- From: Frédéric Wang <notifications@github.com>
- Date: Wed, 29 Jan 2025 02:40:43 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/dom/pull/1268/c2621271212@github.com>
> Tests are written and can be reviewed and commented upon at: https://github.com/web-platform-tests/wpt/tree/master/trusted-types On https://github.com/whatwg/dom/pull/1268#issuecomment-2165953464 you mentioned the affected APIs are - setAttribute - setAttributeNS - Element.setAttributeNode - Element.setAttributeNodeNS - NamedNodeMap.setNamedItem - NamedNodeMap.setNamedItemNS - Attr.value - Node.textContent - Node.nodeValue Is that an exhautive list? I think we would need tests for each of the affected API to check: - That attribute change is blocked by the default policy. - That a non-trivial default policy is applied before attribute change. I found the following tests: - block-string-assignment-to-attribute-via-attribute-node.html - block-string-assignment-to-Element-setAttribute.html - testing/web-platform/tests/trusted-types/TrustedType-AttributeNodes.html But they don't cover e.g. setAttributeNodeNS or setNamedItemNS and the last two are a bit messy (https://phabricator.services.mozilla.com/D227943 was enough to make the last one pass in Firefox, which seems dubious to me). -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/pull/1268#issuecomment-2621271212 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/dom/pull/1268/c2621271212@github.com>
Received on Wednesday, 29 January 2025 10:40:47 UTC