[webkit-changes] [WebKit/WebKit] c31d9c: Trusted Types fails to protect against a script ed...

Luke Warlow noreply at github.com
Thu May 23 13:10:06 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c31d9c40707d3ec58faee43f7446ac3fbd6c4531
      https://github.com/WebKit/WebKit/commit/c31d9c40707d3ec58faee43f7446ac3fbd6c4531
  Author: Luke Warlow <lwarlow at igalia.com>
  Date:   2024-05-23 (Thu, 23 May 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-in-xhtml-document.tentative.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot.html
    A LayoutTests/imported/w3c/web-platform-tests/trusted-types/SVGScriptElement-internal-slot-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/trusted-types/SVGScriptElement-internal-slot.html
    M Source/WebCore/dom/ScriptElement.cpp
    M Source/WebCore/dom/ScriptElement.h

  Log Message:
  -----------
  Trusted Types fails to protect against a script edited mid-parse
https://bugs.webkit.org/show_bug.cgi?id=274253

Reviewed by Darin Adler.

This patch adds a new flag to script elements that is triggered if their children are changed by API.
This flag is then used to decide whether to accept parsed script elements as trusted.

This patch stops parsed scripts working in XHTML documents when TT is enforced. A follow up patch will address that.

* LayoutTests/TestExpectations:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-in-xhtml-document.tentative.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/SVGScriptElement-internal-slot-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/SVGScriptElement-internal-slot.html: Added.
* Source/WebCore/dom/ScriptElement.cpp:
(WebCore::ScriptElement::childrenChanged):
(WebCore::ScriptElement::finishParsingChildren):
* Source/WebCore/dom/ScriptElement.h:

Canonical link: https://commits.webkit.org/279225@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list