From ef2e647c56818f01a06ccca17974b9dad99df43b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Wang?= Date: Thu, 28 Nov 2024 09:21:58 +0000 Subject: [PATCH] Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug See https://github.com/whatwg/dom/pull/1268 https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute Differential Revision: https://phabricator.services.mozilla.com/D227943 --- dom/base/Element.cpp | 74 ++++ dom/base/Element.h | 17 + .../trusted-types/TrustedTypeUtils.cpp | 87 +++++ dom/security/trusted-types/TrustedTypeUtils.h | 8 + dom/webidl/Element.webidl | 7 +- .../GlobalEventHandlers-onclick.html.ini | 6 - ...ePolicyFactory-metadata.tentative.html.ini | 36 -- ...ssignment-to-Element-setAttribute.html.ini | 24 -- ...ignment-to-Element-setAttributeNS.html.ini | 3 - .../trusted-types-event-handlers.html.ini | 331 +----------------- ...trusted-types-svg-script-set-href.html.ini | 6 - 11 files changed, 203 insertions(+), 396 deletions(-) delete mode 100644 testing/web-platform/meta/trusted-types/GlobalEventHandlers-onclick.html.ini delete mode 100644 testing/web-platform/meta/trusted-types/TrustedTypePolicyFactory-metadata.tentative.html.ini delete mode 100644 testing/web-platform/meta/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.ini diff --git a/dom/base/Element.cpp b/dom/base/Element.cpp index ea1357b23763e..d8d3a4efaf2ec 100644 --- a/dom/base/Element.cpp +++ b/dom/base/Element.cpp @@ -1674,6 +1674,80 @@ already_AddRefed Element::CreateDevtoolsPrincipal() { return dtPrincipal.forget(); } +void Element::SetAttribute( + const nsAString& aName, + const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aValue, + nsIPrincipal* aTriggeringPrincipal, ErrorResult& aError) { + aError = nsContentUtils::CheckQName(aName, false); + if (aError.Failed()) { + return; + } + + nsAutoString nameToUse; + const nsAttrName* name = InternalGetAttrNameFromQName(aName, &nameToUse); + if (!name) { + RefPtr nameAtom = NS_AtomizeMainThread(nameToUse); + Maybe compliantStringHolder; + const nsAString* compliantString = + TrustedTypeUtils::GetTrustedTypesCompliantAttributeValue( + *this, nameAtom, kNameSpaceID_None, aValue, compliantStringHolder, + aError); + if (aError.Failed()) { + return; + } + aError = SetAttr(kNameSpaceID_None, nameAtom, *compliantString, + aTriggeringPrincipal, true); + return; + } + + Maybe compliantStringHolder; + RefPtr attributeName = name->LocalName(); + nsMutationGuard guard; + const nsAString* compliantString = + TrustedTypeUtils::GetTrustedTypesCompliantAttributeValue( + *this, attributeName, name->NamespaceID(), aValue, + compliantStringHolder, aError); + if (aError.Failed()) { + return; + } + if (!guard.Mutated(0)) { + aError = SetAttr(name->NamespaceID(), name->LocalName(), name->GetPrefix(), + *compliantString, aTriggeringPrincipal, true); + return; + } + + // GetTrustedTypesCompliantAttributeValue may have modified mAttrs and made + // the result of InternalGetAttrNameFromQName above invalid. It may now return + // a different value, perhaps a nullptr. To be safe, just call the version of + // Element::SetAttribute accepting a string value. + SetAttribute(aName, *compliantString, aTriggeringPrincipal, aError); +} + +void Element::SetAttributeNS( + const nsAString& aNamespaceURI, const nsAString& aQualifiedName, + const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aValue, + nsIPrincipal* aTriggeringPrincipal, ErrorResult& aError) { + RefPtr ni; + aError = nsContentUtils::GetNodeInfoFromQName( + aNamespaceURI, aQualifiedName, mNodeInfo->NodeInfoManager(), + ATTRIBUTE_NODE, getter_AddRefs(ni)); + if (aError.Failed()) { + return; + } + + Maybe compliantStringHolder; + RefPtr attributeName = ni->NameAtom(); + const nsAString* compliantString = + TrustedTypeUtils::GetTrustedTypesCompliantAttributeValue( + *this, attributeName, ni->NamespaceID(), aValue, + compliantStringHolder, aError); + if (aError.Failed()) { + return; + } + aError = SetAttr(ni->NamespaceID(), ni->NameAtom(), ni->GetPrefixAtom(), + *compliantString, aTriggeringPrincipal, true); +} + void Element::SetAttributeDevtools(const nsAString& aName, const nsAString& aValue, ErrorResult& aError) { diff --git a/dom/base/Element.h b/dom/base/Element.h index de41c2f85cbd6..fb40fc78bc9f9 100644 --- a/dom/base/Element.h +++ b/dom/base/Element.h @@ -235,6 +235,7 @@ class Grid; class OwningTrustedHTMLOrNullIsEmptyString; class TrustedHTML; class TrustedHTMLOrNullIsEmptyString; +class TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString; // IID for the dom::Element interface #define NS_ELEMENT_IID \ @@ -1253,6 +1254,22 @@ class Element : public FragmentOrElement { ErrorResult& aError) { SetAttribute(aName, aValue, nullptr, aError); } + + MOZ_CAN_RUN_SCRIPT void SetAttribute( + const nsAString& aName, + const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aValue, + nsIPrincipal* aTriggeringPrincipal, ErrorResult& aError); + MOZ_CAN_RUN_SCRIPT void SetAttributeNS( + const nsAString& aNamespaceURI, const nsAString& aLocalName, + const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aValue, + nsIPrincipal* aTriggeringPrincipal, ErrorResult& aError); + MOZ_CAN_RUN_SCRIPT void SetAttribute( + const nsAString& aName, + const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aValue, + ErrorResult& aError) { + SetAttribute(aName, aValue, nullptr, aError); + } + /** * This method creates a principal that subsumes this element's NodePrincipal * and which has flags set for elevated permissions that devtools needs to diff --git a/dom/security/trusted-types/TrustedTypeUtils.cpp b/dom/security/trusted-types/TrustedTypeUtils.cpp index 3ee29be212a6f..5c679bd8e0a80 100644 --- a/dom/security/trusted-types/TrustedTypeUtils.cpp +++ b/dom/security/trusted-types/TrustedTypeUtils.cpp @@ -18,6 +18,7 @@ #include "mozilla/dom/TrustedScriptURL.h" #include "mozilla/dom/TrustedTypePolicy.h" #include "mozilla/dom/TrustedTypePolicyFactory.h" +#include "mozilla/dom/TrustedTypesConstants.h" #include "nsGlobalWindowInner.h" #include "nsLiteralString.h" #include "nsTArray.h" @@ -250,6 +251,10 @@ MOZ_CAN_RUN_SCRIPT inline const nsAString* GetTrustedTypesCompliantString( TrustedScriptOrNullIsEmptyString>) { return aInput.IsNullIsEmptyString(); } + if constexpr (std::is_same_v) { + Unused << aInput; + return true; + } MOZ_ASSERT_UNREACHABLE(); return false; }; @@ -267,6 +272,9 @@ MOZ_CAN_RUN_SCRIPT inline const nsAString* GetTrustedTypesCompliantString( TrustedScriptOrNullIsEmptyString>) { return &aInput.GetAsNullIsEmptyString(); } + if constexpr (std::is_same_v) { + return aInput; + } MOZ_ASSERT_UNREACHABLE(); return static_cast(&EmptyString()); }; @@ -286,6 +294,10 @@ MOZ_CAN_RUN_SCRIPT inline const nsAString* GetTrustedTypesCompliantString( TrustedScriptURLOrString>) { return aInput.IsTrustedScriptURL(); } + if constexpr (std::is_same_v) { + Unused << aInput; + return false; + } MOZ_ASSERT_UNREACHABLE(); return false; }; @@ -305,6 +317,7 @@ MOZ_CAN_RUN_SCRIPT inline const nsAString* GetTrustedTypesCompliantString( TrustedScriptURLOrString>) { return &aInput.GetAsTrustedScriptURL().mData; } + Unused << aInput; MOZ_ASSERT_UNREACHABLE(); return &EmptyString(); }; @@ -410,6 +423,7 @@ bool GetTrustedTypeDataForAttribute(const nsAtom* aElementName, if (aAttributeNamespaceID == kNameSpaceID_None && aAttributeName == nsGkAtoms::srcdoc) { aTrustedType = TrustedType::TrustedHTML; + aSink.AssignLiteral(u"HTMLIFrameElement srcdoc"); return true; } } else if (aElementName == nsGkAtoms::script) { @@ -417,6 +431,7 @@ bool GetTrustedTypeDataForAttribute(const nsAtom* aElementName, if (aAttributeNamespaceID == kNameSpaceID_None && aAttributeName == nsGkAtoms::src) { aTrustedType = TrustedType::TrustedScriptURL; + aSink.AssignLiteral(u"HTMLScriptElement src"); return true; } } @@ -427,6 +442,7 @@ bool GetTrustedTypeDataForAttribute(const nsAtom* aElementName, aAttributeNamespaceID == kNameSpaceID_XLink) && aAttributeName == nsGkAtoms::href) { aTrustedType = TrustedType::TrustedScriptURL; + aSink.AssignLiteral(u"SVGScriptElement href"); return true; } } @@ -435,4 +451,75 @@ bool GetTrustedTypeDataForAttribute(const nsAtom* aElementName, return false; } +MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue( + const nsINode& aElement, nsAtom* aAttributeName, + int32_t aAttributeNamespaceID, + const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aNewValue, + Maybe& aResultHolder, ErrorResult& aError) { + auto getAsTrustedType = [&aNewValue] { + if (aNewValue.IsTrustedHTML()) { + return &aNewValue.GetAsTrustedHTML().mData; + } + if (aNewValue.IsTrustedScript()) { + return &aNewValue.GetAsTrustedScript().mData; + } + MOZ_ASSERT(aNewValue.IsTrustedScriptURL()); + return &aNewValue.GetAsTrustedScriptURL().mData; + }; + auto getContent = [&aNewValue, &getAsTrustedType] { + return aNewValue.IsString() ? &aNewValue.GetAsString() : getAsTrustedType(); + }; + + if (!StaticPrefs::dom_security_trusted_types_enabled()) { + // A trusted type might've been created before the pref was set to `false`, + // so we cannot assume aNewValue.IsString(). + return getContent(); + } + + // In the common situation of non-data document without any + // require-trusted-types-for directive, we just return immediately. + const NodeInfo* nodeInfo = aElement.NodeInfo(); + Document* ownerDoc = nodeInfo->GetDocument(); + const bool ownerDocLoadedAsData = ownerDoc->IsLoadedAsData(); + if (!ownerDoc->HasPolicyWithRequireTrustedTypesForDirective() && + !ownerDocLoadedAsData) { + return getContent(); + } + + TrustedType expectedType; + nsAutoString sink; + if (!GetTrustedTypeDataForAttribute( + nodeInfo->NameAtom(), nodeInfo->NamespaceID(), aAttributeName, + aAttributeNamespaceID, expectedType, sink)) { + return getContent(); + } + + if ((expectedType == TrustedType::TrustedHTML && aNewValue.IsTrustedHTML()) || + (expectedType == TrustedType::TrustedScript && + aNewValue.IsTrustedScript()) || + (expectedType == TrustedType::TrustedScriptURL && + aNewValue.IsTrustedScriptURL())) { + return getAsTrustedType(); + } + + const nsAString* input = + aNewValue.IsString() ? &aNewValue.GetAsString() : getAsTrustedType(); + switch (expectedType) { + case TrustedType::TrustedHTML: + return GetTrustedTypesCompliantString( + input, sink, kTrustedTypesOnlySinkGroup, aElement, aResultHolder, + aError); + case TrustedType::TrustedScript: + return GetTrustedTypesCompliantString( + input, sink, kTrustedTypesOnlySinkGroup, aElement, aResultHolder, + aError); + case TrustedType::TrustedScriptURL: + return GetTrustedTypesCompliantString( + input, sink, kTrustedTypesOnlySinkGroup, aElement, aResultHolder, + aError); + } + MOZ_ASSERT_UNREACHABLE(); + return nullptr; +} + } // namespace mozilla::dom::TrustedTypeUtils diff --git a/dom/security/trusted-types/TrustedTypeUtils.h b/dom/security/trusted-types/TrustedTypeUtils.h index 708f609dc9ccf..7753374cf5283 100644 --- a/dom/security/trusted-types/TrustedTypeUtils.h +++ b/dom/security/trusted-types/TrustedTypeUtils.h @@ -33,6 +33,7 @@ class TrustedScriptOrString; class TrustedScriptOrNullIsEmptyString; class TrustedScriptURL; class TrustedScriptURLOrString; +class TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString; namespace TrustedTypeUtils { @@ -97,6 +98,13 @@ bool GetTrustedTypeDataForAttribute(const nsAtom* aElementName, TrustedType& aTrustedType, nsAString& aSink); +// https://w3c.github.io/trusted-types/dist/spec/#abstract-opdef-get-trusted-types-compliant-attribute-value +MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue( + const nsINode& aElement, nsAtom* aAttributeName, + int32_t aAttributeNamespaceID, + const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aNewValue, + Maybe& aResultHolder, ErrorResult& aError); + } // namespace TrustedTypeUtils } // namespace dom diff --git a/dom/webidl/Element.webidl b/dom/webidl/Element.webidl index 6280e013bf755..403d0c78b4890 100644 --- a/dom/webidl/Element.webidl +++ b/dom/webidl/Element.webidl @@ -50,9 +50,9 @@ interface Element : Node { [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws] boolean toggleAttribute(DOMString name, optional boolean force); [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws] - undefined setAttribute(DOMString name, DOMString value); + undefined setAttribute(DOMString name, (TrustedType or DOMString) value); [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws] - undefined setAttributeNS(DOMString? namespace, DOMString name, DOMString value); + undefined setAttributeNS(DOMString? namespace, DOMString name, (TrustedType or DOMString) value); [CEReactions, Throws] undefined removeAttribute(DOMString name); [CEReactions, Throws] @@ -417,3 +417,6 @@ partial interface Element { [Pref="dom.webcomponents.shadowdom.declarative.enabled"] DOMString getHTML(optional GetHTMLOptions options = {}); }; + +// https://w3c.github.io/trusted-types/dist/spec/#integrations +typedef (TrustedHTML or TrustedScript or TrustedScriptURL) TrustedType; diff --git a/testing/web-platform/meta/trusted-types/GlobalEventHandlers-onclick.html.ini b/testing/web-platform/meta/trusted-types/GlobalEventHandlers-onclick.html.ini deleted file mode 100644 index 3d8e44fa31b82..0000000000000 --- a/testing/web-platform/meta/trusted-types/GlobalEventHandlers-onclick.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[GlobalEventHandlers-onclick.html] - [a.setAttribute('onclick') sets an unsuitable trusted type.] - expected: FAIL - - [a.setAttribute('click') sets a test string.] - expected: FAIL diff --git a/testing/web-platform/meta/trusted-types/TrustedTypePolicyFactory-metadata.tentative.html.ini b/testing/web-platform/meta/trusted-types/TrustedTypePolicyFactory-metadata.tentative.html.ini deleted file mode 100644 index c067b3af42e0c..0000000000000 --- a/testing/web-platform/meta/trusted-types/TrustedTypePolicyFactory-metadata.tentative.html.ini +++ /dev/null @@ -1,36 +0,0 @@ -[TrustedTypePolicyFactory-metadata.tentative.html] - [Test assignment of string on madeup.setAttribute(onerror,..)] - expected: FAIL - - [Test assignment of TrustedHTML on madeup.setAttribute(onerror,..)] - expected: FAIL - - [Test assignment of TrustedScriptURL on madeup.setAttribute(onerror,..)] - expected: FAIL - - [Test assignment of string on madeup.setAttribute(onclick,..)] - expected: FAIL - - [Test assignment of TrustedHTML on madeup.setAttribute(onclick,..)] - expected: FAIL - - [Test assignment of TrustedScriptURL on madeup.setAttribute(onclick,..)] - expected: FAIL - - [Test assignment of string on b.setAttribute(onerror,..)] - expected: FAIL - - [Test assignment of TrustedHTML on b.setAttribute(onerror,..)] - expected: FAIL - - [Test assignment of TrustedScriptURL on b.setAttribute(onerror,..)] - expected: FAIL - - [Test assignment of string on b.setAttribute(onclick,..)] - expected: FAIL - - [Test assignment of TrustedHTML on b.setAttribute(onclick,..)] - expected: FAIL - - [Test assignment of TrustedScriptURL on b.setAttribute(onclick,..)] - expected: FAIL diff --git a/testing/web-platform/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini b/testing/web-platform/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini index 0df917b86be65..692b035b10410 100644 --- a/testing/web-platform/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini +++ b/testing/web-platform/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini @@ -1,27 +1,3 @@ [block-string-assignment-to-Element-setAttribute.html] - [script.src accepts only TrustedScriptURL] - expected: FAIL - - [iframe.srcdoc accepts only TrustedHTML] - expected: FAIL - - [div.onclick accepts only TrustedScript] - expected: FAIL - - [`Script.prototype.setAttribute.SrC = string` throws.] - expected: FAIL - - [script.src's mutationobservers receive the default policy's value.] - expected: FAIL - - [iframe.srcdoc's mutationobservers receive the default policy's value.] - expected: FAIL - - [div.onclick's mutationobservers receive the default policy's value.] - expected: FAIL - - [div.onclick accepts string and null after default policy was created.] - expected: FAIL - [`script.src = setAttributeNode(embed.src)` with string works.] expected: FAIL diff --git a/testing/web-platform/meta/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.ini b/testing/web-platform/meta/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.ini deleted file mode 100644 index c5bf59b26b129..0000000000000 --- a/testing/web-platform/meta/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[block-string-assignment-to-Element-setAttributeNS.html] - [Blocking non-TrustedScriptURL assignment to works] - expected: FAIL diff --git a/testing/web-platform/meta/trusted-types/trusted-types-event-handlers.html.ini b/testing/web-platform/meta/trusted-types/trusted-types-event-handlers.html.ini index 8c425bcbab42c..e7f37e1b16c7e 100644 --- a/testing/web-platform/meta/trusted-types/trusted-types-event-handlers.html.ini +++ b/testing/web-platform/meta/trusted-types/trusted-types-event-handlers.html.ini @@ -1,331 +1,24 @@ [trusted-types-event-handlers.html] - [Event handler onclick should be blocked.] - expected: FAIL - - [Event handler onchange should be blocked.] - expected: FAIL - - [Event handler onfocus should be blocked.] - expected: FAIL - - [Event handler oNclick should be blocked.] - expected: FAIL - - [Event handler OnClIcK should be blocked.] - expected: FAIL - - [Event handler div.onabort should be blocked.] - expected: FAIL - - [Event handler div.onblur should be blocked.] - expected: FAIL - - [Event handler div.onfocus should be blocked.] - expected: FAIL - - [Event handler div.oncancel should be blocked.] - expected: FAIL - - [Event handler div.onauxclick should be blocked.] - expected: FAIL - - [Event handler div.onbeforeinput should be blocked.] - expected: FAIL - - [Event handler div.onbeforetoggle should be blocked.] - expected: FAIL - - [Event handler div.oncanplay should be blocked.] - expected: FAIL - - [Event handler div.oncanplaythrough should be blocked.] - expected: FAIL - - [Event handler div.onchange should be blocked.] - expected: FAIL - - [Event handler div.onclick should be blocked.] - expected: FAIL - - [Event handler div.onclose should be blocked.] - expected: FAIL - - [Event handler div.oncontentvisibilityautostatechange should be blocked.] - expected: FAIL - - [Event handler div.oncontextmenu should be blocked.] - expected: FAIL - - [Event handler div.oncopy should be blocked.] - expected: FAIL - - [Event handler div.oncuechange should be blocked.] - expected: FAIL - - [Event handler div.oncut should be blocked.] - expected: FAIL - - [Event handler div.ondblclick should be blocked.] - expected: FAIL - - [Event handler div.ondrag should be blocked.] - expected: FAIL - - [Event handler div.ondragend should be blocked.] - expected: FAIL - - [Event handler div.ondragenter should be blocked.] - expected: FAIL - [Event handler div.ondragexit should be blocked.] expected: if release_or_beta: FAIL - [Event handler div.ondragleave should be blocked.] - expected: FAIL - - [Event handler div.ondragover should be blocked.] - expected: FAIL - - [Event handler div.ondragstart should be blocked.] - expected: FAIL - - [Event handler div.ondrop should be blocked.] - expected: FAIL - - [Event handler div.ondurationchange should be blocked.] - expected: FAIL - - [Event handler div.onemptied should be blocked.] - expected: FAIL - - [Event handler div.onended should be blocked.] - expected: FAIL - - [Event handler div.onformdata should be blocked.] - expected: FAIL - - [Event handler div.oninput should be blocked.] - expected: FAIL - - [Event handler div.oninvalid should be blocked.] - expected: FAIL - - [Event handler div.onkeydown should be blocked.] - expected: FAIL - - [Event handler div.onkeypress should be blocked.] - expected: FAIL - - [Event handler div.onkeyup should be blocked.] - expected: FAIL - - [Event handler div.onload should be blocked.] - expected: FAIL - - [Event handler div.onloadeddata should be blocked.] - expected: FAIL - - [Event handler div.onloadedmetadata should be blocked.] - expected: FAIL - - [Event handler div.onloadstart should be blocked.] - expected: FAIL - - [Event handler div.onmousedown should be blocked.] - expected: FAIL - - [Event handler div.onmouseenter should be blocked.] - expected: FAIL - - [Event handler div.onmouseleave should be blocked.] - expected: FAIL - - [Event handler div.onmousemove should be blocked.] - expected: FAIL - - [Event handler div.onmouseout should be blocked.] - expected: FAIL - - [Event handler div.onmouseover should be blocked.] - expected: FAIL - - [Event handler div.onmouseup should be blocked.] - expected: FAIL - - [Event handler div.onwheel should be blocked.] - expected: FAIL - - [Event handler div.onpaste should be blocked.] - expected: FAIL - - [Event handler div.onpause should be blocked.] - expected: FAIL - - [Event handler div.onplay should be blocked.] - expected: FAIL - - [Event handler div.onplaying should be blocked.] - expected: FAIL - - [Event handler div.onprogress should be blocked.] - expected: FAIL - - [Event handler div.onratechange should be blocked.] - expected: FAIL - - [Event handler div.onreset should be blocked.] - expected: FAIL - - [Event handler div.onresize should be blocked.] - expected: FAIL - - [Event handler div.onscroll should be blocked.] - expected: FAIL - - [Event handler div.onscrollend should be blocked.] - expected: FAIL - - [Event handler div.onsecuritypolicyviolation should be blocked.] - expected: FAIL - - [Event handler div.onseeked should be blocked.] - expected: FAIL - - [Event handler div.onseeking should be blocked.] - expected: FAIL - - [Event handler div.onselect should be blocked.] - expected: FAIL - - [Event handler div.onslotchange should be blocked.] - expected: FAIL - - [Event handler div.onstalled should be blocked.] - expected: FAIL - - [Event handler div.onsubmit should be blocked.] - expected: FAIL - - [Event handler div.onsuspend should be blocked.] - expected: FAIL - - [Event handler div.ontimeupdate should be blocked.] - expected: FAIL - - [Event handler div.onvolumechange should be blocked.] - expected: FAIL - - [Event handler div.onwaiting should be blocked.] - expected: FAIL - - [Event handler div.onselectstart should be blocked.] - expected: FAIL - - [Event handler div.onselectionchange should be blocked.] - expected: FAIL - - [Event handler div.ontoggle should be blocked.] - expected: FAIL - - [Event handler div.onpointercancel should be blocked.] - expected: FAIL - - [Event handler div.onpointerdown should be blocked.] - expected: FAIL - - [Event handler div.onpointerup should be blocked.] - expected: FAIL - - [Event handler div.onpointermove should be blocked.] - expected: FAIL - - [Event handler div.onpointerout should be blocked.] - expected: FAIL - - [Event handler div.onpointerover should be blocked.] - expected: FAIL - - [Event handler div.onpointerenter should be blocked.] - expected: FAIL - - [Event handler div.onpointerleave should be blocked.] - expected: FAIL - - [Event handler div.ongotpointercapture should be blocked.] - expected: FAIL - - [Event handler div.onlostpointercapture should be blocked.] - expected: FAIL - - [Event handler div.onmozfullscreenchange should be blocked.] - expected: FAIL - - [Event handler div.onmozfullscreenerror should be blocked.] - expected: FAIL - - [Event handler div.onanimationcancel should be blocked.] - expected: FAIL - - [Event handler div.onanimationend should be blocked.] - expected: FAIL - - [Event handler div.onanimationiteration should be blocked.] - expected: FAIL - - [Event handler div.onanimationstart should be blocked.] - expected: FAIL - - [Event handler div.ontransitioncancel should be blocked.] - expected: FAIL - - [Event handler div.ontransitionend should be blocked.] - expected: FAIL - - [Event handler div.ontransitionrun should be blocked.] - expected: FAIL - - [Event handler div.ontransitionstart should be blocked.] - expected: FAIL - - [Event handler div.onwebkitanimationend should be blocked.] - expected: FAIL - - [Event handler div.onwebkitanimationiteration should be blocked.] - expected: FAIL - - [Event handler div.onwebkitanimationstart should be blocked.] - expected: FAIL - - [Event handler div.onwebkittransitionend should be blocked.] - expected: FAIL - - [Event handler div.onerror should be blocked.] - expected: FAIL - - [Event handler div.onfullscreenchange should be blocked.] - expected: FAIL - - [Event handler div.onfullscreenerror should be blocked.] - expected: FAIL - - [Event handler div.oncontextrestored should be blocked.] - expected: FAIL - - [Event handler div.oncontextlost should be blocked.] - expected: FAIL - [Event handler div.ontouchstart should be blocked.] - expected: FAIL + expected: + if (os == "android"): PASS + FAIL [Event handler div.ontouchend should be blocked.] - expected: FAIL + expected: + if (os == "android"): PASS + FAIL [Event handler div.ontouchmove should be blocked.] - expected: FAIL + expected: + if (os == "android"): PASS + FAIL [Event handler div.ontouchcancel should be blocked.] - expected: FAIL - - [Event handler div.oncontentvisibilityautostatechange should be blocked.] - expected: FAIL + expected: + if (os == "android"): PASS + FAIL diff --git a/testing/web-platform/meta/trusted-types/trusted-types-svg-script-set-href.html.ini b/testing/web-platform/meta/trusted-types/trusted-types-svg-script-set-href.html.ini index 5a581f61df97c..497082247d21b 100644 --- a/testing/web-platform/meta/trusted-types/trusted-types-svg-script-set-href.html.ini +++ b/testing/web-platform/meta/trusted-types/trusted-types-svg-script-set-href.html.ini @@ -1,9 +1,3 @@ [trusted-types-svg-script-set-href.html] [Assign string to SVGScriptElement.href.baseVal.] expected: FAIL - - [Assign string to non-attached SVGScriptElement.href via setAttribute.] - expected: FAIL - - [Assign string to attached SVGScriptElement.href via setAttribute.] - expected: FAIL