Add test for importing a srcdoc attribute node from a non-TT realm to a TT iframe element throws
#44323
Conversation
|
Stumbled on #44352, which either needs to be fixed or worked around. |
wpt-pr-bot
added
accessibility
assets
attribution-reporting
ci
console
credential-management
css-anchor-position
css-animations
css-backgrounds
css-cascade
css-color
css-contain
css-display
css-flexbox
css-grid
css-overflow
css-page
css-position
css-scroll-snap
css-text
css-text-decor
css-transitions
css-ui
css-values
css-view-transitions
labels
| <body> | ||
| <div id="nonSVGTestElements"> | ||
| <iframe srcdoc="v"></iframe> | ||
| <embed src="v"> |
There was a problem hiding this comment.
For embed and object the expectation needs to be different right, per recent events?
There was a problem hiding this comment.
Presumably you refer to w3c/trusted-types#486? Yes. Presumably more tests will have to be adapted; it seems cleaner to do that collectively in w3c/trusted-types#486.
There was a problem hiding this comment.
Yeah I'm planning to go through the test suite and probably just removing most references to embed and object. With potentially one left to make sure that they're not enforcing TT restrictions.
So feel free to just not add them to this test, or to add them and I can remove them them in my PR.
There was a problem hiding this comment.
Just to loop back here I've started WebKit/WebKit#26554
So it would be best if no new usages of embed or object were added.
Indeed not obvious. The throwing stems from: whatwg/dom#1247 (diff: https://whatpr.org/dom/1247/6a9b5a2...10ce041.html) which invokes https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation. |
trusted-types/block-string-assignment-to-Element-setAttributeNode.html
Outdated
Show resolved
Hide resolved
mbrodesser-Igalia
force-pushed
the
TrustedTypesSpec_425_import_srcdoc_attr_node_which_throws
branch
from
9af8771 to
9839909
Compare
trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html
Show resolved
Hide resolved
…to a TT iframe element throws First step to fix <w3c/trusted-types#425>. Will add separate commits for the other tests requested at above ticket.
…l> and further simplify it
…s created in a non-TT enforcing realm are imported to a TT-enforcing realm See <https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation>. This excludes tests for <https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-event-handler-content-attributes> which will have to be added once that part of the spec is propagated to the HTML spec. The remaining tests mentioned at <w3c/trusted-types#425 (comment)> will be added in separate commits.
…ment`'s and `sourceAttr`s realms differ
…e element's node document's global's CSP Requires web-platform-tests#45405 to be fixed.
mbrodesser-Igalia
force-pushed
the
TrustedTypesSpec_425_import_srcdoc_attr_node_which_throws
branch
from
9839909 to
dfd95a9
Compare
I don't know how relevant that scenario is. @koto: any experience with that? |
|
It's relevant for ensuring the specification is implemented correctly. |
True; but is that scenario actually relevant in practice? |
|
That does not matter for conformance tests. The whole point is that we can't know what websites might do and might rely on. |
Agreed. Added w3c/trusted-types#425 (comment) so that another test will be added. |
|
@annevk: can you please merge this test, I lack rights. |
First step to fix w3c/trusted-types#425.
Will add separate commits for the other tests requested at above ticket.