[webkit-changes] [WebKit/WebKit] f33204: Implement trusted types enforcement for script ele...
Luke Warlow
noreply at github.com
Wed May 22 04:01:07 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f33204d52243ae13948a2dee417d69e25442c2d8
https://github.com/WebKit/WebKit/commit/f33204d52243ae13948a2dee417d69e25442c2d8
Author: Luke Warlow <lwarlow at igalia.com>
Date: 2024-05-22 (Wed, 22 May 2024)
Changed paths:
M LayoutTests/TestExpectations
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-Node-multiple-arguments-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-text-node-insertion-into-script-element-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-report-only-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-svg-script-expected.txt
M Source/WebCore/dom/ScriptElement.cpp
M Source/WebCore/dom/ScriptElement.h
M Source/WebCore/html/HTMLScriptElement.cpp
M Source/WebCore/html/HTMLScriptElement.h
M Source/WebCore/svg/SVGScriptElement.cpp
M Source/WebCore/svg/SVGScriptElement.h
Log Message:
-----------
Implement trusted types enforcement for script elements
https://bugs.webkit.org/show_bug.cgi?id=269365
Reviewed by Darin Adler and Ryosuke Niwa.
Add script text string to script element. This is used to ensure that script elements can't be manipulated in untrusted ways.
See https://w3c.github.io/trusted-types/dist/spec/#htmlscriptelement-script-text and https://w3c.github.io/trusted-types/dist/spec/#slot-value-verification
* LayoutTests/TestExpectations:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-Node-multiple-arguments-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-text-node-insertion-into-script-element-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-svg-script-expected.txt:
* Source/WebCore/dom/ScriptElement.cpp:
(WebCore::ScriptElement::finishParsingChildren):
(WebCore::ScriptElement::prepareScript):
(WebCore::ScriptElement::setTrustedScriptText):
* Source/WebCore/dom/ScriptElement.h:
* Source/WebCore/html/HTMLScriptElement.cpp:
(WebCore::HTMLScriptElement::finishParsingChildren):
(WebCore::HTMLScriptElement::setTextContent):
(WebCore::HTMLScriptElement::setInnerText):
* Source/WebCore/html/HTMLScriptElement.h:
* Source/WebCore/svg/SVGScriptElement.cpp:
(WebCore::SVGScriptElement::finishParsingChildren):
* Source/WebCore/svg/SVGScriptElement.h:
Canonical link: https://commits.webkit.org/279117@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list