|
||||
|
||||
[One violated enforce require-trusted-types-for directive followed by multiple report-only directives]
|
||||
expected: FAIL
|
||||
|
||||
[Mixing enforce and report-only require-trusted-types-for directives.]
|
||||
expected: FAIL
|
||||
|
||||
[directive "require-trusted-types-for 'script'%09'script'%0A'script'%0C'script'%0D'script'%20'script'" (required-ascii-whitespace)]
|
||||
expected: TIMEOUT
|
||||
|
||||
|
@ -33,9 +18,6 @@
|
|||
[directive "require-trusted-types-for unquoted-invalid 'script' also-unquoted-invalid (unknown sink group)]
|
||||
expected: NOTRUN
|
||||
|
||||
[directive "require-trusted-types-for 'invalid'%09'script'" (required-ascii-whitespace)]
|
||||
expected: FAIL
|
||||
|
||||
[directive "require-trusted-types-for 'invalid'%0A%20'script'" (required-ascii-whitespace)]
|
||||
expected: TIMEOUT
|
||||
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
[trusted-types-createHTMLDocument.html]
|
||||
[Trusted Type instances created in the main doc can be used. (document)]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Type instances created in the main doc can be used. (createHTMLDocument)]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Type instances created in the main doc can be used. (DOMParser)]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Type instances created in the main doc can be used. (XHR)]
|
||||
expected: FAIL
|
||||
|
||||
[Default policy applies. (document)]
|
||||
expected: FAIL
|
||||
|
||||
[Default policy applies. (createHTMLDocument)]
|
||||
expected: FAIL
|
||||
|
||||
[Default policy applies. (DOMParser)]
|
||||
expected: FAIL
|
||||
|
||||
[Default policy applies. (XHR)]
|
||||
expected: FAIL
|
|
@ -1,6 +0,0 @@
|
|||
[trusted-types-report-only.html]
|
||||
[Trusted Type violation report-only: assign string to html]
|
||||
expected: FAIL
|
||||
|
||||
[Trusted Type violation report-only: assign string to script content]
|
||||
expected: FAIL
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-Element-innerHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-Element-insertAdjacentHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-Element-outerHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-Element-setHTMLUnsafe.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-HTMLScriptElement-innerHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-reporting-for-SVGScriptElement-innerHTML.html]
|
||||
[Violation report for plain string.]
|
||||
expected: FAIL
|
|
@ -1,3 +0,0 @@
|
|||
[trusted-types-sandbox-allow-scripts.html]
|
||||
[Default Trusted Types policy in a sandboxed page with allow-scripts.]
|
||||
expected: FAIL
|
|
@ -1,9 +0,0 @@
|
|||
[trusted-types-source-file-path.html]
|
||||
[same-document script]
|
||||
expected: FAIL
|
||||
|
||||
[same-origin script]
|
||||
expected: FAIL
|
||||
|
||||
[cross-origin script]
|
||||
expected: FAIL
|
Loading…
Add table
Add a link
Reference in a new issue