| commit | c8f17a8f155c9ca5e54f5f4a4379b85fbc98faa4 | |
| author | Daniel Vogelheim <vogelheim@chromium.org> | |
| Mon, 4 Oct 2021 23:19:52 +0000 (4 23:19 +0000) | ||
| committer | moz-wptsync-bot <wptsync@mozilla.com> | |
| Tue, 5 Oct 2021 12:49:14 +0000 (5 12:49 +0000) | ||
| tree | 7091a5135a5093ad25b0810640828afb29b654f7 | treesnapshot (tar.gz zip) |
| parent | 7740d2340fb688ecdeb9510cfcccbf6d8ad01b5c | commitdiff |
Bug 1733637 [wpt PR 31038] - [Trusted Types] Ensure execCommand('insertHTML') is TT-safe., a=testonly
Automatic update from web-platform-tests
[Trusted Types] Ensure execCommand('insertHTML') is TT-safe.
Trusted Types protects against XSS by providing a configurable boundary
for HTML insertion into the DOM. execCommand with the "insertHTML" command
works around these. This introduces Trusted Types check for
execCommand("insertHTML") that are the exact equivalent of element.innerHTML.
Tests ensure that - if TT is not enabled - execCommand will work as before.
Tests also ensure that - if TT is enabled - execCommand with "insertHTML"
will obey TT policies and the default policy, while other sub-commands will
continue to work as before.
Bug: 1230567
Change-Id: Iaa50b01bec4061f53b6d66b0b21f63527f2b71a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3048161
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Xiaocheng Hu <xiaochengh@chromium.org>
Reviewed-by: Yoshifumi Inoue <yosin@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/main@{#927214}
--
wpt-commits: 6845f354669aa111382345334454382c8249a799
wpt-pr: 31038
Automatic update from web-platform-tests
[Trusted Types] Ensure execCommand('insertHTML') is TT-safe.
Trusted Types protects against XSS by providing a configurable boundary
for HTML insertion into the DOM. execCommand with the "insertHTML" command
works around these. This introduces Trusted Types check for
execCommand("insertHTML") that are the exact equivalent of element.innerHTML.
Tests ensure that - if TT is not enabled - execCommand will work as before.
Tests also ensure that - if TT is enabled - execCommand with "insertHTML"
will obey TT policies and the default policy, while other sub-commands will
continue to work as before.
Bug: 1230567
Change-Id: Iaa50b01bec4061f53b6d66b0b21f63527f2b71a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3048161
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Xiaocheng Hu <xiaochengh@chromium.org>
Reviewed-by: Yoshifumi Inoue <yosin@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/main@{#927214}
--
wpt-commits: 6845f354669aa111382345334454382c8249a799
wpt-pr: 31038
| testing/web-platform/tests/trusted-types/Document-execCommand.tentative.html | [new file with mode: 0644] | blob |
| testing/web-platform/tests/trusted-types/block-Document-execCommand.tentative.html | [new file with mode: 0644] | blob |