Implement trusted HTML sinks for Element (#36941)

Also implements a conversion for `TrustedHTMLOrNullIsEmptyString`
to `TrustedHTMLOrString` to avoid introducing a separate
`get_trusted_script_compliant_string` for the new type.

Part of #36258

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

components/script/dom/element.rs

@@ -63,6 +63,7 @@ use xml5ever::serialize::TraversalScope::{
     ChildrenOnly as XmlChildrenOnly, IncludeNode as XmlIncludeNode,
 };
 
+use crate::conversions::Convert;
 use crate::dom::activation::Activatable;
 use crate::dom::attr::{Attr, AttrHelpersForLayout};
 use crate::dom::bindings::cell::{DomRefCell, Ref, RefMut, ref_filter_map};
@@ -80,7 +81,9 @@ use crate::dom::bindings::codegen::Bindings::ShadowRootBinding::{
 use crate::dom::bindings::codegen::Bindings::WindowBinding::{
     ScrollBehavior, ScrollToOptions, WindowMethods,
 };
-use crate::dom::bindings::codegen::UnionTypes::{NodeOrString, TrustedScriptURLOrUSVString};
+use crate::dom::bindings::codegen::UnionTypes::{
+    NodeOrString, TrustedHTMLOrNullIsEmptyString, TrustedHTMLOrString, TrustedScriptURLOrUSVString,
+};
 use crate::dom::bindings::conversions::DerivedFrom;
 use crate::dom::bindings::error::{Error, ErrorResult, Fallible};
 use crate::dom::bindings::inheritance::{Castable, ElementTypeId, HTMLElementTypeId, NodeTypeId};
@@ -152,6 +155,7 @@ use crate::dom::raredata::ElementRareData;
 use crate::dom::servoparser::ServoParser;
 use crate::dom::shadowroot::{IsUserAgentWidget, ShadowRoot};
 use crate::dom::text::Text;
+use crate::dom::trustedhtml::TrustedHTML;
 use crate::dom::validation::Validatable;
 use crate::dom::validitystate::ValidationFlags;
 use crate::dom::virtualmethods::{VirtualMethods, vtable_for};
@@ -2322,18 +2326,25 @@ impl Element {
         Ok(fragment)
     }
 
+    /// Step 4 of <https://html.spec.whatwg.org/multipage/#dom-element-insertadjacenthtml>
     pub(crate) fn fragment_parsing_context(
         owner_doc: &Document,
         element: Option<&Self>,
         can_gc: CanGc,
     ) -> DomRoot<Self> {
+        // If context is not an Element or all of the following are true:
         match element {
             Some(elem)
+                // context's node document is an HTML document;
+                // context's local name is "html"; and
+                // context's namespace is the HTML namespace,
                 if elem.local_name() != &local_name!("html") ||
                     !elem.html_element_in_html_document() =>
             {
                 DomRoot::from_ref(elem)
             },
+            // set context to the result of creating an element
+            // given this's node document, "body", and the HTML namespace.
             _ => DomRoot::upcast(HTMLBodyElement::new(
                 local_name!("body"),
                 None,
@@ -2446,6 +2457,13 @@ impl Element {
             Dom::from_ref(&*ElementInternals::new(elem, can_gc))
         }))
     }
+
+    pub(crate) fn outer_html(&self, can_gc: CanGc) -> Fallible<DOMString> {
+        match self.GetOuterHTML(can_gc)? {
+            TrustedHTMLOrNullIsEmptyString::NullIsEmptyString(str) => Ok(str),
+            TrustedHTMLOrNullIsEmptyString::TrustedHTML(_) => unreachable!(),
+        }
+    }
 }
 
 impl ElementMethods<crate::DomTypeHolder> for Element {
@@ -3100,7 +3118,17 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
     }
 
     /// <https://html.spec.whatwg.org/multipage/#dom-element-sethtmlunsafe>
-    fn SetHTMLUnsafe(&self, html: DOMString, can_gc: CanGc) {
+    fn SetHTMLUnsafe(&self, html: TrustedHTMLOrString, can_gc: CanGc) -> ErrorResult {
+        // Step 1. Let compliantHTML be the result of invoking the
+        // Get Trusted Type compliant string algorithm with TrustedHTML,
+        // this's relevant global object, html, "Element setHTMLUnsafe", and "script".
+        let html = DOMString::from(TrustedHTML::get_trusted_script_compliant_string(
+            &self.owner_global(),
+            html,
+            "Element",
+            "setHTMLUnsafe",
+            can_gc,
+        )?);
         // Step 2. Let target be this's template contents if this is a template element; otherwise this.
         let target = if let Some(template) = self.downcast::<HTMLTemplateElement>() {
             DomRoot::upcast(template.Content(can_gc))
@@ -3110,6 +3138,7 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
 
         // Step 3. Unsafely set HTML given target, this, and compliantHTML
         Node::unsafely_set_html(&target, self, html, can_gc);
+        Ok(())
     }
 
     /// <https://html.spec.whatwg.org/multipage/#dom-element-gethtml>
@@ -3125,7 +3154,7 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
     }
 
     /// <https://html.spec.whatwg.org/multipage/#dom-element-innerhtml>
-    fn GetInnerHTML(&self, can_gc: CanGc) -> Fallible<DOMString> {
+    fn GetInnerHTML(&self, can_gc: CanGc) -> Fallible<TrustedHTMLOrNullIsEmptyString> {
         let qname = QualName::new(
             self.prefix().clone(),
             self.namespace().clone(),
@@ -3142,16 +3171,28 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
                 .xml_serialize(XmlChildrenOnly(Some(qname)))
         };
 
-        Ok(result)
+        Ok(TrustedHTMLOrNullIsEmptyString::NullIsEmptyString(result))
     }
 
     /// <https://html.spec.whatwg.org/multipage/#dom-element-innerhtml>
-    fn SetInnerHTML(&self, value: DOMString, can_gc: CanGc) -> ErrorResult {
+    fn SetInnerHTML(&self, value: TrustedHTMLOrNullIsEmptyString, can_gc: CanGc) -> ErrorResult {
-        // Step 2.
+        // Step 1: Let compliantString be the result of invoking the
+        // Get Trusted Type compliant string algorithm with TrustedHTML,
+        // this's relevant global object, the given value, "Element innerHTML", and "script".
+        let value = DOMString::from(TrustedHTML::get_trusted_script_compliant_string(
+            &self.owner_global(),
+            value.convert(),
+            "Element",
+            "innerHTML",
+            can_gc,
+        )?);
         // https://github.com/w3c/DOM-Parsing/issues/1
         let target = if let Some(template) = self.downcast::<HTMLTemplateElement>() {
+            // Step 4: If context is a template element, then set context to
+            // the template element's template contents (a DocumentFragment).
             DomRoot::upcast(template.Content(can_gc))
         } else {
+            // Step 2: Let context be this.
             DomRoot::from_ref(self.upcast())
         };
 
@@ -3168,15 +3209,17 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
             return Ok(());
         }
 
-        // Step 1.
+        // Step 3: Let fragment be the result of invoking the fragment parsing algorithm steps
+        // with context and compliantString.
         let frag = self.parse_fragment(value, can_gc)?;
 
+        // Step 5: Replace all with fragment within context.
         Node::replace_all(Some(frag.upcast()), &target, can_gc);
         Ok(())
     }
 
     /// <https://html.spec.whatwg.org/multipage/#dom-element-outerhtml>
-    fn GetOuterHTML(&self, can_gc: CanGc) -> Fallible<DOMString> {
+    fn GetOuterHTML(&self, can_gc: CanGc) -> Fallible<TrustedHTMLOrNullIsEmptyString> {
         // FIXME: This should use the fragment serialization algorithm, which takes
         // care of distinguishing between html/xml documents
         let result = if self.owner_document().is_html_document() {
@@ -3186,27 +3229,39 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
             self.upcast::<Node>().xml_serialize(XmlIncludeNode)
         };
 
-        Ok(result)
+        Ok(TrustedHTMLOrNullIsEmptyString::NullIsEmptyString(result))
     }
 
     /// <https://html.spec.whatwg.org/multipage/#dom-element-outerhtml>
-    fn SetOuterHTML(&self, value: DOMString, can_gc: CanGc) -> ErrorResult {
+    fn SetOuterHTML(&self, value: TrustedHTMLOrNullIsEmptyString, can_gc: CanGc) -> ErrorResult {
+        // Step 1: Let compliantString be the result of invoking the
+        // Get Trusted Type compliant string algorithm with TrustedHTML,
+        // this's relevant global object, the given value, "Element outerHTML", and "script".
+        let value = DOMString::from(TrustedHTML::get_trusted_script_compliant_string(
+            &self.owner_global(),
+            value.convert(),
+            "Element",
+            "outerHTML",
+            can_gc,
+        )?);
         let context_document = self.owner_document();
         let context_node = self.upcast::<Node>();
-        // Step 1.
+        // Step 2: Let parent be this's parent.
         let context_parent = match context_node.GetParentNode() {
             None => {
-                // Step 2.
+                // Step 3: If parent is null, return. There would be no way to
+                // obtain a reference to the nodes created even if the remaining steps were run.
                 return Ok(());
             },
             Some(parent) => parent,
         };
 
         let parent = match context_parent.type_id() {
-            // Step 3.
+            // Step 4: If parent is a Document, throw a "NoModificationAllowedError" DOMException.
             NodeTypeId::Document(_) => return Err(Error::NoModificationAllowed),
 
-            // Step 4.
+            // Step 5: If parent is a DocumentFragment, set parent to the result of
+            // creating an element given this's node document, "body", and the HTML namespace.
             NodeTypeId::DocumentFragment(_) => {
                 let body_elem = Element::create(
                     QualName::new(None, ns!(html), local_name!("body")),
@@ -3222,9 +3277,10 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
             _ => context_node.GetParentElement().unwrap(),
         };
 
-        // Step 5.
+        // Step 6: Let fragment be the result of invoking the
+        // fragment parsing algorithm steps given parent and compliantString.
         let frag = parent.parse_fragment(value, can_gc)?;
-        // Step 6.
+        // Step 7: Replace this with fragment within this's parent.
         context_parent.ReplaceChild(frag.upcast(), context_node, can_gc)?;
         Ok(())
     }
@@ -3391,38 +3447,57 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
     fn InsertAdjacentHTML(
         &self,
         position: DOMString,
-        text: DOMString,
+        text: TrustedHTMLOrString,
         can_gc: CanGc,
     ) -> ErrorResult {
-        // Step 1.
+        // Step 1: Let compliantString be the result of invoking the
+        // Get Trusted Type compliant string algorithm with TrustedHTML,
+        // this's relevant global object, string, "Element insertAdjacentHTML", and "script".
+        let text = DOMString::from(TrustedHTML::get_trusted_script_compliant_string(
+            &self.owner_global(),
+            text,
+            "Element",
+            "insertAdjacentHTML",
+            can_gc,
+        )?);
         let position = position.parse::<AdjacentPosition>()?;
 
+        // Step 2: Let context be null.
+        // Step 3: Use the first matching item from this list:
         let context = match position {
+            // If position is an ASCII case-insensitive match for the string "beforebegin"
+            // If position is an ASCII case-insensitive match for the string "afterend"
             AdjacentPosition::BeforeBegin | AdjacentPosition::AfterEnd => {
                 match self.upcast::<Node>().GetParentNode() {
+                    // Step 3.2: If context is null or a Document, throw a "NoModificationAllowedError" DOMException.
                     Some(ref node) if node.is::<Document>() => {
                         return Err(Error::NoModificationAllowed);
                     },
                     None => return Err(Error::NoModificationAllowed),
+                    // Step 3.1: Set context to this's parent.
                     Some(node) => node,
                 }
             },
+            // If position is an ASCII case-insensitive match for the string "afterbegin"
+            // If position is an ASCII case-insensitive match for the string "beforeend"
             AdjacentPosition::AfterBegin | AdjacentPosition::BeforeEnd => {
+                // Set context to this.
                 DomRoot::from_ref(self.upcast::<Node>())
             },
         };
 
-        // Step 2.
+        // Step 4.
         let context = Element::fragment_parsing_context(
             &context.owner_doc(),
             context.downcast::<Element>(),
             can_gc,
         );
 
-        // Step 3.
+        // Step 5: Let fragment be the result of invoking the
+        // fragment parsing algorithm steps with context and compliantString.
         let fragment = context.parse_fragment(text, can_gc)?;
 
-        // Step 4.
+        // Step 6.
         self.insert_adjacent(position, fragment.upcast(), can_gc)
             .map(|_| ())
     }

components/script/dom/trustedhtml.rs

@@ -6,8 +6,11 @@ use std::fmt;
 
 use dom_struct::dom_struct;
 
+use crate::conversions::Convert;
 use crate::dom::bindings::codegen::Bindings::TrustedHTMLBinding::TrustedHTMLMethods;
-use crate::dom::bindings::codegen::UnionTypes::TrustedHTMLOrString;
+use crate::dom::bindings::codegen::UnionTypes::{
+    TrustedHTMLOrNullIsEmptyString, TrustedHTMLOrString,
+};
 use crate::dom::bindings::error::Fallible;
 use crate::dom::bindings::reflector::{Reflector, reflect_dom_object};
 use crate::dom::bindings::root::DomRoot;
@@ -80,3 +83,16 @@ impl TrustedHTMLMethods<crate::DomTypeHolder> for TrustedHTML {
         DOMString::from(&*self.data)
     }
 }
+
+impl Convert<TrustedHTMLOrString> for TrustedHTMLOrNullIsEmptyString {
+    fn convert(self) -> TrustedHTMLOrString {
+        match self {
+            TrustedHTMLOrNullIsEmptyString::TrustedHTML(trusted_html) => {
+                TrustedHTMLOrString::TrustedHTML(trusted_html)
+            },
+            TrustedHTMLOrNullIsEmptyString::NullIsEmptyString(str) => {
+                TrustedHTMLOrString::String(str)
+            },
+        }
+    }
+}

components/script/webdriver_handlers.rs

@@ -902,7 +902,7 @@ pub(crate) fn handle_get_page_source(
                 .find_document(pipeline)
                 .ok_or(ErrorStatus::UnknownError)
                 .and_then(|document| match document.GetDocumentElement() {
-                    Some(element) => match element.GetOuterHTML(can_gc) {
+                    Some(element) => match element.outer_html(can_gc) {
                         Ok(source) => Ok(source.to_string()),
                         Err(_) => {
                             match XMLSerializer::new(document.window(), None, can_gc)

components/script_bindings/webidls/Element.webidl

@@ -82,7 +82,7 @@ interface Element : Node {
   [Throws]
   undefined insertAdjacentText(DOMString where_, DOMString data);
   [CEReactions, Throws]
-  undefined insertAdjacentHTML(DOMString position, DOMString html);
+  undefined insertAdjacentHTML(DOMString position, (TrustedHTML or DOMString) string);
 
   [Throws, Pref="dom_shadowdom_enabled"] ShadowRoot attachShadow(ShadowRootInit init);
   readonly attribute ShadowRoot? shadowRoot;
@@ -122,11 +122,11 @@ partial interface Element {
 
 // https://html.spec.whatwg.org/multipage/#dom-parsing-and-serialization
 partial interface Element {
-  [CEReactions] undefined setHTMLUnsafe(DOMString html);
+  [CEReactions, Throws] undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
   DOMString getHTML(optional GetHTMLOptions options = {});
 
-  [CEReactions, Throws] attribute [LegacyNullToEmptyString] DOMString innerHTML;
+  [CEReactions, Throws] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
-  [CEReactions, Throws] attribute [LegacyNullToEmptyString] DOMString outerHTML;
+  [CEReactions, Throws] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) outerHTML;
 };
 
 dictionary GetHTMLOptions {

tests/wpt/meta/content-security-policy/reporting/report-clips-sample.https.html.ini

@@ -16,6 +16,3 @@
 
   [AsyncGenerator Function constructor is also clipped.]
     expected: FAIL
-
-  [Trusted Types violation sample is clipped to 40 characters excluded the sink name.]
-    expected: FAIL

tests/wpt/meta/trusted-types/HTMLElement-generic.html.ini

@@ -1,22 +1,10 @@
 [HTMLElement-generic.html]
-  [TT enabled: div.innerHTML\n            = String on a\n            connected element\n            ]
-    expected: FAIL
-
-  [TT enabled: div.innerHTML\n            = String on a\n            non-connected element\n            ]
-    expected: FAIL
-
   [TT enabled: iframe.srcdoc\n            = String on a\n            connected element\n            ]
     expected: FAIL
 
   [TT enabled: iframe.srcdoc\n            = String on a\n            non-connected element\n            ]
     expected: FAIL
 
-  [TT enabled: div.innerHTML\n            = String on a\n            connected element\n            after removing the "require-trusted-types-for 'script' directive]
-    expected: FAIL
-
-  [TT enabled: div.innerHTML\n            = String on a\n            non-connected element\n            after removing the "require-trusted-types-for 'script' directive]
-    expected: FAIL
-
   [TT enabled: iframe.srcdoc\n            = String on a\n            connected element\n            after removing the "require-trusted-types-for 'script' directive]
     expected: FAIL
 

tests/wpt/meta/trusted-types/block-string-assignment-to-Element-insertAdjacentHTML.html.ini

@@ -1,12 +0,0 @@
-[block-string-assignment-to-Element-insertAdjacentHTML.html]
-  [`insertAdjacentHTML(string)` throws.]
-    expected: FAIL
-
-  [`insertAdjacentHTML(string)` still throws TypeError when position invalid.]
-    expected: FAIL
-
-  [`insertAdjacentHTML(null)` throws.]
-    expected: FAIL
-
-  [`insertAdjacentHTML(string)` assigned via default policy (successful HTML transformation).]
-    expected: FAIL

tests/wpt/meta/trusted-types/block-string-assignment-to-Element-outerHTML.html.ini

@@ -1,15 +0,0 @@
-[block-string-assignment-to-Element-outerHTML.html]
-  [`outerHTML = string` throws.]
-    expected: FAIL
-
-  [`outerHTML = string` throws TypeError even when parent is a document.]
-    expected: FAIL
-
-  [`outerHTML = null` throws.]
-    expected: FAIL
-
-  [`outerHTML = string` assigned via default policy (successful HTML transformation).]
-    expected: FAIL
-
-  [`outerHTML = null` assigned via default policy does not throw]
-    expected: FAIL

tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setHTMLUnsafe.html.ini

@@ -1,12 +0,0 @@
-[block-string-assignment-to-Element-setHTMLUnsafe.html]
-  [`element.setHTMLUnsafe(string)` throws.]
-    expected: FAIL
-
-  [`element.setHTMLUnsafe(null)` throws.]
-    expected: FAIL
-
-  [`element.setHTMLUnsafe(string)` assigned via default policy (successful HTML transformation).]
-    expected: FAIL
-
-  [`element.setHTMLUnsafe(string)` assigned via default policy does not throw]
-    expected: FAIL

tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLElement-generic.html.ini

@@ -1,12 +1,6 @@
 [block-string-assignment-to-HTMLElement-generic.html]
-  [div.innerHTML accepts only TrustedHTML]
-    expected: FAIL
-
   [iframe.srcdoc accepts only TrustedHTML]
     expected: FAIL
 
-  [div.innerHTML accepts string and null after default policy was created]
-    expected: FAIL
-
   [iframe.srcdoc accepts string and null after default policy was created]
     expected: FAIL

tests/wpt/meta/trusted-types/block-string-assignment-to-text-and-url-sinks.html.ini

@@ -1,9 +0,0 @@
-[block-string-assignment-to-text-and-url-sinks.html]
-  [Setting HTMLDivElement.innerHTML to a plain string]
-    expected: FAIL
-
-  [Setting HTMLScriptElement.innerHTML to a plain string]
-    expected: FAIL
-
-  [Setting SVGScriptElement.innerHTML to a plain string]
-    expected: FAIL

tests/wpt/meta/trusted-types/default-policy.html.ini

@@ -1,22 +0,0 @@
-[default-policy.html]
-  expected: OK
-  [Count SecurityPolicyViolation events.]
-    expected: FAIL
-
-  [div.innerHTML no default policy]
-    expected: FAIL
-
-  [div.innerHTML default]
-    expected: FAIL
-
-  [div.innerHTML null]
-    expected: FAIL
-
-  [div.innerHTML throw]
-    expected: FAIL
-
-  [div.innerHTML undefined]
-    expected: FAIL
-
-  [div.innerHTML typeerror]
-    expected: FAIL

tests/wpt/meta/trusted-types/empty-default-policy.html.ini

@@ -1,7 +0,0 @@
-[empty-default-policy.html]
-  expected: OK
-  [Count SecurityPolicyViolation events.]
-    expected: FAIL
-
-  [div.innerHTML default]
-    expected: FAIL

tests/wpt/meta/trusted-types/require-trusted-types-for-TypeError-belongs-to-the-global-object-realm.html.ini

@@ -1,6 +1,3 @@
 [require-trusted-types-for-TypeError-belongs-to-the-global-object-realm.html]
-  [Setting innerHTML on a node inserted by the parser.]
-    expected: FAIL
-
   [Setting innerHTML on a node adopted from a subframe.]
     expected: FAIL

tests/wpt/meta/trusted-types/require-trusted-types-for-report-only.html.ini

@@ -1,3 +0,0 @@
-[require-trusted-types-for-report-only.html]
-  [Require trusted types for 'script' block create HTML.]
-    expected: FAIL

tests/wpt/meta/trusted-types/require-trusted-types-for.html.ini

@@ -1,3 +0,0 @@
-[require-trusted-types-for.html]
-  [Require trusted types for 'script' block create HTML.]
-    expected: FAIL

tests/wpt/meta/trusted-types/should-sink-type-mismatch-violation-be-blocked-by-csp-001.html.ini

@@ -1,20 +1,5 @@
 [should-sink-type-mismatch-violation-be-blocked-by-csp-001.html]
   expected: TIMEOUT
-  [Multiple enforce require-trusted-types-for directives.]
-    expected: FAIL
-
-  [Multiple report-only require-trusted-types-for directives.]
-    expected: FAIL
-
-  [One violated report-only require-trusted-types-for directive followed by multiple enforce directives]
-    expected: FAIL
-
-  [One violated enforce require-trusted-types-for directive followed by multiple report-only directives]
-    expected: FAIL
-
-  [Mixing enforce and report-only require-trusted-types-for directives.]
-    expected: FAIL
-
   [directive "require-trusted-types-for 'script'%09'script'%0A'script'%0C'script'%0D'script'%20'script'" (required-ascii-whitespace)]
     expected: TIMEOUT
 
@@ -33,9 +18,6 @@
   [directive "require-trusted-types-for unquoted-invalid 'script' also-unquoted-invalid (unknown sink group)]
     expected: NOTRUN
 
-  [directive "require-trusted-types-for 'invalid'%09'script'" (required-ascii-whitespace)]
-    expected: FAIL
-
   [directive "require-trusted-types-for 'invalid'%0A%20'script'" (required-ascii-whitespace)]
     expected: TIMEOUT
 

tests/wpt/meta/trusted-types/trusted-types-createHTMLDocument.html.ini

@@ -1,24 +0,0 @@
-[trusted-types-createHTMLDocument.html]
-  [Trusted Type instances created in the main doc can be used. (document)]
-    expected: FAIL
-
-  [Trusted Type instances created in the main doc can be used. (createHTMLDocument)]
-    expected: FAIL
-
-  [Trusted Type instances created in the main doc can be used. (DOMParser)]
-    expected: FAIL
-
-  [Trusted Type instances created in the main doc can be used. (XHR)]
-    expected: FAIL
-
-  [Default policy applies. (document)]
-    expected: FAIL
-
-  [Default policy applies. (createHTMLDocument)]
-    expected: FAIL
-
-  [Default policy applies. (DOMParser)]
-    expected: FAIL
-
-  [Default policy applies. (XHR)]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-report-only.html.ini

@@ -1,6 +0,0 @@
-[trusted-types-report-only.html]
-  [Trusted Type violation report-only: assign string to html]
-    expected: FAIL
-
-  [Trusted Type violation report-only: assign string to script content]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-Element-innerHTML.html.ini

@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-Element-innerHTML.html]
-  [Violation report for plain string.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-Element-insertAdjacentHTML.html.ini

@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-Element-insertAdjacentHTML.html]
-  [Violation report for plain string.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-Element-outerHTML.html.ini

@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-Element-outerHTML.html]
-  [Violation report for plain string.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-Element-setHTMLUnsafe.html.ini

@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-Element-setHTMLUnsafe.html]
-  [Violation report for plain string.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-HTMLScriptElement-innerHTML.html.ini

@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-HTMLScriptElement-innerHTML.html]
-  [Violation report for plain string.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-SVGScriptElement-innerHTML.html.ini

@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-SVGScriptElement-innerHTML.html]
-  [Violation report for plain string.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-sandbox-allow-scripts.html.ini

@@ -1,3 +0,0 @@
-[trusted-types-sandbox-allow-scripts.html]
-  [Default Trusted Types policy in a sandboxed page with allow-scripts.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-source-file-path.html.ini

@@ -1,9 +0,0 @@
-[trusted-types-source-file-path.html]
-  [same-document script]
-    expected: FAIL
-
-  [same-origin script]
-    expected: FAIL
-
-  [cross-origin script]
-    expected: FAIL