Bug 1934373 - Add more tests for EnsureCSPDoesNotBlockStringCompilati…

…on. r=smaug Improve test coverage for [1], considering string checks for arguments that implement TrustedScript [2] and the rejection condition on whether "Get Trusted Type compliant string" modified the input [3]. [1] https://w3c.github.io/webappsec-csp/#can-compile-strings [2] web-platform-tests/wpt#49371 [3] web-platform-tests/wpt#49367 Differential Revision: https://phabricator.services.mozilla.com/D230369 UltraBlame original commit: cb03a787fe45e9a7bf5539008edbe0c0b79f1ca2
marco-c · Dec 1, 2024 · 79248ff · 79248ff
1 parent 0934f7f
commit 79248ff
Show file tree

Hide file tree

Showing 4 changed files with 1,204 additions and 10 deletions.
diff --git a/...-types/eval-function-constructor-untrusted-arguments-and-applying-default-policy.html.ini b/...-types/eval-function-constructor-untrusted-arguments-and-applying-default-policy.html.ini
@@ -0,0 +1,189 @@
+[
+eval
+-
+function
+-
+constructor
+-
+untrusted
+-
+arguments
+-
+and
+-
+applying
+-
+default
+-
+policy
+.
+html
+]
+[
+plain
+string
+at
+index
+0
+(
+default
+policy
+modifying
+the
+function
+text
+)
+.
+]
+expected
+:
+FAIL
+[
+plain
+string
+at
+index
+1
+(
+default
+policy
+modifying
+the
+function
+text
+)
+.
+]
+expected
+:
+FAIL
+[
+plain
+string
+at
+index
+2
+(
+default
+policy
+modifying
+the
+function
+text
+)
+.
+]
+expected
+:
+FAIL
+[
+plain
+string
+at
+index
+3
+(
+default
+policy
+modifying
+the
+function
+text
+)
+.
+]
+expected
+:
+FAIL
+[
+TrustedScript
+with
+forged
+toString
+(
+)
+at
+index
+0
+(
+default
+policy
+modifying
+the
+function
+text
+)
+.
+]
+expected
+:
+FAIL
+[
+TrustedScript
+with
+forged
+toString
+(
+)
+at
+index
+1
+(
+default
+policy
+modifying
+the
+function
+text
+)
+.
+]
+expected
+:
+FAIL
+[
+TrustedScript
+with
+forged
+toString
+(
+)
+at
+index
+2
+(
+default
+policy
+modifying
+the
+function
+text
+)
+.
+]
+expected
+:
+FAIL
+[
+TrustedScript
+with
+forged
+toString
+(
+)
+at
+index
+3
+(
+default
+policy
+modifying
+the
+function
+text
+)
+.
+]
+expected
+:
+FAIL
diff --git a/testing/web-platform/meta/trusted-types/eval-function-constructor.html.ini b/testing/web-platform/meta/trusted-types/eval-function-constructor.html.ini
@@ -247,3 +247,91 @@ mask
 expected
 :
 FAIL
+[
+Function
+constructor
+with
+trusted
+strings
+and
+a
+forged
+toString
+(
+)
+for
+the
+one
+at
+index
+0
+]
+expected
+:
+FAIL
+[
+Function
+constructor
+with
+trusted
+strings
+and
+a
+forged
+toString
+(
+)
+for
+the
+one
+at
+index
+1
+]
+expected
+:
+FAIL
+[
+Function
+constructor
+with
+trusted
+strings
+and
+a
+forged
+toString
+(
+)
+for
+the
+one
+at
+index
+2
+]
+expected
+:
+FAIL
+[
+Function
+constructor
+with
+trusted
+strings
+and
+a
+forged
+toString
+(
+)
+for
+the
+one
+at
+index
+3
+]
+expected
+:
+FAIL