Add TT script enforcement tests using HTMLElement.innerText and Node.… #54548
Conversation
|
This aligns with the spec and WebKit's behavior. These tests are failing in Chromium because it always treat this the same as setting via |
|
Btw is lookupsetter the only way to do this? Given it's deprecated should we use something like https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/getOwnPropertyDescriptor instead. So modern engines can pass these tests without needed unrelated legacy stuff? |
ace6c4d to
fb2e546
Compare
Right, I guess I can replace with |
|
I'm just a little conscious of the fact both ladybird and servo are mid TT implementation so it would be nice to avoid obsolete stuff where possible. But perhaps that ship has sailed. |
…textContent Setters for `HTMLElement.innerText` and `Node.textContent` can be retrieve via `Object.getOwnPropertyDescriptor()`. New tests are added to make sure they allow to set the script source of a `<script>` element (without requiring to pass a `TrustedScript`) but that execution of such a script with modified source is blocked.
fb2e546 to
5f3fdaf
Compare
Yeah that makes sense. I've rewritten the test with |
Uh oh! Looks like an error!Client ID static/taskcluster/github does not have sufficient scopes and is missing the following scopes: This request requires the client to satisfy the following scope expression:
|
Uh oh! Looks like an error!Client ID static/taskcluster/github does not have sufficient scopes and is missing the following scopes: This request requires the client to satisfy the following scope expression:
|
…textContent
Setters for
HTMLElement.innerTextandNode.textContentcan be retrieve viaHTMLElement.prototype.__lookupSetter__('innerText')andNode.prototype.__lookupSetter__('textContent')respectively. New tests are added to make sure they allow to set the script source of a<script>element (without requiring to pass aTrustedScript) but that execution of such a script with modified source is blocked.