Change Script Enforcement Mechanism to use flags#579
Draft
lukewarlow wants to merge 1 commit intow3c:mainfrom
Draft
Change Script Enforcement Mechanism to use flags#579lukewarlow wants to merge 1 commit intow3c:mainfrom
lukewarlow wants to merge 1 commit intow3c:mainfrom
Conversation
Member
Author
|
This still requires changes to deal with the issues related to children changed steps being fired by parser. |
Also add SVGScriptElement to spec
05fda45 to
11456d2
Compare
lukewarlow
commented
Feb 3, 2025
|
|
||
| 1. Set [=this=]'s [=SVGScriptElement/is trusted=] to false. | ||
|
|
||
| 1. Run the {{SVGScriptElement|script}} [=post-connection steps=], given [=this=]. |
Member
Author
There was a problem hiding this comment.
Does SVG even have this?
Member
There was a problem hiding this comment.
SVG has very little but we can add a note that we assume it has the same as HTML script has.
Member
Author
|
Opened #581 to at least add SVG to the existing spec while this bit is still to be worked out. |
fred-wang
reviewed
May 16, 2025
| <li>... | ||
| </ol> | ||
|
|
||
| Issue: There's no proper definition for the processing of SVG script elements. However, you should apply a similar change to the processing of {{SVGScriptElement}}s. |
Collaborator
There was a problem hiding this comment.
Can we mention the sink name explicitly? WebKit uses "SVGScriptElement text": https://searchfox.org/wubkat/rev/d1661224f525bf15e34fde4eafe9de09b92c864b/Source/WebCore/dom/ScriptElement.cpp#192
lando-prod-mozilla bot
pushed a commit
to mozilla-firefox/firefox
that referenced
this pull request
May 31, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456
moz-wptsync-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
May 31, 2025
…ormed by the default policy. This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1968383 gecko-commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4 gecko-reviewers: smaug
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
May 31, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Jun 1, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 UltraBlame original commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Jun 1, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 UltraBlame original commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Jun 1, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 UltraBlame original commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4
moz-wptsync-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 2, 2025
…ormed by the default policy. This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1968383 gecko-commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4 gecko-reviewers: smaug
lando-prod-mozilla bot
pushed a commit
to mozilla-firefox/firefox
that referenced
this pull request
Jun 27, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020
lando-prod-mozilla bot
pushed a commit
to mozilla-firefox/firefox
that referenced
this pull request
Jun 27, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Jun 27, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Jun 28, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Jul 1, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020 UltraBlame original commit: 8f6d960e567bd265b1d2478c7ad6868b6872cd22
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Jul 1, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020 UltraBlame original commit: bb51e4ab08008c6f6920e651994b59de56d19383
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Jul 1, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020 UltraBlame original commit: 8f6d960e567bd265b1d2478c7ad6868b6872cd22
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Jul 1, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020 UltraBlame original commit: bb51e4ab08008c6f6920e651994b59de56d19383
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Jul 1, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020 UltraBlame original commit: 8f6d960e567bd265b1d2478c7ad6868b6872cd22
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Jul 1, 2025
…maug,credential-management-reviewers,dimi This flag can be modified when notifying for character data change, content appending, content insertion and content removal by specifying a MutationEffectOnScript flag. By default callers other than the HTML5 parsers always specify "drop trustworthiness" but mIsTrusted flag is not used anyway, so there is no behavior change. Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D252020 UltraBlame original commit: bb51e4ab08008c6f6920e651994b59de56d19383
lando-prod-mozilla bot
pushed a commit
to mozilla-firefox/firefox
that referenced
this pull request
Sep 2, 2025
…ements. r=smaug Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251855
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Sep 8, 2025
…ements. r=smaug Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251855 UltraBlame original commit: bec0b586fa9e173e14dbf710ba6c232df7067451
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Sep 8, 2025
…ements. r=smaug Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251855 UltraBlame original commit: bec0b586fa9e173e14dbf710ba6c232df7067451
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Sep 8, 2025
…ements. r=smaug Spec: https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts PR: w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251855 UltraBlame original commit: bec0b586fa9e173e14dbf710ba6c232df7067451
fred-wang
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Dec 6, 2025
… before require-trusted-types-for 'script' is set. Current spec [1] essentially caches the "script text" associated to a script element: it is initially empty and updated by various APIs calls. The "prepare the script element" algorithm is modified [2], so that "child text content" would go through the default policy if it does not match the cached "script text" [3]. Script enforcement could be alternatively be implemented by flags [4]. In that case, it might be tempting not to update the flags when the API calls modifying a script are performed before Trusted Types are actually enforced, with the rationale that these API calls are not considered untrusted at that time. For a cache-based implementations, this would be equivalent to not caching the "script text" until the first time it is set in a context when Trusted Types is enforced. However, WebKit and Chromium follow the spec and really try and run the default policy on the script text, even if the script text was modified before TrustedTypes enforcement got enabled. This PR adds a test to verify this behavior for HTML and SVG scripts. [1] https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts [2] https://w3c.github.io/trusted-types/dist/spec/#slot-value-verification [3] https://w3c.github.io/trusted-types/dist/spec/#prepare-the-script-text [4] w3c/trusted-types#579
fred-wang
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Dec 8, 2025
… before require-trusted-types-for 'script' is set. Current spec [1] essentially caches the "script text" associated to a script element: it is initially empty and updated by various APIs calls. The "prepare the script element" algorithm is modified [2], so that "child text content" would go through the default policy if it does not match the cached "script text" [3]. Script enforcement could be alternatively be implemented by flags [4]. In that case, it might be tempting not to update the flags when the API calls modifying a script are performed before Trusted Types are actually enforced, with the rationale that these API calls are not considered untrusted at that time. For a cache-based implementations, this would be equivalent to not caching the "script text" until the first time it is set in a context when Trusted Types is enforced. However, WebKit and Chromium follow the spec and really try and run the default policy on the script text, even if the script text was modified before TrustedTypes enforcement got enabled. This PR adds tests to verify this behavior for HTML and SVG scripts. For completeness, this also verifies that if we remove the require-trusted-types-for meta tag before the test is executed, then TrustedTypes enforcement remains enabled per [5]. [1] https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts [2] https://w3c.github.io/trusted-types/dist/spec/#slot-value-verification [3] https://w3c.github.io/trusted-types/dist/spec/#prepare-the-script-text [4] w3c/trusted-types#579 [5] https://www.w3.org/TR/CSP3/#meta-element
fred-wang
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Dec 8, 2025
… before require-trusted-types-for 'script' is set. Current spec [1] essentially caches the "script text" associated to a script element: it is initially empty and updated by various APIs calls. The "prepare the script element" algorithm is modified [2], so that "child text content" would go through the default policy if it does not match the cached "script text" [3]. Script enforcement could be alternatively be implemented by flags [4]. In that case, it might be tempting not to update the flags when the API calls modifying a script are performed before Trusted Types are actually enforced, with the rationale that these API calls are not considered untrusted at that time. For a cache-based implementations, this would be equivalent to not caching the "script text" until the first time it is set in a context when Trusted Types is enforced. However, WebKit and Chromium follow the spec and really try and run the default policy on the script text, even if the script text was modified before TrustedTypes enforcement got enabled. This PR adds tests to verify this behavior for HTML and SVG scripts. For completeness, this also verifies that if we remove the require-trusted-types-for meta tag before the test is executed, then TrustedTypes enforcement remains enabled per [5]. [1] https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts [2] https://w3c.github.io/trusted-types/dist/spec/#slot-value-verification [3] https://w3c.github.io/trusted-types/dist/spec/#prepare-the-script-text [4] w3c/trusted-types#579 [5] https://www.w3.org/TR/CSP3/#meta-element
fred-wang
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Dec 8, 2025
… before require-trusted-types-for 'script' is set. Current spec [1] essentially caches the "script text" associated to a script element: it is initially empty and updated by various APIs calls. The "prepare the script element" algorithm is modified [2], so that "child text content" would go through the default policy if it does not match the cached "script text" [3]. Script enforcement could be alternatively be implemented by flags [4]. In that case, it might be tempting not to update the flags when the API calls modifying a script are performed before Trusted Types are actually enforced, with the rationale that these API calls are not considered untrusted at that time. For a cache-based implementations, this would be equivalent to not caching the "script text" until the first time it is set in a context when Trusted Types is enforced. However, WebKit and Chromium follow the spec and really try and run the default policy on the script text, even if the script text was modified before TrustedTypes enforcement got enabled. This PR adds tests to verify this behavior for HTML and SVG scripts. For completeness, this also verifies that if we remove the require-trusted-types-for meta tag before the test is executed, then TrustedTypes enforcement remains enabled per [5]. [1] https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts [2] https://w3c.github.io/trusted-types/dist/spec/#slot-value-verification [3] https://w3c.github.io/trusted-types/dist/spec/#prepare-the-script-text [4] w3c/trusted-types#579 [5] https://www.w3.org/TR/CSP3/#meta-element
lando-prod-mozilla bot
pushed a commit
to mozilla-firefox/firefox
that referenced
this pull request
Dec 15, 2025
…f the source text is modified before require-trusted-types-for 'script' is set., a=testonly Automatic update from web-platform-tests Verify script enforcement applies even if the source text is modified before require-trusted-types-for 'script' is set. Current spec [1] essentially caches the "script text" associated to a script element: it is initially empty and updated by various APIs calls. The "prepare the script element" algorithm is modified [2], so that "child text content" would go through the default policy if it does not match the cached "script text" [3]. Script enforcement could be alternatively be implemented by flags [4]. In that case, it might be tempting not to update the flags when the API calls modifying a script are performed before Trusted Types are actually enforced, with the rationale that these API calls are not considered untrusted at that time. For a cache-based implementations, this would be equivalent to not caching the "script text" until the first time it is set in a context when Trusted Types is enforced. However, WebKit and Chromium follow the spec and really try and run the default policy on the script text, even if the script text was modified before TrustedTypes enforcement got enabled. This PR adds tests to verify this behavior for HTML and SVG scripts. For completeness, this also verifies that if we remove the require-trusted-types-for meta tag before the test is executed, then TrustedTypes enforcement remains enabled per [5]. [1] https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts [2] https://w3c.github.io/trusted-types/dist/spec/#slot-value-verification [3] https://w3c.github.io/trusted-types/dist/spec/#prepare-the-script-text [4] w3c/trusted-types#579 [5] https://www.w3.org/TR/CSP3/#meta-element -- wpt-commits: 6981356e8191be363fac96b43cdecc92f145e85e wpt-pr: 56548
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Also add SVGScriptElement to spec
Preview | Diff