diff --git a/Cargo.lock b/Cargo.lock
index 02730d18a27..ec1075c4f63 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1650,7 +1650,7 @@ dependencies = [
[[package]]
name = "content-security-policy"
version = "0.5.4"
-source = "git+https://github.com/servo/rust-content-security-policy?branch=servo-csp#fc927dfefb1fdc052fa4fa18c2ca3c3f6b87047b"
+source = "git+https://github.com/servo/rust-content-security-policy?branch=servo-csp#b437ae2001616161ce4729b49408e7785b2f6960"
dependencies = [
"base64 0.22.1",
"bitflags 2.9.4",
diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs
index 25579678307..ab28b2b85d4 100644
--- a/components/script/dom/document.rs
+++ b/components/script/dom/document.rs
@@ -357,9 +357,6 @@ pub(crate) struct Document {
asap_in_order_scripts_list: PendingInOrderScriptVec,
///
asap_scripts_set: DomRefCell>>,
- ///
- /// True if scripting is enabled for all scripts in this document
- scripting_enabled: bool,
///
/// Current identifier of animation frame callback
animation_frame_ident: Cell,
@@ -1115,14 +1112,17 @@ impl Document {
}
/// Return whether scripting is enabled or not
- pub(crate) fn is_scripting_enabled(&self) -> bool {
- self.scripting_enabled
- }
-
- /// Return whether scripting is enabled or not
- ///
+ ///
pub(crate) fn scripting_enabled(&self) -> bool {
- self.has_browsing_context()
+ // Scripting is enabled for a node node if node's node document's browsing context is non-null,
+ // and scripting is enabled for node's relevant settings object.
+ self.has_browsing_context() &&
+ // Either settings's global object is not a Window object,
+ // or settings's global object's associated Document's active sandboxing flag
+ // set does not have its sandboxed scripts browsing context flag set.
+ !self.has_active_sandboxing_flag(
+ SandboxingFlagSet::SANDBOXED_SCRIPTS_BROWSING_CONTEXT_FLAG,
+ )
}
/// Return the element that currently has focus.
@@ -3365,7 +3365,6 @@ impl Document {
deferred_scripts: Default::default(),
asap_in_order_scripts_list: Default::default(),
asap_scripts_set: Default::default(),
- scripting_enabled: has_browsing_context,
animation_frame_ident: Cell::new(0),
animation_frame_list: DomRefCell::new(VecDeque::new()),
running_animation_callbacks: Cell::new(false),
diff --git a/components/script/dom/eventtarget.rs b/components/script/dom/eventtarget.rs
index b35c1bf6a58..1ffc1e59707 100644
--- a/components/script/dom/eventtarget.rs
+++ b/components/script/dom/eventtarget.rs
@@ -720,7 +720,7 @@ impl EventTarget {
};
// Step 3.2
- if !document.is_scripting_enabled() {
+ if !document.scripting_enabled() {
return None;
}
diff --git a/components/script/dom/html/htmlscriptelement.rs b/components/script/dom/html/htmlscriptelement.rs
index ddd98330179..8921dc9fa5b 100644
--- a/components/script/dom/html/htmlscriptelement.rs
+++ b/components/script/dom/html/htmlscriptelement.rs
@@ -688,7 +688,7 @@ impl HTMLScriptElement {
}
// Step 17. If scripting is disabled for el, then return.
- if !doc.is_scripting_enabled() {
+ if !doc.scripting_enabled() {
return;
}
@@ -1093,7 +1093,7 @@ impl HTMLScriptElement {
// TODO use a settings object rather than this element's document/window
// Step 2
let document = self.owner_document();
- if !document.is_fully_active() || !document.is_scripting_enabled() {
+ if !document.is_fully_active() || !document.scripting_enabled() {
return;
}
@@ -1130,7 +1130,7 @@ impl HTMLScriptElement {
// TODO use a settings object rather than this element's document/window
// Step 2
let document = self.owner_document();
- if !document.is_fully_active() || !document.is_scripting_enabled() {
+ if !document.is_fully_active() || !document.scripting_enabled() {
return;
}
diff --git a/tests/wpt/meta/MANIFEST.json b/tests/wpt/meta/MANIFEST.json
index bc5552f1cb4..d998116bafe 100644
--- a/tests/wpt/meta/MANIFEST.json
+++ b/tests/wpt/meta/MANIFEST.json
@@ -5070,7 +5070,9 @@
"545f2919b55ffe31f942e547d5299c00ee89d715",
[
null,
- {}
+ {
+ "testdriver": true
+ }
]
],
"table-col-and-dead-row-group-crash.html": [
@@ -8076,7 +8078,9 @@
"63111d03e3fab4673ec4d14cff6ad5737fd4f39c",
[
null,
- {}
+ {
+ "testdriver": true
+ }
]
]
}
@@ -8259,7 +8263,9 @@
"39acf9eca17597838a4eec54f31d70be3f9abbb7",
[
null,
- {}
+ {
+ "testdriver": true
+ }
]
]
},
@@ -9121,7 +9127,9 @@
"24bb1ca19e11c516299d8b7cc6ceae21ec981566",
[
null,
- {}
+ {
+ "testdriver": true
+ }
]
]
}
@@ -10320,7 +10328,9 @@
"853884b99301e22383e0fd0936cf154beab5e93e",
[
null,
- {}
+ {
+ "testdriver": true
+ }
]
]
},
@@ -38416,7 +38426,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
]
}
@@ -196055,7 +196067,7 @@
"grid-items-relative-positioned-containing-block-001.html": [
"7683e485c05caea40361416bc533dc95fbfcd837",
[
- "css/css-grid/grid-items/grid-items-relative-positioned-containing-block-001.html",
+ null,
[
[
"/css/reference/ref-filled-green-100px-square.xht",
@@ -196068,7 +196080,7 @@
"grid-items-relative-positioned-containing-block-002.html": [
"1e7a754f74da30e327feb06e05527012d1a3917d",
[
- "css/css-grid/grid-items/grid-items-relative-positioned-containing-block-002.html",
+ null,
[
[
"/css/reference/ref-filled-green-100px-square.xht",
@@ -196081,7 +196093,7 @@
"grid-items-relative-positioned-containing-block-003.html": [
"be0305181914e9b872d0ef1bdc801f974c5918f7",
[
- "css/css-grid/grid-items/grid-items-relative-positioned-containing-block-003.html",
+ null,
[
[
"/css/reference/ref-filled-green-100px-square.xht",
@@ -196094,7 +196106,7 @@
"grid-items-relative-positioned-containing-block-004.html": [
"61d50a10c10290b55a7439d6b59528f01accc4bf",
[
- "css/css-grid/grid-items/grid-items-relative-positioned-containing-block-004.html",
+ null,
[
[
"/css/reference/ref-filled-green-100px-square.xht",
@@ -196107,7 +196119,7 @@
"grid-items-relative-positioned-containing-block-005.html": [
"4473cb8d2ba4ea847669cde34ce10e27e6bfb001",
[
- "css/css-grid/grid-items/grid-items-relative-positioned-containing-block-005.html",
+ null,
[
[
"/css/reference/ref-filled-green-100px-square.xht",
@@ -196120,7 +196132,7 @@
"grid-items-relative-positioned-containing-block-006.html": [
"79350eac516f2850545a6446f570c6c7778a4e3b",
[
- "css/css-grid/grid-items/grid-items-relative-positioned-containing-block-006.html",
+ null,
[
[
"/css/reference/ref-filled-green-100px-square.xht",
@@ -197559,7 +197571,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
],
"grid-layout-stale-002.html": [
@@ -197572,7 +197586,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
],
"grid-margins-no-collapse-001.html": [
@@ -246133,7 +246149,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
],
"interaction-with-placeholder.html": [
@@ -278427,7 +278445,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
]
},
@@ -312839,7 +312859,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
],
"hit-test-unrelated-element.html": [
@@ -312852,7 +312874,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
],
"iframe-and-main-frame-transition-new-main-new-iframe.html": [
@@ -344798,7 +344822,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
],
"root-siblings.html": [
@@ -346752,7 +346778,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
],
"backdrop-inherit.html": [
@@ -346765,7 +346793,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
],
"backdrop-object.html": [
@@ -346793,7 +346823,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
]
}
@@ -359365,7 +359397,7 @@
"input-date-content-size.html": [
"d026771f3c89c736b397db6a10c15fde5d73a3a8",
[
- "html/rendering/widgets/input-date-content-size.html",
+ null,
[
[
"/html/rendering/widgets/input-date-content-size-ref.html",
@@ -359456,7 +359488,7 @@
"input-time-content-size.html": [
"4a378f6923a8910b96f8afa84125a8fbac4a5d05",
[
- "html/rendering/widgets/input-time-content-size.html",
+ null,
[
[
"/html/rendering/widgets/input-time-content-size-ref.html",
@@ -365315,7 +365347,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
],
"testdriver-in-ref.html": [
@@ -365341,7 +365375,9 @@
"=="
]
],
- {}
+ {
+ "testdriver": true
+ }
]
]
},
@@ -404513,6 +404549,14 @@
},
"sandbox": {
"support": {
+ "autoplay.html": [
+ "62d0adc3d204f2df9337bf30343591bfb1958e67",
+ []
+ ],
+ "autoplay.html.headers": [
+ "09e65834224c8b917d0a6a2fae17f79ff251fcb6",
+ []
+ ],
"empty.html": [
"e69de29bb2d1d6434b8b29ae775ad8c2e48c5391",
[]
@@ -404537,6 +404581,18 @@
"c7e4e7cc5bd3fa25851c1e26c3c04eb95050d94b",
[]
],
+ "sandboxed-last-directive-csp.headers": [
+ "371abe3b936e686c901cc9f6f366b8c68e6f3f8b",
+ []
+ ],
+ "sandboxed-last-directive-csp.html": [
+ "9480e521de21ef930674721de943f96e1fd1219a",
+ []
+ ],
+ "sandboxed-post-message-to-parent.headers": [
+ "0368ae01896a2cadb6019ab2c1eb5346d9c3b764",
+ []
+ ],
"sandboxed-post-message-to-parent.html": [
"ef4b1a0b95a7e00275c423d49dd28f98545950d3",
[]
@@ -582583,6 +582639,13 @@
]
},
"sandbox": {
+ "autoplay-disabled-by-csp.html": [
+ "1d1ed0e50b7182ed0d1f8ab7d1b7c7b98e709030",
+ [
+ null,
+ {}
+ ]
+ ],
"iframe-inside-csp.sub.html": [
"cd402bdba0198bf763e1733004c2005614b9a542",
[
@@ -582619,7 +582682,14 @@
]
],
"sandbox-empty.sub.html": [
- "47034710203a1fb8a3326cd7c8d8367166837628",
+ "47c3aa1e3657cf2eb5acfeb06bd1936b6e117d0f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "sandbox-last-directive-csp.html": [
+ "b4b2cdbe3296dff091594f73dafb4f4791e5ca72",
[
null,
{}
@@ -762513,7 +762583,12 @@
"5b05e2374e2b4b451a0f98eabd36a6e72a03f933",
[
null,
- {}
+ {
+ "testdriver": true,
+ "testdriver_features": [
+ "bidi"
+ ]
+ }
]
]
}
@@ -762745,6 +762820,9 @@
"script",
"/resources/testdriver.js?feature=bidi"
]
+ ],
+ "testdriver_features": [
+ "bidi"
]
}
]
diff --git a/tests/wpt/meta/content-security-policy/sandbox/sandbox-empty.sub.html.ini b/tests/wpt/meta/content-security-policy/sandbox/sandbox-empty.sub.html.ini
new file mode 100644
index 00000000000..d9a90039a88
--- /dev/null
+++ b/tests/wpt/meta/content-security-policy/sandbox/sandbox-empty.sub.html.ini
@@ -0,0 +1,3 @@
+[sandbox-empty.sub.html]
+ [Expecting logs: ["PASS2"\]]
+ expected: FAIL
diff --git a/tests/wpt/meta/trusted-types/trusted-types-sandbox-no-allow-scripts.html.ini b/tests/wpt/meta/trusted-types/trusted-types-sandbox-no-allow-scripts.html.ini
deleted file mode 100644
index b608e9999bc..00000000000
--- a/tests/wpt/meta/trusted-types/trusted-types-sandbox-no-allow-scripts.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[trusted-types-sandbox-no-allow-scripts.html]
- [Trusted Types CSP directives don't affect the behavior of sandboxed page without allow-scripts.]
- expected: FAIL
diff --git a/tests/wpt/tests/content-security-policy/sandbox/autoplay-disabled-by-csp.html b/tests/wpt/tests/content-security-policy/sandbox/autoplay-disabled-by-csp.html
new file mode 100644
index 00000000000..1d1ed0e50b7
--- /dev/null
+++ b/tests/wpt/tests/content-security-policy/sandbox/autoplay-disabled-by-csp.html
@@ -0,0 +1,29 @@
+
+
+
+
+ Test that autoplay is blocked by a document's active sandboxing flags
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/wpt/tests/content-security-policy/sandbox/sandbox-empty.sub.html b/tests/wpt/tests/content-security-policy/sandbox/sandbox-empty.sub.html
index 47034710203..47c3aa1e365 100644
--- a/tests/wpt/tests/content-security-policy/sandbox/sandbox-empty.sub.html
+++ b/tests/wpt/tests/content-security-policy/sandbox/sandbox-empty.sub.html
@@ -18,7 +18,7 @@
}
-
diff --git a/tests/wpt/tests/content-security-policy/sandbox/sandbox-last-directive-csp.html b/tests/wpt/tests/content-security-policy/sandbox/sandbox-last-directive-csp.html
new file mode 100644
index 00000000000..b4b2cdbe329
--- /dev/null
+++ b/tests/wpt/tests/content-security-policy/sandbox/sandbox-last-directive-csp.html
@@ -0,0 +1,18 @@
+
+