corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Bug 1959727 - Add the sanitizer option to setHTMLUnsafe. r=emilio" for causing wpt failures in Document-parseHTMLUnsafe.html

Browse Source 
This reverts commit 1faeaa00f5.

Revert "Bug 1959727 - Implement ShadowRoot.setHTML and share more code. r=emilio"

This reverts commit 3a84b03088.

Revert "Bug 1959727 - Add the sanitizer option to parseHTMLUnsafe. r=emilio" for causing wpt failures in Document-parseHTMLUnsafe.html

This reverts commit 17ced5ec89.
This commit is contained in:
Cristian Tuns
2025-05-07 21:07:41 -04:00
committed by ctuns@mozilla.com
parent a0e2441c5a
commit 1beaa4e22e
17 changed files with 198 additions and 296 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
dom/base/Document.cpp
View File

@@ -20265,11 +20265,7 @@ static already_AddRefed<Document> CreateHTMLDocument(GlobalObject& aGlobal,
/* static */
already_AddRefed<Document> Document::ParseHTMLUnsafe(
GlobalObject& aGlobal, const TrustedHTMLOrString& aHTML,
const SetHTMLUnsafeOptions& aOptions, nsIPrincipal* aSubjectPrincipal,
ErrorResult& aError) {
// Step 1. Let compliantHTML be the result of invoking the Get Trusted Type
// compliant string algorithm with TrustedHTML, thiss relevant global object,
// html, "Document parseHTMLUnsafe", and "script".
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) {
nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
constexpr nsLiteralString sink = u"Document parseHTMLUnsafe"_ns;
Maybe<nsAutoString> compliantStringHolder;
@@ -20281,50 +20277,16 @@ already_AddRefed<Document> Document::ParseHTMLUnsafe(
return nullptr;
}
// TODO: Always initialize the sanitizer.
bool sanitize = aOptions.mSanitizer.WasPassed();
// Step 2. Let document be a new Document, whose content type is "text/html".
// Step 3. Set documents allow declarative shadow roots to true.
// TODO: Figure out if we can always loadAsData.
RefPtr<Document> doc =
CreateHTMLDocument(aGlobal, /* aLoadedAsData */ sanitize, aError);
RefPtr<Document> doc = CreateHTMLDocument(aGlobal, false, aError);
if (aError.Failed()) {
return nullptr;
}
// Step 4. Parse HTML from a string given document and compliantHTML.
// TODO(bug 1960845): Investigate the behavior around <noscript> with
// parseHTML
aError = nsContentUtils::ParseDocumentHTML(
*compliantString, doc,
/* aScriptingEnabledForNoscriptParsing */ !sanitize);
aError = nsContentUtils::ParseDocumentHTML(*compliantString, doc, false);
if (aError.Failed()) {
return nullptr;
}
if (sanitize) {
// Step 5. Let sanitizer be the result of calling get a sanitizer instance
// from options with options and false.
nsCOMPtr<nsIGlobalObject> global =
do_QueryInterface(aGlobal.GetAsSupports());
RefPtr<Sanitizer> sanitizer = Sanitizer::GetInstance(
global, aOptions.mSanitizer.Value(), true, aError);
if (aError.Failed()) {
return nullptr;
}
// Step 6. Call sanitize on documents root node with sanitizer and false.
nsCOMPtr<nsINode> root = doc->GetRootElement();
MOZ_DIAGNOSTIC_ASSERT(root,
"HTML parser should have create the <html> root");
sanitizer->Sanitize(root, /* aSafe */ true, aError);
if (aError.Failed()) {
return nullptr;
}
}
// Step 7. Return document.
return doc.forget();
}
@@ -20336,8 +20298,7 @@ already_AddRefed<Document> Document::ParseHTML(GlobalObject& aGlobal,
ErrorResult& aError) {
// Step 1. Let document be a new Document, whose content type is "text/html".
// Step 2. Set documents allow declarative shadow roots to true.
RefPtr<Document> doc =
CreateHTMLDocument(aGlobal, /* aLoadedAsData */ true, aError);
RefPtr<Document> doc = CreateHTMLDocument(aGlobal, true, aError);
if (aError.Failed()) {
return nullptr;
}

3
dom/base/Document.h
View File

@@ -5619,8 +5619,7 @@ class Document : public nsINode,
MOZ_CAN_RUN_SCRIPT static already_AddRefed<Document> ParseHTMLUnsafe(
GlobalObject& aGlobal, const TrustedHTMLOrString& aHTML,
const SetHTMLUnsafeOptions& aOptions, nsIPrincipal* aSubjectPrincipal,
ErrorResult& aError);
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
static already_AddRefed<Document> ParseHTML(GlobalObject& aGlobal,
const nsAString& aHTML,

128
dom/base/Element.cpp
View File

@@ -5327,9 +5327,125 @@ void Element::RegUnRegAccessKey(bool aDoReg) {
}
}
void Element::SetHTML(const nsAString& aHTML, const SetHTMLOptions& aOptions,
ErrorResult& aError) {
nsContentUtils::SetHTML(this, this, aHTML, aOptions, aError);
// https://wicg.github.io/sanitizer-api/#shadowroot-sethtml
void Element::SetHTML(const nsAString& aInnerHTML,
const SetHTMLOptions& aOptions, ErrorResult& aError) {
// Step 1. Set and filter HTML using this (as target), this (as context
// element), html, options, and true.
// https://wicg.github.io/sanitizer-api/#set-and-filter-html
// Step 1. If safe and contextElements local name is "script" and
// contextElements namespace is the HTML namespace or the SVG namespace, then
// return.
if (IsHTMLElement(nsGkAtoms::script) || IsSVGElement(nsGkAtoms::script)) {
nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns,
OwnerDoc(), nsContentUtils::eDOM_PROPERTIES,
"SetHTMLScript");
return;
}
// Step 2. Let sanitizer be the result of calling get a sanitizer instance
// from options with options and safe.
nsCOMPtr<nsIGlobalObject> global = GetOwnerGlobal();
if (!global) {
aError.ThrowInvalidStateError("Missing owner global.");
return;
}
RefPtr<Sanitizer> sanitizer =
Sanitizer::GetInstance(global, aOptions.mSanitizer, true, aError);
if (aError.Failed()) {
return;
}
// Keep "this" alive should be guaranteed by the caller, and also the content
// of a template element (if this is one) should never been released from this
// during this call. Therefore, using raw pointer here is safe.
FragmentOrElement* target = this;
// Handle template case.
if (target->IsTemplateElement()) {
DocumentFragment* frag =
static_cast<HTMLTemplateElement*>(target)->Content();
MOZ_ASSERT(frag);
target = frag;
}
// TODO: Avoid parsing and implement a fast-path for non-markup input,
// Filed as bug 1731215.
// mozAutoSubtreeModified keeps the owner document alive. Therefore, using a
// raw pointer here is safe.
Document* const doc = target->OwnerDoc();
// Batch possible DOMSubtreeModified events.
mozAutoSubtreeModified subtree(doc, nullptr);
target->FireNodeRemovedForChildren();
// Needed when innerHTML is used in combination with contenteditable
mozAutoDocUpdate updateBatch(doc, true);
// Remove childnodes.
nsAutoMutationBatch mb(target, true, false);
target->RemoveAllChildren(true);
mb.RemovalDone();
nsAutoScriptLoaderDisabler sld(doc);
FragmentOrElement* parseContext = this;
if (ShadowRoot* shadowRoot = ShadowRoot::FromNode(parseContext)) {
// Fix up the context to be the host of the ShadowRoot. See
// https://w3c.github.io/DOM-Parsing/#dom-innerhtml-innerhtml setter step 1.
parseContext = shadowRoot->GetHost();
}
// Step 3. Let newChildren be the result of the HTML fragment parsing
// algorithm steps given contextElement, html, and true.
// Step 4. Let fragment be a new DocumentFragment whose node document is
// contextElements node document.
// Step 5. For each node in newChildren, append node to fragment.
// We MUST NOT cause any requests during parsing, so we'll
// create an inert Document and parse into a new DocumentFragment.
RefPtr<Document> inertDoc = nsContentUtils::CreateInertHTMLDocument(doc);
if (!inertDoc) {
aError = NS_ERROR_FAILURE;
return;
}
RefPtr<DocumentFragment> fragment = new (inertDoc->NodeInfoManager())
DocumentFragment(inertDoc->NodeInfoManager());
nsAtom* contextLocalName = parseContext->NodeInfo()->NameAtom();
int32_t contextNameSpaceID = parseContext->GetNameSpaceID();
aError = nsContentUtils::ParseFragmentHTML(
aInnerHTML, fragment, contextLocalName, contextNameSpaceID, false, true);
if (aError.Failed()) {
return;
}
// Suppress assertion about node removal mutation events that can't have
// listeners anyway, because no one has had the chance to register
// mutation listeners on the fragment that comes from the parser.
nsAutoScriptBlockerSuppressNodeRemoved scriptBlocker;
int32_t oldChildCount = static_cast<int32_t>(target->GetChildCount());
// Step 6. Run sanitize on fragment using sanitizer and safe.
sanitizer->Sanitize(fragment, /* aSafe */ true, aError);
if (aError.Failed()) {
return;
}
// Step 7. Replace all with fragment within target.
target->AppendChild(*fragment, aError);
if (aError.Failed()) {
return;
}
mb.NodesAdded();
nsContentUtils::FireMutationEventsForDirectParsing(doc, target,
oldChildCount);
}
void Element::GetHTML(const GetHTMLOptions& aOptions, nsAString& aResult) {
@@ -5377,12 +5493,10 @@ EditorBase* Element::GetExtantEditor() const {
}
void Element::SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
const SetHTMLUnsafeOptions& aOptions,
nsIPrincipal* aSubjectPrincipal,
ErrorResult& aError) {
nsContentUtils::SetHTMLUnsafe(this, this, aHTML, aOptions,
false /*aIsShadowRoot*/, aSubjectPrincipal,
aError);
nsContentUtils::SetHTMLUnsafe(this, this, aHTML, false /*aIsShadowRoot*/,
aSubjectPrincipal, aError);
}
// https://html.spec.whatwg.org/#event-beforematch

17
dom/base/Element.h
View File

@@ -119,7 +119,6 @@ struct URLValue;
namespace dom {
struct CheckVisibilityOptions;
struct CustomElementData;
struct SetHTMLUnsafeOptions;
struct SetHTMLOptions;
struct GetHTMLOptions;
struct GetAnimationsOptions;
@@ -1677,15 +1676,8 @@ class Element : public FragmentOrElement {
const TrustedHTMLOrString& aTrustedHTMLOrString,
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
virtual void SetHTML(const nsAString& aInnerHTML,
const SetHTMLOptions& aOptions, ErrorResult& aError);
MOZ_CAN_RUN_SCRIPT
virtual void SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
const SetHTMLUnsafeOptions& aOptions,
nsIPrincipal* aSubjectPrincipal,
ErrorResult& aError);
void SetHTML(const nsAString& aInnerHTML, const SetHTMLOptions& aOptions,
ErrorResult& aError);
void GetHTML(const GetHTMLOptions& aOptions, nsAString& aResult);
//----------------------------------------
@@ -2276,6 +2268,11 @@ class Element : public FragmentOrElement {
virtual bool Translate() const;
MOZ_CAN_RUN_SCRIPT
virtual void SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
nsIPrincipal* aSubjectPrincipal,
ErrorResult& aError);
MOZ_CAN_RUN_SCRIPT
void FireBeforematchEvent(ErrorResult& aRv);

12
dom/base/ShadowRoot.cpp
View File

@@ -884,20 +884,12 @@ nsresult ShadowRoot::Clone(dom::NodeInfo* aNodeInfo, nsINode** aResult) const {
return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
}
void ShadowRoot::SetHTML(const nsAString& aHTML, const SetHTMLOptions& aOptions,
ErrorResult& aError) {
RefPtr<Element> host = GetHost();
nsContentUtils::SetHTML(this, host, aHTML, aOptions, aError);
}
void ShadowRoot::SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
const SetHTMLUnsafeOptions& aOptions,
nsIPrincipal* aSubjectPrincipal,
ErrorResult& aError) {
RefPtr<Element> host = GetHost();
nsContentUtils::SetHTMLUnsafe(this, host, aHTML, aOptions,
true /*aIsShadowRoot*/, aSubjectPrincipal,
aError);
nsContentUtils::SetHTMLUnsafe(this, host, aHTML, true /*aIsShadowRoot*/,
aSubjectPrincipal, aError);
}
void ShadowRoot::GetInnerHTML(

4
dom/base/ShadowRoot.h
View File

@@ -250,12 +250,8 @@ class ShadowRoot final : public DocumentFragment, public DocumentOrShadowRoot {
mIsDeclarative = aIsDeclarative ? Declarative::Yes : Declarative::No;
}
void SetHTML(const nsAString& aInnerHTML, const SetHTMLOptions& aOptions,
ErrorResult& aError);
MOZ_CAN_RUN_SCRIPT
void SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
const SetHTMLUnsafeOptions& aOptions,
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
// @param aInnerHTML will always be of type `NullIsEmptyString`.

123
dom/base/nsContentUtils.cpp
View File

@@ -197,7 +197,6 @@
#include "mozilla/dom/PContentChild.h"
#include "mozilla/dom/PrototypeList.h"
#include "mozilla/dom/ReferrerPolicyBinding.h"
#include "mozilla/dom/Sanitizer.h"
#include "mozilla/dom/ScriptSettings.h"
#include "mozilla/dom/Selection.h"
#include "mozilla/dom/ShadowRoot.h"
@@ -5863,116 +5862,13 @@ uint32_t computeSanitizationFlags(nsIPrincipal* aPrincipal, int32_t aFlags) {
return sanitizationFlags;
}
// https://wicg.github.io/sanitizer-api/#set-and-filter-html
static void SetAndFilterHTML(FragmentOrElement* aTarget, Element* aContext,
const nsAString& aHTML,
const OwningSanitizerOrSanitizerConfigOrSanitizerPresets& aSanitizerOptions,
const bool aSafe, ErrorResult& aError) {
RefPtr<Document> doc = aTarget->OwnerDoc();
// Step 1. If safe and contextElements local name is "script" and
// contextElements namespace is the HTML namespace or the SVG namespace, then
// return.
if (aSafe && (aContext->IsHTMLElement(nsGkAtoms::script) ||
aContext->IsSVGElement(nsGkAtoms::script))) {
nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns, doc,
nsContentUtils::eDOM_PROPERTIES,
"SetHTMLScript");
return;
}
// Step 2. Let sanitizer be the result of calling get a sanitizer instance
// from options with options and safe.
nsCOMPtr<nsIGlobalObject> global = aTarget->GetOwnerGlobal();
if (!global) {
aError.ThrowInvalidStateError("Missing owner global.");
return;
}
RefPtr<Sanitizer> sanitizer =
Sanitizer::GetInstance(global, aSanitizerOptions, aSafe, aError);
if (aError.Failed()) {
return;
}
// Batch possible DOMSubtreeModified events.
mozAutoSubtreeModified subtree(doc, nullptr);
aTarget->FireNodeRemovedForChildren();
// Needed when innerHTML is used in combination with contenteditable
mozAutoDocUpdate updateBatch(doc, true);
// Remove childnodes.
nsAutoMutationBatch mb(aTarget, true, false);
aTarget->RemoveAllChildren(true);
mb.RemovalDone();
nsAutoScriptLoaderDisabler sld(doc);
// Step 3. Let newChildren be the result of the HTML fragment parsing
// algorithm steps given contextElement, html, and true.
// Step 4. Let fragment be a new DocumentFragment whose node document is
// contextElements node document.
// Step 5. For each node in newChildren, append node to fragment.
// We MUST NOT cause any requests during parsing, so we'll
// create an inert Document and parse into a new DocumentFragment.
RefPtr<Document> inertDoc = nsContentUtils::CreateInertHTMLDocument(doc);
if (!inertDoc) {
aError = NS_ERROR_FAILURE;
return;
}
RefPtr<DocumentFragment> fragment = new (inertDoc->NodeInfoManager())
DocumentFragment(inertDoc->NodeInfoManager());
nsAtom* contextLocalName = aContext->NodeInfo()->NameAtom();
int32_t contextNameSpaceID = aContext->GetNameSpaceID();
aError = nsContentUtils::ParseFragmentHTML(aHTML, fragment, contextLocalName,
contextNameSpaceID, false, true);
if (aError.Failed()) {
return;
}
// Suppress assertion about node removal mutation events that can't have
// listeners anyway, because no one has had the chance to register
// mutation listeners on the fragment that comes from the parser.
nsAutoScriptBlockerSuppressNodeRemoved scriptBlocker;
int32_t oldChildCount = static_cast<int32_t>(aTarget->GetChildCount());
// Step 6. Run sanitize on fragment using sanitizer and safe.
sanitizer->Sanitize(fragment, aSafe, aError);
if (aError.Failed()) {
return;
}
// Step 7. Replace all with fragment within target.
aTarget->AppendChild(*fragment, aError);
if (aError.Failed()) {
return;
}
mb.NodesAdded();
nsContentUtils::FireMutationEventsForDirectParsing(doc, aTarget,
oldChildCount);
}
/* static */
void nsContentUtils::SetHTML(FragmentOrElement* aTarget, Element* aContext,
const nsAString& aHTML,
const SetHTMLOptions& aOptions,
ErrorResult& aError) {
SetAndFilterHTML(aTarget, aContext, aHTML, aOptions.mSanitizer,
/* aSafe */ true, aError);
}
/* static */
void nsContentUtils::SetHTMLUnsafe(
FragmentOrElement* aTarget, Element* aContext,
const TrustedHTMLOrString& aSource, const SetHTMLUnsafeOptions& aOptions,
bool aIsShadowRoot, nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) {
void nsContentUtils::SetHTMLUnsafe(FragmentOrElement* aTarget,
Element* aContext,
const TrustedHTMLOrString& aSource,
bool aIsShadowRoot,
nsIPrincipal* aSubjectPrincipal,
ErrorResult& aError) {
constexpr nsLiteralString elementSink = u"Element setHTMLUnsafe"_ns;
constexpr nsLiteralString shadowRootSink = u"ShadowRoot setHTMLUnsafe"_ns;
Maybe<nsAutoString> compliantStringHolder;
@@ -5985,13 +5881,6 @@ void nsContentUtils::SetHTMLUnsafe(
return;
}
// Fallback to the more optimized code below without a sanitizer.
if (aOptions.mSanitizer.WasPassed()) {
return SetAndFilterHTML(aTarget, aContext, *compliantString,
aOptions.mSanitizer.Value(), /* aSafe */ false,
aError);
}
RefPtr<DocumentFragment> fragment;
{
MOZ_ASSERT(!sFragmentParsingActive,

8
dom/base/nsContentUtils.h
View File

@@ -192,8 +192,6 @@ class MessageBroadcaster;
class NodeInfo;
class OwningFileOrUSVStringOrFormData;
class Selection;
struct SetHTMLOptions;
struct SetHTMLUnsafeOptions;
enum class ShadowRootMode : uint8_t;
class ShadowRoot;
struct StructuredSerializeOptions;
@@ -1892,16 +1890,10 @@ class nsContentUtils {
bool aPreventScriptExecution,
mozilla::ErrorResult& aRv);
static void SetHTML(mozilla::dom::FragmentOrElement* aTarget,
Element* aContext, const nsAString& aHTML,
const mozilla::dom::SetHTMLOptions& aOptions,
mozilla::ErrorResult& aError);
MOZ_CAN_RUN_SCRIPT
static void SetHTMLUnsafe(mozilla::dom::FragmentOrElement* aTarget,
Element* aContext,
const mozilla::dom::TrustedHTMLOrString& aSource,
const mozilla::dom::SetHTMLUnsafeOptions& aOptions,
bool aIsShadowRoot, nsIPrincipal* aSubjectPrincipal,
mozilla::ErrorResult& aError);
/**

13
dom/html/HTMLTemplateElement.cpp
View File

@@ -100,21 +100,12 @@ bool HTMLTemplateElement::ParseAttribute(int32_t aNamespaceID,
aMaybeScriptedPrincipal, aResult);
}
void HTMLTemplateElement::SetHTML(const nsAString& aHTML,
const SetHTMLOptions& aOptions,
ErrorResult& aError) {
RefPtr<DocumentFragment> content = mContent;
nsContentUtils::SetHTML(content, this, aHTML, aOptions, aError);
}
void HTMLTemplateElement::SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
const SetHTMLUnsafeOptions& aOptions,
nsIPrincipal* aSubjectPrincipal,
ErrorResult& aError) {
RefPtr<DocumentFragment> content = mContent;
nsContentUtils::SetHTMLUnsafe(content, this, aHTML, aOptions,
false /*aIsShadowRoot*/, aSubjectPrincipal,
aError);
nsContentUtils::SetHTMLUnsafe(content, this, aHTML, false /*aIsShadowRoot*/,
aSubjectPrincipal, aError);
}
} // namespace mozilla::dom

4
dom/html/HTMLTemplateElement.h
View File

@@ -72,12 +72,8 @@ class HTMLTemplateElement final : public nsGenericHTMLElement {
SetHTMLBoolAttr(nsGkAtoms::shadowrootserializable, aValue, aRv);
}
void SetHTML(const nsAString& aInnerHTML, const SetHTMLOptions& aOptions,
ErrorResult& aError) final;
MOZ_CAN_RUN_SCRIPT
void SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
const SetHTMLUnsafeOptions& aOptions,
nsIPrincipal* aSubjectPrincipal,
ErrorResult& aError) final;

2
dom/webidl/Document.webidl
View File

@@ -123,7 +123,7 @@ interface Document : Node {
// https://html.spec.whatwg.org/multipage/dom.html#the-document-object
partial interface Document {
[Throws, NeedsSubjectPrincipal=NonSystem]
static Document parseHTMLUnsafe((TrustedHTML or DOMString) html, optional SetHTMLUnsafeOptions options = {});
static Document parseHTMLUnsafe((TrustedHTML or DOMString) html);
[PutForwards=href, LegacyUnforgeable] readonly attribute Location? location;
[SetterThrows] attribute DOMString domain;

3
dom/webidl/Element.webidl
View File

@@ -405,8 +405,9 @@ dictionary GetHTMLOptions {
partial interface Element {
// https://html.spec.whatwg.org/#dom-element-sethtmlunsafe
/* TODO: optional SetHTMLUnsafeOptions options = {} */
[NeedsSubjectPrincipal=NonSystem, Throws]
undefined setHTMLUnsafe((TrustedHTML or DOMString) html, optional SetHTMLUnsafeOptions options = {});
undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
DOMString getHTML(optional GetHTMLOptions options = {});
};

6
dom/webidl/Sanitizer.webidl
View File

@@ -14,11 +14,11 @@ enum SanitizerPresets { "default" };
dictionary SetHTMLOptions {
(Sanitizer or SanitizerConfig or SanitizerPresets) sanitizer = "default";
};
/*
dictionary SetHTMLUnsafeOptions {
// TODO: = {}; (Using optional to easily detect a missing sanitizer)
[Pref="dom.security.sanitizer.enabled"]
(Sanitizer or SanitizerConfig or SanitizerPresets) sanitizer;
(Sanitizer or SanitizerConfig or SanitizerPresets) sanitizer = {};
};
*/
dictionary SanitizerElementNamespace {
required DOMString name;

8
dom/webidl/ShadowRoot.webidl
View File

@@ -57,16 +57,10 @@ interface ShadowRoot : DocumentFragment
boolean isUAWidget();
};
// Sanitizer API, https://wicg.github.io/sanitizer-api/
partial interface ShadowRoot {
[Throws, Pref="dom.security.sanitizer.enabled"]
undefined setHTML(DOMString aInnerHTML, optional SetHTMLOptions options = {});
};
partial interface ShadowRoot {
// https://html.spec.whatwg.org/#dom-shadowroot-sethtmlunsafe
[NeedsSubjectPrincipal=NonSystem, Throws]
undefined setHTMLUnsafe((TrustedHTML or DOMString) html, optional SetHTMLUnsafeOptions options = {});
undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
DOMString getHTML(optional GetHTMLOptions options = {});
};

99
testing/web-platform/meta/sanitizer-api/sanitizer-basic-filtering.tentative.html.ini
View File

@@ -1,16 +1,46 @@
[sanitizer-basic-filtering.tentative.html]
[setHTMLUnsafe testcase elements/1, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[parseHTML testcase elements/1, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[parseHTMLUnsafe testcase elements/1, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[setHTMLUnsafe testcase elements/2, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[parseHTML testcase elements/2, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[parseHTMLUnsafe testcase elements/2, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[setHTMLUnsafe testcase elements/3, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[parseHTMLUnsafe testcase elements/3, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[setHTMLUnsafe testcase elements/4, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[parseHTMLUnsafe testcase elements/4, "<div><p>Hello <b>World!</b>"]
expected: FAIL
[setHTMLUnsafe testcase attributes/1, "<p id="hello" style="font-weight: bold">x"]
expected: FAIL
[parseHTMLUnsafe testcase attributes/1, "<p id="hello" style="font-weight: bold">x"]
expected: FAIL
[setHTMLUnsafe testcase attributes/2, "<p id="hello" style="font-weight: bold">x"]
expected: FAIL
[parseHTMLUnsafe testcase attributes/2, "<p id="hello" style="font-weight: bold">x"]
expected: FAIL
[setHTMLUnsafe testcase attributes-per-element/0, "<div style="font-weight: bold" class="bourgeoisie">"]
expected: FAIL
@@ -20,12 +50,21 @@
[parseHTMLUnsafe testcase attributes-per-element/0, "<div style="font-weight: bold" class="bourgeoisie">"]
expected: FAIL
[setHTMLUnsafe testcase attributes-per-element/1, "<div style="font-weight: bold" class="bourgeoisie">"]
expected: FAIL
[parseHTML testcase attributes-per-element/1, "<div style="font-weight: bold" class="bourgeoisie">"]
expected: FAIL
[parseHTMLUnsafe testcase attributes-per-element/1, "<div style="font-weight: bold" class="bourgeoisie">"]
expected: FAIL
[setHTMLUnsafe testcase comments/1, "a <!-- comment --> b"]
expected: FAIL
[parseHTMLUnsafe testcase comments/1, "a <!-- comment --> b"]
expected: FAIL
[setHTML testcase dataAttributes/0, "<p data-x="1" data-y="2" data-z="3">"]
expected: FAIL
@@ -50,6 +89,9 @@
[setHTML testcase namespaces/0, "<svg><rect></svg><math><mi>x"]
expected: FAIL
[setHTMLUnsafe testcase namespaces/1, "<svg><rect>"]
expected: FAIL
[parseHTML testcase namespaces/1, "<svg><rect>"]
expected: FAIL
@@ -71,6 +113,9 @@
[parseHTMLUnsafe testcase namespaces/3, "<svg><rect>"]
expected: FAIL
[setHTMLUnsafe testcase namespaces/4, "<math><mi>x"]
expected: FAIL
[parseHTML testcase namespaces/4, "<math><mi>x"]
expected: FAIL
@@ -127,57 +172,3 @@
[setHTML testcase attributes-per-element/0, "<div style="font-weight: bold" class="bourgeoisie">"]
expected: FAIL
[ShadowRoot.setHTML testcase attributes-per-element/0, "<div style="font-weight: bold" class="bourgeoisie">"]
expected: FAIL
[ShadowRoot.setHTMLUnsafe testcase attributes-per-element/0, "<div style="font-weight: bold" class="bourgeoisie">"]
expected: FAIL
[ShadowRoot.setHTML testcase dataAttributes/0, "<p data-x="1" data-y="2" data-z="3">"]
expected: FAIL
[ShadowRoot.setHTMLUnsafe testcase dataAttributes/0, "<p data-x="1" data-y="2" data-z="3">"]
expected: FAIL
[ShadowRoot.setHTML testcase dataAttributes/1, "<p data-x="1" data-y="2" data-z="3">"]
expected: FAIL
[ShadowRoot.setHTMLUnsafe testcase dataAttributes/1, "<p data-x="1" data-y="2" data-z="3">"]
expected: FAIL
[ShadowRoot.setHTML testcase namespaces/0, "<svg><rect></svg><math><mi>x"]
expected: FAIL
[ShadowRoot.setHTML testcase namespaces/3, "<svg><rect>"]
expected: FAIL
[ShadowRoot.setHTMLUnsafe testcase namespaces/3, "<svg><rect>"]
expected: FAIL
[ShadowRoot.setHTML testcase namespaces/6, "<math><mi>x"]
expected: FAIL
[ShadowRoot.setHTMLUnsafe testcase namespaces/6, "<math><mi>x"]
expected: FAIL
[ShadowRoot.setHTML testcase namespaces/8, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">"]
expected: FAIL
[ShadowRoot.setHTMLUnsafe testcase namespaces/8, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">"]
expected: FAIL
[ShadowRoot.setHTML testcase namespaces/9, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">"]
expected: FAIL
[ShadowRoot.setHTMLUnsafe testcase namespaces/9, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">"]
expected: FAIL
[parseHTMLUnsafe testcase namespaces/2, "<svg><rect>"]
expected: FAIL
[parseHTMLUnsafe testcase namespaces/5, "<math><mi>x"]
expected: FAIL
[parseHTMLUnsafe testcase namespaces/7, "<svg xml:space="default" xlink:href="about:blank" xmlns:foo="barspace">"]
expected: FAIL

3
testing/web-platform/meta/sanitizer-api/sanitizer-boolean-defaults.tentative.html.ini
View File

@@ -1,3 +1,6 @@
[sanitizer-boolean-defaults.tentative.html]
[comments]
expected: FAIL
[data attributes]
expected: FAIL

14
testing/web-platform/tests/sanitizer-api/sanitizer-basic-filtering.tentative.html
View File

@@ -273,20 +273,6 @@ for(const group of
div.setHTMLUnsafe(testcase.data, config);
assert_testcase(div, testcase);
}, `setHTMLUnsafe testcase ${group.id}/${index}, "${testcase.data}"`);
test(_ => {
const div = document.createElement("div");
const shadowRoot = div.attachShadow({ mode: "open" });
shadowRoot .setHTML(testcase.data, config);
assert_testcase(shadowRoot, testcase);
}, `ShadowRoot.setHTML testcase ${group.id}/${index}, "${testcase.data}"`);
test(_ => {
const div = document.createElement("div");
const shadowRoot = div.attachShadow({ mode: "open" });
shadowRoot .setHTMLUnsafe(testcase.data, config);
assert_testcase(shadowRoot, testcase);
}, `ShadowRoot.setHTMLUnsafe testcase ${group.id}/${index}, "${testcase.data}"`);
test(_ => {
assert_testcase(
Document.parseHTML(testcase.data, config).body, testcase);