diff --git a/components/config/prefs.rs b/components/config/prefs.rs index d0147357dea..c5682aea2ff 100644 --- a/components/config/prefs.rs +++ b/components/config/prefs.rs @@ -173,6 +173,8 @@ pub struct Preferences { pub dom_permissions_testing_allowed_in_nonsecure_contexts: bool, // feature: ResizeObserver | #39790 | Web/API/ResizeObserver pub dom_resize_observer_enabled: bool, + // feature: Sanitizer API | #43948 | Web/API/HTML_Sanitizer_API + pub dom_sanitizer_enabled: bool, pub dom_script_asynch: bool, // feature: ServiceWorker | #36538 | Web/API/Service_Worker_API pub dom_serviceworker_enabled: bool, @@ -388,6 +390,7 @@ impl Preferences { dom_permissions_enabled: false, dom_permissions_testing_allowed_in_nonsecure_contexts: false, dom_resize_observer_enabled: true, + dom_sanitizer_enabled: false, dom_script_asynch: true, dom_serviceworker_enabled: false, dom_serviceworker_timeout_seconds: 60, diff --git a/components/script/dom/security/mod.rs b/components/script/dom/security/mod.rs index 0e747dc3103..0a621e294c8 100644 --- a/components/script/dom/security/mod.rs +++ b/components/script/dom/security/mod.rs @@ -5,5 +5,6 @@ pub(crate) mod csp; pub(crate) mod csppolicyviolationreport; pub(crate) mod cspviolationreporttask; +pub(crate) mod sanitizer; pub(crate) mod securitypolicyviolationevent; pub(crate) mod xframeoptions; diff --git a/components/script/dom/security/sanitizer.rs b/components/script/dom/security/sanitizer.rs new file mode 100644 index 00000000000..7ec0b9d7484 --- /dev/null +++ b/components/script/dom/security/sanitizer.rs @@ -0,0 +1,111 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +use dom_struct::dom_struct; +use js::context::JSContext; +use js::rust::HandleObject; + +use crate::dom::bindings::cell::DomRefCell; +use crate::dom::bindings::codegen::Bindings::SanitizerBinding::{ + SanitizerConfig, SanitizerMethods, SanitizerPresets, +}; +use crate::dom::bindings::codegen::UnionTypes::SanitizerConfigOrSanitizerPresets; +use crate::dom::bindings::error::{Error, Fallible}; +use crate::dom::bindings::reflector::{Reflector, reflect_dom_object_with_proto_and_cx}; +use crate::dom::bindings::root::DomRoot; +use crate::dom::window::Window; + +#[dom_struct] +pub(crate) struct Sanitizer { + reflector_: Reflector, + /// + configuration: DomRefCell, +} + +impl Sanitizer { + fn new_inherited(configuration: SanitizerConfig) -> Sanitizer { + Sanitizer { + reflector_: Reflector::new(), + configuration: DomRefCell::new(configuration), + } + } + + pub(crate) fn new_with_proto( + cx: &mut JSContext, + window: &Window, + proto: Option, + configuration: SanitizerConfig, + ) -> DomRoot { + reflect_dom_object_with_proto_and_cx( + Box::new(Sanitizer::new_inherited(configuration)), + window, + proto, + cx, + ) + } + + /// + fn set_configuration( + &self, + configuration: SanitizerConfig, + _allow_comments_and_data_attributes: bool, + ) -> bool { + // TODO: + // Step 1. Canonicalize configuration with allowCommentsAndDataAttributes. + + // TODO: + // Step 2. If configuration is not valid, then return false. + + // Step 3. Set sanitizer’s configuration to configuration. + let mut sanitizer_configuration = self.configuration.borrow_mut(); + *sanitizer_configuration = configuration; + + // Step 4. Return true. + true + } +} + +impl SanitizerMethods for Sanitizer { + /// + fn Constructor( + cx: &mut JSContext, + window: &Window, + proto: Option, + configuration: SanitizerConfigOrSanitizerPresets, + ) -> Fallible> { + let configuration = match configuration { + // Step 1. If configuration is a SanitizerPresets string, then: + SanitizerConfigOrSanitizerPresets::SanitizerPresets(configuration) => { + // Step 1.1. Assert: configuration is default. + assert_eq!(configuration, SanitizerPresets::Default); + + // TODO: + // Step 1.2. Set configuration to the built-in safe default configuration. + SanitizerConfig::default() + }, + SanitizerConfigOrSanitizerPresets::SanitizerConfig(configuration) => configuration, + }; + + // Step 2. Let valid be the return value of set a configuration with configuration and true + // on this. + // Step 3. If valid is false, then throw a TypeError. + let sanitizer = Sanitizer::new_with_proto(cx, window, proto, SanitizerConfig::default()); + if !sanitizer.set_configuration(configuration, true) { + return Err(Error::Type(c"The configuration is invalid".into())); + } + + Ok(sanitizer) + } + + /// + fn Get(&self) -> SanitizerConfig { + // Step 1. Let config be this’s configuration. + let config = self.configuration.borrow_mut(); + + // TODO: Step 2 to Step 7 + + // Step 8. Return config. + (*config).clone() + } +} diff --git a/components/script_bindings/codegen/Bindings.conf b/components/script_bindings/codegen/Bindings.conf index 2d3915d8a05..f07bc1f348f 100644 --- a/components/script_bindings/codegen/Bindings.conf +++ b/components/script_bindings/codegen/Bindings.conf @@ -793,6 +793,10 @@ DOMInterfaces = { 'cx': ['Constructor'], }, +'Sanitizer': { + 'cx': ['Constructor'], +}, + 'Selection': { 'canGc': ['Collapse', 'CollapseToEnd', 'CollapseToStart', 'Extend', 'SelectAllChildren', 'SetBaseAndExtent', 'SetPosition'], 'cx': ['DeleteFromDocument'] @@ -1140,6 +1144,22 @@ Dictionaries = { 'derives': ['Clone', 'MallocSizeOf'], }, +'SanitizerAttributeNamespace': { + 'derives': ['Clone', 'MallocSizeOf'] +}, + +'SanitizerElementNamespace': { + 'derives': ['Clone', 'MallocSizeOf'], +}, + +'SanitizerElementNamespaceWithAttributes': { + 'derives': ['Clone', 'MallocSizeOf'], +}, + +'SanitizerConfig': { + 'derives': ['Clone', 'MallocSizeOf'] +}, + 'ScrollOptions': { 'derives': ['Clone'], }, @@ -1183,6 +1203,18 @@ Unions = { 'derives': ['Clone', 'MallocSizeOf'] }, +'StringOrSanitizerAttributeNamespace': { + 'derives': ['Clone', 'MallocSizeOf'], +}, + +'StringOrSanitizerElementNamespace': { + 'derives': ['Clone', 'MallocSizeOf'], +}, + +'StringOrSanitizerElementNamespaceWithAttributes': { + 'derives': ['Clone', 'MallocSizeOf'], +}, + 'RangeEnforcedUnsignedLongSequenceOrGPUExtent3DDict': { 'derives': ['MallocSizeOf'] }, diff --git a/components/script_bindings/webidls/Sanitizer.webidl b/components/script_bindings/webidls/Sanitizer.webidl new file mode 100644 index 00000000000..cd143a31ad3 --- /dev/null +++ b/components/script_bindings/webidls/Sanitizer.webidl @@ -0,0 +1,67 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +// https://wicg.github.io/sanitizer-api/#configobject +enum SanitizerPresets { "default" }; +dictionary SetHTMLOptions { + (Sanitizer or SanitizerConfig or SanitizerPresets) sanitizer = "default"; +}; +dictionary SetHTMLUnsafeOptions { + (Sanitizer or SanitizerConfig or SanitizerPresets) sanitizer = {}; +}; + +// https://wicg.github.io/sanitizer-api/#sanitizer +[Exposed=Window, Pref="dom_sanitizer_enabled"] +interface Sanitizer { + [Throws] constructor(optional (SanitizerConfig or SanitizerPresets) configuration = "default"); + + // Query configuration: + SanitizerConfig get(); + + // Modify a Sanitizer's lists and fields: + // boolean allowElement(SanitizerElementWithAttributes element); + // boolean removeElement(SanitizerElement element); + // boolean replaceElementWithChildren(SanitizerElement element); + // boolean allowAttribute(SanitizerAttribute attribute); + // boolean removeAttribute(SanitizerAttribute attribute); + // boolean setComments(boolean allow); + // boolean setDataAttributes(boolean allow); + + // Remove markup that executes script. + // boolean removeUnsafe(); +}; + +// https://wicg.github.io/sanitizer-api/#config +dictionary SanitizerElementNamespace { + required DOMString name; + DOMString? _namespace = "http://www.w3.org/1999/xhtml"; +}; + +// Used by "elements" +dictionary SanitizerElementNamespaceWithAttributes : SanitizerElementNamespace { + sequence attributes; + sequence removeAttributes; +}; + +typedef (DOMString or SanitizerElementNamespace) SanitizerElement; +typedef (DOMString or SanitizerElementNamespaceWithAttributes) SanitizerElementWithAttributes; + +dictionary SanitizerAttributeNamespace { + required DOMString name; + DOMString? _namespace = null; +}; +typedef (DOMString or SanitizerAttributeNamespace) SanitizerAttribute; + +dictionary SanitizerConfig { + sequence elements; + sequence removeElements; + sequence replaceWithChildrenElements; + + sequence attributes; + sequence removeAttributes; + + boolean comments; + boolean dataAttributes; +}; + diff --git a/tests/wpt/include.ini b/tests/wpt/include.ini index 0ccb266f6e2..96623acb971 100644 --- a/tests/wpt/include.ini +++ b/tests/wpt/include.ini @@ -252,6 +252,8 @@ skip: true skip: false [resource-timing] skip: false +[sanitizer-api] + skip: false [secure-contexts] skip: false [screen-wake-lock] diff --git a/tests/wpt/meta/sanitizer-api/__dir__.ini b/tests/wpt/meta/sanitizer-api/__dir__.ini new file mode 100644 index 00000000000..fdfc6c594f7 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/__dir__.ini @@ -0,0 +1 @@ +prefs: [dom_sanitizer_enabled: true] diff --git a/tests/wpt/meta/sanitizer-api/idlharness.https.window.js.ini b/tests/wpt/meta/sanitizer-api/idlharness.https.window.js.ini new file mode 100644 index 00000000000..17bc51c9114 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/idlharness.https.window.js.ini @@ -0,0 +1,69 @@ +[idlharness.https.window.html] + [Sanitizer interface: operation allowElement(SanitizerElementWithAttributes)] + expected: FAIL + + [Sanitizer interface: operation removeElement(SanitizerElement)] + expected: FAIL + + [Sanitizer interface: operation replaceElementWithChildren(SanitizerElement)] + expected: FAIL + + [Sanitizer interface: operation allowAttribute(SanitizerAttribute)] + expected: FAIL + + [Sanitizer interface: operation removeAttribute(SanitizerAttribute)] + expected: FAIL + + [Sanitizer interface: operation setComments(boolean)] + expected: FAIL + + [Sanitizer interface: operation setDataAttributes(boolean)] + expected: FAIL + + [Sanitizer interface: operation removeUnsafe()] + expected: FAIL + + [Sanitizer interface: new Sanitizer({}) must inherit property "allowElement(SanitizerElementWithAttributes)" with the proper type] + expected: FAIL + + [Sanitizer interface: calling allowElement(SanitizerElementWithAttributes) on new Sanitizer({}) with too few arguments must throw TypeError] + expected: FAIL + + [Sanitizer interface: new Sanitizer({}) must inherit property "removeElement(SanitizerElement)" with the proper type] + expected: FAIL + + [Sanitizer interface: calling removeElement(SanitizerElement) on new Sanitizer({}) with too few arguments must throw TypeError] + expected: FAIL + + [Sanitizer interface: new Sanitizer({}) must inherit property "replaceElementWithChildren(SanitizerElement)" with the proper type] + expected: FAIL + + [Sanitizer interface: calling replaceElementWithChildren(SanitizerElement) on new Sanitizer({}) with too few arguments must throw TypeError] + expected: FAIL + + [Sanitizer interface: new Sanitizer({}) must inherit property "allowAttribute(SanitizerAttribute)" with the proper type] + expected: FAIL + + [Sanitizer interface: calling allowAttribute(SanitizerAttribute) on new Sanitizer({}) with too few arguments must throw TypeError] + expected: FAIL + + [Sanitizer interface: new Sanitizer({}) must inherit property "removeAttribute(SanitizerAttribute)" with the proper type] + expected: FAIL + + [Sanitizer interface: calling removeAttribute(SanitizerAttribute) on new Sanitizer({}) with too few arguments must throw TypeError] + expected: FAIL + + [Sanitizer interface: new Sanitizer({}) must inherit property "setComments(boolean)" with the proper type] + expected: FAIL + + [Sanitizer interface: calling setComments(boolean) on new Sanitizer({}) with too few arguments must throw TypeError] + expected: FAIL + + [Sanitizer interface: new Sanitizer({}) must inherit property "setDataAttributes(boolean)" with the proper type] + expected: FAIL + + [Sanitizer interface: calling setDataAttributes(boolean) on new Sanitizer({}) with too few arguments must throw TypeError] + expected: FAIL + + [Sanitizer interface: new Sanitizer({}) must inherit property "removeUnsafe()" with the proper type] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-basic-filtering.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-basic-filtering.tentative.html.ini new file mode 100644 index 00000000000..1518bdb1670 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-basic-filtering.tentative.html.ini @@ -0,0 +1,31 @@ +[sanitizer-basic-filtering.tentative.html] + expected: ERROR + [setHTML testcase text/0, "text"] + expected: FAIL + + [ShadowRoot.setHTML testcase text/0, "text"] + expected: FAIL + + [parseHTML testcase text/0, "text"] + expected: FAIL + + [setHTML testcase elements/0, "

Hello World!"] + expected: FAIL + + [ShadowRoot.setHTML testcase elements/0, "

Hello World!"] + expected: FAIL + + [parseHTML testcase elements/0, "

Hello World!"] + expected: FAIL + + [setHTML testcase elements/1, "

Hello World!"] + expected: FAIL + + [setHTMLUnsafe testcase elements/1, "

Hello World!"] + expected: FAIL + + [ShadowRoot.setHTML testcase elements/1, "

Hello World!"] + expected: FAIL + + [ShadowRoot.setHTMLUnsafe testcase elements/1, "

Hello World!"] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-boolean-defaults.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-boolean-defaults.tentative.html.ini new file mode 100644 index 00000000000..a1c0f4ce1b2 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-boolean-defaults.tentative.html.ini @@ -0,0 +1,6 @@ +[sanitizer-boolean-defaults.tentative.html] + [comments] + expected: FAIL + + [data attributes] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-config.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-config.tentative.html.ini new file mode 100644 index 00000000000..71471bdc4a7 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-config.tentative.html.ini @@ -0,0 +1,132 @@ +[sanitizer-config.tentative.html] + [SanitizerConfig comments field.] + expected: FAIL + + [SanitizerConfig dataAttributes field.] + expected: FAIL + + [SanitizerConfig, normalization: elements: ["div"\]] + expected: FAIL + + [SanitizerConfig, normalization: elements: [{"name":"b"}\]] + expected: FAIL + + [SanitizerConfig, normalization: elements: [{"name":"b","namespace":null}\]] + expected: FAIL + + [SanitizerConfig, normalization: elements: [{"name":"b","namespace":""}\]] + expected: FAIL + + [SanitizerConfig, normalization: elements: [{"name":"p","namespace":"http://www.w3.org/1999/xhtml"}\]] + expected: FAIL + + [SanitizerConfig, normalization: elements: [{"name":"bla","namespace":"http://fantasy.org/namespace"}\]] + expected: FAIL + + [SanitizerConfig, normalization: removeElements: ["div"\]] + expected: FAIL + + [SanitizerConfig, normalization: removeElements: [{"name":"b","namespace":""}\]] + expected: FAIL + + [SanitizerConfig, normalization: replaceWithChildrenElements: ["div"\]] + expected: FAIL + + [SanitizerConfig, normalization: replaceWithChildrenElements: [{"name":"b","namespace":""}\]] + expected: FAIL + + [SanitizerConfig, normalization: attributes: ["href"\]] + expected: FAIL + + [SanitizerConfig, normalization: attributes: [{"name":"href","namespace":""}\]] + expected: FAIL + + [SanitizerConfig, normalization: removeAttributes: ["href"\]] + expected: FAIL + + [SanitizerConfig, normalization: removeAttributes: [{"name":"href","namespace":""}\]] + expected: FAIL + + [Test elements addition.] + expected: FAIL + + [Test elements removal.] + expected: FAIL + + [Test elements replacewithchildren.] + expected: FAIL + + [Test attribute addition.] + expected: FAIL + + [Test attribute removal.] + expected: FAIL + + [Test attribute-per-element sets (i.e. overwrites).] + expected: FAIL + + [Test removeAttribute-per-element sets (i.e. overwrites).] + expected: FAIL + + [Both elements and removeElements should not be allowed.] + expected: FAIL + + [Both attributes and removeAttributes should not be allowed.] + expected: FAIL + + [config[elements\] should not allow duplicates] + expected: FAIL + + [config[removeElements\] should not allow duplicates] + expected: FAIL + + [config[replaceWithChildrenElements\] should not allow duplicates] + expected: FAIL + + [config[attributes\] should not allow duplicates] + expected: FAIL + + [config[removeAttributes\] should not allow duplicates] + expected: FAIL + + [config[elements\] and config[replaceWithChildrenElements\] should not intersect] + expected: FAIL + + [config[removeElements\] and config[replaceWithChildrenElements\] should not intersect] + expected: FAIL + + [Duplicates in element[attributes\] with config[attributes\] should not be allowed.] + expected: FAIL + + [Duplicates in element[removeAttributes\] with config[attributes\] should not be allowed.] + expected: FAIL + + [config[attributes\] and element[attributes\] should not intersect.] + expected: FAIL + + [element[removeAttributes\] should be a subset of config[attributes\]] + expected: FAIL + + [element[attributes\] with a data attribute must not co-exist with config[dataAttributes\] set to true.] + expected: FAIL + + [config[attributes\] with a data attribute must not co-exist with config[dataAttributes\] set to true.] + expected: FAIL + + [element[attributes\] and element[removeAttributes\] should not both exist with config[removeAttributes\].] + expected: FAIL + + [Duplicates in element[attributes\] with config[removeAttributes\] should not be allowed.] + expected: FAIL + + [Duplicates in element[removeAttributes\] with config[removeAttributes\] should not be allowed.] + expected: FAIL + + [config[removeAttributes\] and element[attributes\] should not intersect.] + expected: FAIL + + [config[removeAttributes\] and element[removeAttributes\] should not intersect.] + expected: FAIL + + [Can not use config[dataAttributes\] and config[removeAttributes\] together.] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-default-config.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-default-config.tentative.html.ini new file mode 100644 index 00000000000..0beb225d08e --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-default-config.tentative.html.ini @@ -0,0 +1,3 @@ +[sanitizer-default-config.tentative.html] + [Get the expected default config] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-get.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-get.tentative.html.ini new file mode 100644 index 00000000000..aef790176a7 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-get.tentative.html.ini @@ -0,0 +1,21 @@ +[sanitizer-get.tentative.html] + [Sorting of attributes] + expected: FAIL + + [Sorting of removeAttributes] + expected: FAIL + + [Sorting of elements] + expected: FAIL + + [Sorting of removeElements] + expected: FAIL + + [Sorting of replaceWithChildrenElements] + expected: FAIL + + [Sorting of element's attributes] + expected: FAIL + + [Sorting of element's removeAttributes] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-inert-document.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-inert-document.tentative.html.ini new file mode 100644 index 00000000000..22af069206a --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-inert-document.tentative.html.ini @@ -0,0 +1,12 @@ +[sanitizer-inert-document.tentative.html] + [Test whether setHTML executes the fail handler.] + expected: FAIL + + [Test whether setHTMLUnsafe executes the fail handler.] + expected: FAIL + + [Test whether setHTML loads the image.] + expected: FAIL + + [Test whether setHTMLUnsafe loads the image.] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-javascript-url.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-javascript-url.html.ini new file mode 100644 index 00000000000..9885e61325f --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-javascript-url.html.ini @@ -0,0 +1,132 @@ +[sanitizer-javascript-url.html] + [setHTML testcase built-in-navigating-url-attributes-list/0, ""] + expected: FAIL + + [parseHTML testcase built-in-navigating-url-attributes-list/0, ""] + expected: FAIL + + [setHTML testcase built-in-navigating-url-attributes-list/1, ""] + expected: FAIL + + [parseHTML testcase built-in-navigating-url-attributes-list/1, ""] + expected: FAIL + + [setHTML testcase built-in-navigating-url-attributes-list/2, ""] + expected: FAIL + + [parseHTML testcase built-in-navigating-url-attributes-list/2, ""] + expected: FAIL + + [setHTML testcase built-in-navigating-url-attributes-list/3, ""] + expected: FAIL + + [parseHTML testcase built-in-navigating-url-attributes-list/3, ""] + expected: FAIL + + [setHTML testcase built-in-navigating-url-attributes-list/4, "

"] + expected: FAIL + + [parseHTML testcase built-in-navigating-url-attributes-list/4, "
"] + expected: FAIL + + [setHTML testcase built-in-navigating-url-attributes-list/5, ""] + expected: FAIL + + [parseHTML testcase built-in-navigating-url-attributes-list/5, ""] + expected: FAIL + + [setHTML testcase built-in-navigating-url-attributes-list/6, ""] + expected: FAIL + + [parseHTML testcase built-in-navigating-url-attributes-list/6, ""] + expected: FAIL + + [setHTML testcase built-in-navigating-url-attributes-list/7, ""] + expected: FAIL + + [parseHTML testcase built-in-navigating-url-attributes-list/7, ""] + expected: FAIL + + [setHTML testcase mathml/0, ""] + expected: FAIL + + [parseHTML testcase mathml/0, ""] + expected: FAIL + + [setHTML testcase mathml/1, ""] + expected: FAIL + + [parseHTML testcase mathml/1, ""] + expected: FAIL + + [setHTML testcase mathml/2, "Test"] + expected: FAIL + + [parseHTML testcase mathml/2, "Test"] + expected: FAIL + + [setHTML testcase built-in-animating-url-attributes-list/0, ""] + expected: FAIL + + [parseHTML testcase built-in-animating-url-attributes-list/0, ""] + expected: FAIL + + [setHTML testcase built-in-animating-url-attributes-list/1, ""] + expected: FAIL + + [parseHTML testcase built-in-animating-url-attributes-list/1, ""] + expected: FAIL + + [setHTML testcase built-in-animating-url-attributes-list/2, ""] + expected: FAIL + + [parseHTML testcase built-in-animating-url-attributes-list/2, ""] + expected: FAIL + + [setHTML testcase built-in-animating-url-attributes-list/3, ""] + expected: FAIL + + [parseHTML testcase built-in-animating-url-attributes-list/3, ""] + expected: FAIL + + [setHTML testcase built-in-animating-url-attributes-list/4, ""] + expected: FAIL + + [parseHTML testcase built-in-animating-url-attributes-list/4, ""] + expected: FAIL + + [setHTML testcase built-in-animating-url-attributes-list/5, ""] + expected: FAIL + + [parseHTML testcase built-in-animating-url-attributes-list/5, ""] + expected: FAIL + + [setHTML testcase built-in-animating-url-attributes-list/6, ""] + expected: FAIL + + [parseHTML testcase built-in-animating-url-attributes-list/6, ""] + expected: FAIL + + [setHTML testcase built-in-animating-url-attributes-list/7, ""] + expected: FAIL + + [parseHTML testcase built-in-animating-url-attributes-list/7, ""] + expected: FAIL + + [setHTML testcase allowed/0, ""] + expected: FAIL + + [parseHTML testcase allowed/0, ""] + expected: FAIL + + [setHTML testcase allowed/1, ""] + expected: FAIL + + [parseHTML testcase allowed/1, ""] + expected: FAIL + + [setHTML testcase allowed/2, ""] + expected: FAIL + + [parseHTML testcase allowed/2, ""] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-modifiers.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-modifiers.tentative.html.ini new file mode 100644 index 00000000000..2c7f027bc73 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-modifiers.tentative.html.ini @@ -0,0 +1,57 @@ +[sanitizer-modifiers.tentative.html] + [sanitizer.allowAttribute() with global attributes] + expected: FAIL + + [sanitizer.allowAttribute() with global removeAttributes] + expected: FAIL + + [sanitizer.allowAttribute() with global attributes and elements] + expected: FAIL + + [sanitizer.allowAttribute() with global removeAttributes and element's attributes] + expected: FAIL + + [sanitizer.allowAttribute() with global removeAttributes and element's removeAttributes] + expected: FAIL + + [sanitizer.removeAttribute() with global attributes] + expected: FAIL + + [sanitizer.removeAttribute() with global removeAttributes] + expected: FAIL + + [sanitizer.removeAttribute() with global attributes and elements] + expected: FAIL + + [sanitizer.removeAttribute() with global removeAttributes and element's attributes] + expected: FAIL + + [sanitizer.removeAttribute() with global removeAttributes and element's removeAttributes] + expected: FAIL + + [sanitizer.removeElement() with global elements] + expected: FAIL + + [sanitizer.removeElement() with global removeElements] + expected: FAIL + + [sanitizer.replaceElementWithChildren() with global elements] + expected: FAIL + + [sanitizer.replaceElementWithChildren() with global removeElements] + expected: FAIL + + [sanitizer.allowElement() with global elements] + expected: FAIL + + [sanitizer.allowElement() with global removeElements] + expected: FAIL + + [sanitizer.allowElement() with global elements and attributes] + expected: FAIL + + [sanitizer.allowElement() with global elements and removeAttributes] + expected: FAIL + + [sanitizer.replaceElementWithChildren does not allow 'html' element.] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-names.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-names.tentative.html.ini new file mode 100644 index 00000000000..8867b362651 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-names.tentative.html.ini @@ -0,0 +1,60 @@ +[sanitizer-names.tentative.html] + [Namespaced elements #0: elements: ["p"\]] + expected: FAIL + + [Namespaced elements #1: elements: ["svg"\]] + expected: FAIL + + [Namespaced elements #2: elements: [{"name":"svg","namespace":"http://www.w3.org/2000/svg"}\]] + expected: FAIL + + [Namespaced elements #3: elements: ["math"\]] + expected: FAIL + + [Namespaced elements #4: elements: [{"name":"math","namespace":"http://www.w3.org/2000/svg"}\]] + expected: FAIL + + [Namespaced elements #5: elements: [{"name":"math","namespace":"http://www.w3.org/1998/Math/MathML"}\]] + expected: FAIL + + [Namespaced attributes #0: attributes: [{"name":"style"}\]] + expected: FAIL + + [Namespaced attributes #1: attributes: [{"name":"href"}\]] + expected: FAIL + + [Namespaced attributes #2: attributes: [{"name":"xlink:href"}\]] + expected: FAIL + + [Namespaced attributes #3: attributes: [{"name":"href","namespace":"http://www.w3.org/1999/xlink"}\]] + expected: FAIL + + [Namespaced attributes #4: attributes: [{"name":"href","namespace":"http://www.w3.org/1999/xlink"}\]] + expected: FAIL + + [Namespaced attributes #5: attributes: [{"name":"href"}\]] + expected: FAIL + + [Namespaced attributes #6: attributes: [{"name":"xlink:href"}\]] + expected: FAIL + + [Namespaced attributes #7: attributes: [{"name":"href","namespace":"http://www.w3.org/1999/xlink"}\]] + expected: FAIL + + [Namespaced attributes #8: attributes: [{"name":"href","namespace":"http://www.w3.org/1999/xlink"}\]] + expected: FAIL + + [Namespaced attributes #9: attributes: [{"name":"href"}\]] + expected: FAIL + + [Namespaced attribute xlink:href inside SVG tree] + expected: FAIL + + [Mixed-case element names #0: "svg:feBlend"] + expected: FAIL + + [Mixed-case element names #1: "svg:feColorMatrix"] + expected: FAIL + + [Mixed-case element names #2: "svg:textPath"] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sanitizer-parseHTML.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sanitizer-parseHTML.tentative.html.ini new file mode 100644 index 00000000000..0682334c814 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sanitizer-parseHTML.tentative.html.ini @@ -0,0 +1,57 @@ +[sanitizer-parseHTML.tentative.html] + [parseHTML testcase 0, "text"] + expected: FAIL + + [parseHTML testcase 1, "
text"] + expected: FAIL + + [parseHTML testcase 2, "
text"] + expected: FAIL + + [parseHTML testcase 3, "
text"] + expected: FAIL + + [parseHTMLUnsafe testcase 1, "
text"] + expected: FAIL + + [parseHTMLUnsafe testcase 2, "
text"] + expected: FAIL + + [parseHTMLUnsafe testcase 3, "
text"] + expected: FAIL + + [parseHTMLUnsafe testcase 4, "
a"] + expected: FAIL + + [parseHTML testcase 0, "xxx)".] + expected: FAIL + + [Testcase #3, setHTML("
Helloxxx)".] + expected: FAIL + + [Testcase #4, setHTML("Helloxxx)".] + expected: FAIL + + [Testcase #5, setHTML(")".] + expected: FAIL + + [Testcase #6, setHTML(")".] + expected: FAIL + + [Testcase #7, setHTML(")".] + expected: FAIL + + [Testcase #8, setHTML("

)".] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sethtml-tree-construction.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sethtml-tree-construction.tentative.html.ini new file mode 100644 index 00000000000..1835be44642 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sethtml-tree-construction.tentative.html.ini @@ -0,0 +1,243 @@ +[sethtml-tree-construction.tentative.html] + [Non-string input: empty object.] + expected: FAIL + + [Non-string input: number.] + expected: FAIL + + [Non-string input: octal number.] + expected: FAIL + + [Non-string input: expression.] + expected: FAIL + + [Non-string input: undefined.] + expected: FAIL + + [Testcase #0, "test", config: "undefined".] + expected: FAIL + + [Testcase #1, "bla", config: "undefined".] + expected: FAIL + + [Testcase #2, "test", config: "undefined".] + expected: FAIL + + [Testcase #4, "

test", config: "undefined".] + expected: FAIL + + [Testcase #5, "", config: "undefined".] + expected: FAIL + + [Testcase #6, "hello", config: "undefined".] + expected: FAIL + + [Testcase #7, "
hello", config: "undefined".] + expected: FAIL + + [Testcase #8, "

Click.

", config: "undefined".] + expected: FAIL + + [Testcase #9, "<p>text</p>", config: "{}".] + expected: FAIL + + [Testcase #10, "<xmp>TEXT</xmp>", config: "{}".] + expected: FAIL + + [Testcase #11, "test", config: "{ "test": 123 }".] + expected: FAIL + + [Testcase #12, "test", config: "{ "removeElements": [\] }".] + expected: FAIL + + [Testcase #13, "<div>test</div><p>bla", config: "{ "removeElements": ["div"\] }".] + expected: FAIL + + [Testcase #14, "<custom-element>test1</custom-element>bla", config: "undefined".] + expected: FAIL + + [Testcase #15, "<custom-element>test3</custom-element>bla", config: "{ "elements": ["custom-element"\] }".] + expected: FAIL + + [Testcase #16, "<custom-element>test5</custom-element>bla", config: "{ "removeElements": ["custom-element"\] }".] + expected: FAIL + + [Testcase #17, "<script>alert('i am a test')</script>", config: "{ "removeElements": ["script"\] }".] + expected: FAIL + + [Testcase #18, "<div>balabala<i>test</i></div><test-element>t</test-element>", config: "{ "removeElements": ["test-element", "i"\] }".] + expected: FAIL + + [Testcase #19, "<div>balabala<i>i</i><p>t</p></div>", config: "{ "removeElements": ["dl", "p"\] }".] + expected: FAIL + + [Testcase #20, "<div>test<div>p</div>tt<p>div</p></div>", config: "{ "elements": ["p"\], "replaceWithChildrenElements": ["div"\] }".] + expected: FAIL + + [Testcase #22, "<p id='test'>Click.</p>", config: "{ "removeAttributes": [\] }".] + expected: FAIL + + [Testcase #23, "<p id='test'>Click.</p>", config: "{ "removeAttributes": ["id"\] }".] + expected: FAIL + + [Testcase #24, "<p id='test'>Click.</p>", config: "{ "elements": ["p"\], "removeAttributes": ["id"\] }".] + expected: FAIL + + [Testcase #25, "<p id='p' data-attribute-with-dashes='123'>Click.</p><script>document.getElementById('p').dataset.attributeWithDashes=123;</script>", config: "{ "elements": ["p"\], "removeAttributes": ["data-attribute-with-dashes"\] }".] + expected: FAIL + + [Testcase #26, "<p id='p' title='p'>P</p><div id='div' title='div'>DIV</div>", config: "{ "elements": [\n { "name": "p", "attributes": ["title"\] },\n { "name": "div", "attributes": ["id"\] }\n\]}".] + expected: FAIL + + [Testcase #27, "<p id='p' title='p'>P</p><div id='div' title='div'>DIV</div>", config: "{ "elements":\n [\n { "name": "p", "removeAttributes": ["title"\] },\n { "name": "div", "removeAttributes": ["id"\] }\n \]\n}".] + expected: FAIL + + [Testcase #29, "<div id='div' title='div'>DIV</div>", config: "{ "elements": [{ "name": "div", "attributes": ["id", "title"\] }\],\n "attributes": [\]}".] + expected: FAIL + + [Testcase #30, "<div id='div' title='div'>DIV</div>", config: "{\n "elements": [{ "name": "div", "attributes": [\] }\],\n "removeAttributes": ["id", "title"\]\n}".] + expected: FAIL + + [Testcase #31, "<div id='div' title='div'>DIV</div>", config: "{\n "elements": [{ "name": "div", "removeAttributes": ["id", "title"\] }\],\n "attributes": ["id", "title"\]\n}".] + expected: FAIL + + [Testcase #32, "<p id='test' onclick='a= 123'>Click.</p>", config: "{ "attributes": ["id"\] }".] + expected: FAIL + + [Testcase #34, "<template><script>test</script><div>hello</div></template>", config: "{ "elements": ["template", "div"\] }".] + expected: FAIL + + [Testcase #35, "<a href='javascript:evil.com'>Click.</a>", config: "undefined".] + expected: FAIL + + [Testcase #36, "<a href=' javascript:evil.com'>Click.</a>", config: "undefined".] + expected: FAIL + + [Testcase #37, "<a href='http:evil.com'>Click.</a>", config: "undefined".] + expected: FAIL + + [Testcase #38, "<area href='javascript:evil.com'>", config: "{}".] + expected: FAIL + + [Testcase #39, "<area href=' javascript:evil.com'>", config: "{}".] + expected: FAIL + + [Testcase #40, "<area href='http:evil.com'>", config: "{}".] + expected: FAIL + + [Testcase #41, "<form action='javascript:evil.com'>Click.</form>", config: "{}".] + expected: FAIL + + [Testcase #42, "<form action=' javascript:evil.com'>Click.</form>", config: "{}".] + expected: FAIL + + [Testcase #43, "<form action='http:evil.com'>Click.</form>", config: "{}".] + expected: FAIL + + [Testcase #44, "<input formaction='javascript:evil.com'>", config: "{}".] + expected: FAIL + + [Testcase #45, "<input formaction=' javascript:evil.com'>", config: "{}".] + expected: FAIL + + [Testcase #46, "<input formaction='http:evil.com'>", config: "{}".] + expected: FAIL + + [Testcase #47, "<button formaction='javascript:evil.com'>Click.</button>", config: "{}".] + expected: FAIL + + [Testcase #48, "<button formaction=' javascript:evil.com'>Click.</button>", config: "{}".] + expected: FAIL + + [Testcase #49, "<button formaction='http:evil.com'>Click.</button>", config: "{}".] + expected: FAIL + + [Testcase #50, "<p>Some text</p></body><!-- 1 --></html><!-- 2 --><p>Some more text</p>", config: "undefined".] + expected: FAIL + + [Testcase #51, "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", config: "undefined".] + expected: FAIL + + [Testcase #52, "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", config: "{ "comments": true }".] + expected: FAIL + + [Testcase #53, "<p>Some text</p><!-- 1 --><!-- 2 --><p>Some more text</p>", config: "{ "comments": false }".] + expected: FAIL + + [Testcase #54, "<p>comment<!-- hello -->in<!-- </p> -->text</p>", config: "undefined".] + expected: FAIL + + [Testcase #55, "<p>comment<!-- hello -->in<!-- </p> -->text</p>", config: "{ "comments": true }".] + expected: FAIL + + [Testcase #56, "<p>comment<!-- hello -->in<!-- </p> -->text</p>", config: "{ "comments": false }".] + expected: FAIL + + [Testcase #57, "<svg></svg>", config: "{ "elements": ["svg"\] }".] + expected: FAIL + + [Testcase #58, "<div><svg></svg></div>", config: "{ "elements": ["div", "svg"\] }".] + expected: FAIL + + [Testcase #59, "<div>balabala<dl>test</dl></div>", config: "{ "removeElements": ["I", "DL"\] }".] + expected: FAIL + + [Testcase #60, "<div>balabala<dl>test</dl></div>", config: "{ "removeElements": ["i", "dl"\] }".] + expected: FAIL + + [Testcase #61, "<DIV>balabala<DL>test</DL></DIV>", config: "{ "removeElements": ["i", "dl"\] }".] + expected: FAIL + + [Testcase #62, "<p id="test">Click.</p>", config: "{ "removeAttributes": ["ID"\] }".] + expected: FAIL + + [Testcase #63, "<p ID="test">Click.</p>", config: "{ "removeAttributes": ["ID"\] }".] + expected: FAIL + + [Testcase #64, "<p ID="test">Click.</p>", config: "{ "removeAttributes": ["id"\] }".] + expected: FAIL + + [Testcase #65, "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>", config: "{ "removeElements": [123, "test", "i", "custom-element"\] }".] + expected: FAIL + + [Testcase #66, "<div>balabala<i>test</i></div><test>t</test><custom-element>custom-element</custom-element>", config: "{ "replaceWithChildrenElements": [123, "test", "i", "custom-element"\],\n "elements": ["div"\]}".] + expected: FAIL + + [Testcase #67, "<div>test<div>p</div>tt<p>div</p></div><test>test</test>", config: "{ "elements": ["p", "test"\], "replaceWithChildrenElements": ["div"\] }".] + expected: FAIL + + [Testcase #68, "test<div>p</div>tt<p>div</p><test>test</test>", config: "{ "elements": ["p", "test"\], "replaceWithChildrenElements": ["div"\] }".] + expected: FAIL + + [Testcase #69, "<div hello='1' world='2'><b hello='3' world='4'>", config: "{ "elements": ["div", "b"\], "attributes": ["hello", "world"\] }".] + expected: FAIL + + [Testcase #70, "<div hello='1' world='2'><b hello='3' world='4'>", config: "{ "elements": ["div", "b"\], "removeAttributes": ["hello", "world"\] }".] + expected: FAIL + + [Testcase #71, "<table><div><td>", config: "{ "replaceWithChildrenElements": ["table"\] }".] + expected: FAIL + + [Testcase #72, "<template><div>Hello</div></template>", config: "{}".] + expected: FAIL + + [Testcase #73, "<template><div>Hello</div></template>", config: "{ "elements": ["div"\]}".] + expected: FAIL + + [Testcase #74, "<template><div>Hello</div></template>", config: "{ "elements": ["template"\]}".] + expected: FAIL + + [Testcase #75, "<template><div>Hello</div></template>", config: "{ "elements": ["div", "template"\]}".] + expected: FAIL + + [Testcase #76, "<template><div>Hello</div></template>", config: "{ "elements": ["template"\], "replaceWithChildrenElements": ["div"\]}".] + expected: FAIL + + [Testcase #77, "<a href="about:blank" rel="opener">Click.</a>", config: "undefined".] + expected: FAIL + + [Testcase #78, "<div><b><em><foo><foob><fooc><aside></b></em></div>", config: "{ "removeElements": ["em"\] }".] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sethtml-with-custom-elements.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sethtml-with-custom-elements.tentative.html.ini new file mode 100644 index 00000000000..e2793b1dc02 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sethtml-with-custom-elements.tentative.html.ini @@ -0,0 +1,9 @@ +[sethtml-with-custom-elements.tentative.html] + [Custom element that is removed during sanitization.] + expected: FAIL + + [Custom element that is allowed.] + expected: FAIL + + [Scoped custom element registry still works.] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sethtml-with-declarative-shadow-root.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sethtml-with-declarative-shadow-root.tentative.html.ini new file mode 100644 index 00000000000..eb5391c8032 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sethtml-with-declarative-shadow-root.tentative.html.ini @@ -0,0 +1,27 @@ +[sethtml-with-declarative-shadow-root.tentative.html] + [template with shadowrootmode should be removed by safe default] + expected: FAIL + + [template with shadowrootmode should not be processed when <template> is forbidden] + expected: FAIL + + [template with shadowrootmode should be processed as a normal template when the shadowRootMode attribute is forbidden] + expected: FAIL + + [shadowRoot.delegatesFocus does not propagate to the shadow root when shadowrootdelegatesfocus is removed by sanitizer] + expected: FAIL + + [shadowRoot.serializable does not propagate to the shadow root when shadowrootserializable is removed by sanitizer] + expected: FAIL + + [shadowRoot.clonable does not propagate to the shadow root when shadowrootclonable is removed by sanitizer] + expected: FAIL + + [shadowRoot.referenceTarget does not propagate to the shadow root when shadowrootreferencetarget is removed by sanitizer] + expected: FAIL + + [shadowRoot.customElementRegistry does not propagate to the shadow root when shadowrootcustomelementregistry is removed by sanitizer] + expected: FAIL + + [shadowRoot.adoptedStyleSheets does not propagate to the shadow root when shadowrootadoptedstylesheets is removed by sanitizer] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sethtml-with-trustedtypes-createParserOptions.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sethtml-with-trustedtypes-createParserOptions.tentative.html.ini new file mode 100644 index 00000000000..f204073154a --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sethtml-with-trustedtypes-createParserOptions.tentative.html.ini @@ -0,0 +1,6 @@ +[sethtml-with-trustedtypes-createParserOptions.tentative.html] + [ShadowRoot.setHTMLUnsafe: passing a TrustedParserOptions overrides default policy] + expected: FAIL + + [Element.setHTMLUnsafe: passing a TrustedParserOptions overrides default policy] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sethtml-with-trustedtypes-immutable.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sethtml-with-trustedtypes-immutable.tentative.html.ini new file mode 100644 index 00000000000..6bc83b34605 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sethtml-with-trustedtypes-immutable.tentative.html.ini @@ -0,0 +1,6 @@ +[sethtml-with-trustedtypes-immutable.tentative.html] + [createParserOptions doesn't mutate original object] + expected: FAIL + + [createParserOptions doesn't mutate sanitizer object] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sethtml-with-trustedtypes.tentative.html.ini b/tests/wpt/meta/sanitizer-api/sethtml-with-trustedtypes.tentative.html.ini new file mode 100644 index 00000000000..452ac941c18 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sethtml-with-trustedtypes.tentative.html.ini @@ -0,0 +1,300 @@ +[sethtml-with-trustedtypes.tentative.html] + [ShadowRoot.setHTMLUnsafe: createParserOptions can inject a sanitizer config] + expected: FAIL + + [ShadowRoot.setHTMLUnsafe: createParserOptions can inject a sanitizer] + expected: FAIL + + [ShadowRoot.setHTMLUnsafe: createParserOptions can override a sanitizer config] + expected: FAIL + + [ShadowRoot.setHTMLUnsafe: createParserOptions returning null fails] + expected: FAIL + + [ShadowRoot.setHTMLUnsafe: createParserOptions returning undefined fails] + expected: FAIL + + [ShadowRoot.setHTMLUnsafe: createParserOptions returning 0 fails] + expected: FAIL + + [ShadowRoot.setHTMLUnsafe: createParserOptions returning 123 fails] + expected: FAIL + + [ShadowRoot.setHTMLUnsafe: createParserOptions returning "foo" fails] + expected: FAIL + + [ShadowRoot.innerHTML: createParserOptions can inject a sanitizer config] + expected: FAIL + + [ShadowRoot.innerHTML: createParserOptions can inject a sanitizer] + expected: FAIL + + [ShadowRoot.innerHTML: createParserOptions can override a sanitizer config] + expected: FAIL + + [ShadowRoot.innerHTML: createParserOptions returning null fails] + expected: FAIL + + [ShadowRoot.innerHTML: createParserOptions returning undefined fails] + expected: FAIL + + [ShadowRoot.innerHTML: createParserOptions returning 0 fails] + expected: FAIL + + [ShadowRoot.innerHTML: createParserOptions returning 123 fails] + expected: FAIL + + [ShadowRoot.innerHTML: createParserOptions returning "foo" fails] + expected: FAIL + + [ShadowRoot.beforebegin: createParserOptions can inject a sanitizer config] + expected: FAIL + + [ShadowRoot.beforebegin: createParserOptions can inject a sanitizer] + expected: FAIL + + [ShadowRoot.beforebegin: createParserOptions can override a sanitizer config] + expected: FAIL + + [ShadowRoot.beforebegin: createParserOptions returning null fails] + expected: FAIL + + [ShadowRoot.beforebegin: createParserOptions returning undefined fails] + expected: FAIL + + [ShadowRoot.beforebegin: createParserOptions returning 0 fails] + expected: FAIL + + [ShadowRoot.beforebegin: createParserOptions returning 123 fails] + expected: FAIL + + [ShadowRoot.beforebegin: createParserOptions returning "foo" fails] + expected: FAIL + + [ShadowRoot.afterend: createParserOptions can inject a sanitizer config] + expected: FAIL + + [ShadowRoot.afterend: createParserOptions can inject a sanitizer] + expected: FAIL + + [ShadowRoot.afterend: createParserOptions can override a sanitizer config] + expected: FAIL + + [ShadowRoot.afterend: createParserOptions returning null fails] + expected: FAIL + + [ShadowRoot.afterend: createParserOptions returning undefined fails] + expected: FAIL + + [ShadowRoot.afterend: createParserOptions returning 0 fails] + expected: FAIL + + [ShadowRoot.afterend: createParserOptions returning 123 fails] + expected: FAIL + + [ShadowRoot.afterend: createParserOptions returning "foo" fails] + expected: FAIL + + [ShadowRoot.setHTMLUnsafe: createParserOptions works after createHTML] + expected: FAIL + + [ShadowRoot: createParserOptions cannot add unsafe elements to safe HTML setting] + expected: FAIL + + [Element.setHTMLUnsafe: createParserOptions can inject a sanitizer config] + expected: FAIL + + [Element.setHTMLUnsafe: createParserOptions can inject a sanitizer] + expected: FAIL + + [Element.setHTMLUnsafe: createParserOptions can override a sanitizer config] + expected: FAIL + + [Element.setHTMLUnsafe: createParserOptions returning null fails] + expected: FAIL + + [Element.setHTMLUnsafe: createParserOptions returning undefined fails] + expected: FAIL + + [Element.setHTMLUnsafe: createParserOptions returning 0 fails] + expected: FAIL + + [Element.setHTMLUnsafe: createParserOptions returning 123 fails] + expected: FAIL + + [Element.setHTMLUnsafe: createParserOptions returning "foo" fails] + expected: FAIL + + [Element.innerHTML: createParserOptions can inject a sanitizer config] + expected: FAIL + + [Element.innerHTML: createParserOptions can inject a sanitizer] + expected: FAIL + + [Element.innerHTML: createParserOptions can override a sanitizer config] + expected: FAIL + + [Element.innerHTML: createParserOptions returning null fails] + expected: FAIL + + [Element.innerHTML: createParserOptions returning undefined fails] + expected: FAIL + + [Element.innerHTML: createParserOptions returning 0 fails] + expected: FAIL + + [Element.innerHTML: createParserOptions returning 123 fails] + expected: FAIL + + [Element.innerHTML: createParserOptions returning "foo" fails] + expected: FAIL + + [Element.outerHTML: createParserOptions can inject a sanitizer config] + expected: FAIL + + [Element.outerHTML: createParserOptions can inject a sanitizer] + expected: FAIL + + [Element.outerHTML: createParserOptions can override a sanitizer config] + expected: FAIL + + [Element.outerHTML: createParserOptions returning null fails] + expected: FAIL + + [Element.outerHTML: createParserOptions returning undefined fails] + expected: FAIL + + [Element.outerHTML: createParserOptions returning 0 fails] + expected: FAIL + + [Element.outerHTML: createParserOptions returning 123 fails] + expected: FAIL + + [Element.outerHTML: createParserOptions returning "foo" fails] + expected: FAIL + + [Element.createContextualFragment: createParserOptions can inject a sanitizer config] + expected: FAIL + + [Element.createContextualFragment: createParserOptions can inject a sanitizer] + expected: FAIL + + [Element.createContextualFragment: createParserOptions can override a sanitizer config] + expected: FAIL + + [Element.createContextualFragment: createParserOptions returning null fails] + expected: FAIL + + [Element.createContextualFragment: createParserOptions returning undefined fails] + expected: FAIL + + [Element.createContextualFragment: createParserOptions returning 0 fails] + expected: FAIL + + [Element.createContextualFragment: createParserOptions returning 123 fails] + expected: FAIL + + [Element.createContextualFragment: createParserOptions returning "foo" fails] + expected: FAIL + + [Element.afterbegin: createParserOptions can inject a sanitizer config] + expected: FAIL + + [Element.afterbegin: createParserOptions can inject a sanitizer] + expected: FAIL + + [Element.afterbegin: createParserOptions can override a sanitizer config] + expected: FAIL + + [Element.afterbegin: createParserOptions returning null fails] + expected: FAIL + + [Element.afterbegin: createParserOptions returning undefined fails] + expected: FAIL + + [Element.afterbegin: createParserOptions returning 0 fails] + expected: FAIL + + [Element.afterbegin: createParserOptions returning 123 fails] + expected: FAIL + + [Element.afterbegin: createParserOptions returning "foo" fails] + expected: FAIL + + [Element.beforeend: createParserOptions can inject a sanitizer config] + expected: FAIL + + [Element.beforeend: createParserOptions can inject a sanitizer] + expected: FAIL + + [Element.beforeend: createParserOptions can override a sanitizer config] + expected: FAIL + + [Element.beforeend: createParserOptions returning null fails] + expected: FAIL + + [Element.beforeend: createParserOptions returning undefined fails] + expected: FAIL + + [Element.beforeend: createParserOptions returning 0 fails] + expected: FAIL + + [Element.beforeend: createParserOptions returning 123 fails] + expected: FAIL + + [Element.beforeend: createParserOptions returning "foo" fails] + expected: FAIL + + [Element.beforebegin: createParserOptions can inject a sanitizer config] + expected: FAIL + + [Element.beforebegin: createParserOptions can inject a sanitizer] + expected: FAIL + + [Element.beforebegin: createParserOptions can override a sanitizer config] + expected: FAIL + + [Element.beforebegin: createParserOptions returning null fails] + expected: FAIL + + [Element.beforebegin: createParserOptions returning undefined fails] + expected: FAIL + + [Element.beforebegin: createParserOptions returning 0 fails] + expected: FAIL + + [Element.beforebegin: createParserOptions returning 123 fails] + expected: FAIL + + [Element.beforebegin: createParserOptions returning "foo" fails] + expected: FAIL + + [Element.afterend: createParserOptions can inject a sanitizer config] + expected: FAIL + + [Element.afterend: createParserOptions can inject a sanitizer] + expected: FAIL + + [Element.afterend: createParserOptions can override a sanitizer config] + expected: FAIL + + [Element.afterend: createParserOptions returning null fails] + expected: FAIL + + [Element.afterend: createParserOptions returning undefined fails] + expected: FAIL + + [Element.afterend: createParserOptions returning 0 fails] + expected: FAIL + + [Element.afterend: createParserOptions returning 123 fails] + expected: FAIL + + [Element.afterend: createParserOptions returning "foo" fails] + expected: FAIL + + [Element.setHTMLUnsafe: createParserOptions works after createHTML] + expected: FAIL + + [Element: createParserOptions cannot add unsafe elements to safe HTML setting] + expected: FAIL diff --git a/tests/wpt/meta/sanitizer-api/sethtml-xml-document.html.ini b/tests/wpt/meta/sanitizer-api/sethtml-xml-document.html.ini new file mode 100644 index 00000000000..7b9e2926dd8 --- /dev/null +++ b/tests/wpt/meta/sanitizer-api/sethtml-xml-document.html.ini @@ -0,0 +1,12 @@ +[sethtml-xml-document.html] + [Testcase #0 with xmlDoc.setHTML("Hello!")] + expected: FAIL + + [Testcase #1 with xmlDoc.setHTML("<br>")] + expected: FAIL + + [Testcase #2 with xmlDoc.setHTML("<p>Hi</p>")] + expected: FAIL + + [Testcase #3 with xmlDoc.setHTML("<iframe></iframe><p>text</p>")] + expected: FAIL