Trusted types attributes #1268
Open
Trusted types attributes #1268
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This is a clone of #1247 where I will finish any outstanding work to get this across the line |
lukewarlow
force-pushed
the
trusted-types-attributes
branch
2 times, most recently
from
3562fcb to
ac5b4aa
Compare
5 tasks
lukewarlow
force-pushed
the
trusted-types-attributes
branch
from
524d8cd to
f8877b6
Compare
|
See also #1258 which is another integration point with the DOM spec that we need for TT. |
lukewarlow
force-pushed
the
trusted-types-attributes
branch
from
f8877b6 to
ee9915e
Compare
otherdaniel
reviewed
Apr 15, 2024
otherdaniel
reviewed
Apr 15, 2024
dom.bs
Outdated
| <li><p><a>Validate and set attribute value</a> <var>attr</var>'s <a for="Attr">value</a> for | ||
| <var>attr</var> with <var>element</var>. | ||
|
|
||
| <li><p>If <var>element</var> <a lt="has an attribute">has</a> an <a>attribute</a> |
There was a problem hiding this comment.
I still find it difficult to wrap my head around this logic. I think conceptually, we want to have the old value -- from before the call, and thus before a default policy might have mucked with it. That's what should go into the change attribute logic. But once we have that, I'm not sure why we'd need to throw an exception here. I'm not sure why we'd have to care whether the default policy does anything funny with the attribute in the mean time.
There was a problem hiding this comment.
I've read through this spec path and I believe that, if the default policy removes the existing attribute node, then this will call replace an attribute, which in turn calls replace a list item, which results in a no-op because the old value no longer exists to be replaced.
So I think in this situation you're probably right the spec doesn't need to do anything, will make that change.
There was a problem hiding this comment.
Having said that I'm slightly uneasy about stuff like attribute change steps still firing and how that all works spec wise.
Both Chromium and WebKit don't actually follow the spec 100% here and so I think would actually result in a different behaviour to this spec (the index lookup happens after the TT call) so that's also not ideal.
|
I think I've addressed all the comments from #1247. I do want to point out Chrome and WebKit don't (or at least not in a way obvious to me) 100% follow the flow of the spec and as a result this may result in differences specifically in weird cases with attribute mutation. So that bit especially it would be good to get feedback on. It's also worth being aware that like Chromium's implementation this spec means that certain ways to update a nodes value don't work with a trusted type object as a user might expect. (e.g. |
lukewarlow
force-pushed
the
trusted-types-attributes
branch
from
ba80870 to
36476b5
Compare
annevk
reviewed
Apr 22, 2024
lukewarlow
force-pushed
the
trusted-types-attributes
branch
from
370f5c9 to
4421d50
Compare
Apologies I thought I'd reverted all of these changes but I missed a few, it's because I changed stuff and then changed it back and this led to some wonky diffs. Have hopefully reverted all of these unnecessary changes |
lukewarlow
force-pushed
the
trusted-types-attributes
branch
2 times, most recently
from
1d42460 to
1eeaf00
Compare
annevk
reviewed
Apr 22, 2024
dom.bs
Outdated
| <li><p>If <var>attribute</var>'s <a for=Attr>element</a> <a lt="has an attribute">has</a> | ||
| an <a>attribute</a> <var>attribute</var>, then <a>handle attribute changes</a> for | ||
| <var>attribute</var> with <var>attribute</var>'s <a for=Attr>element</a>, <var>oldValue</var>, and | ||
| <var>value</var>. |
There was a problem hiding this comment.
Should this be value or attribute's value? They can be different, right?
|
@otherdaniel, @annevk , and @smaug---- regarding the case where the default policy changes assumptions about the existence of an attribute mid-way through what would you prefer the spec say to do? Currently I've specced to throw, but Chromium currently re-looks up the index (spec doesn't explicitly work on an index basis but Chromium and WebKit do) |
|
Attributes are stored in a list and those do have indices per Infra. What am I missing? |
|
Sorry I mean algorithmically the spec and implementations don't follow the same flow. So it's trickier to reason between the spec and implementation. This might just be my lack of familiarity with these APIs too. |
|
The path of least resistance is prolly matching Chromium. Introducing new paths that throw is always risky. If you are looking for guidance as to how, I'd need quite a bit more context to provide helpful suggestions. |
lukewarlow
force-pushed
the
trusted-types-attributes
branch
2 times, most recently
from
4089eaf to
02db8c7
Compare
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Dec 1, 2024
…ibuteNS. r=smaug See whatwg/dom#1268 https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute Differential Revision: https://phabricator.services.mozilla.com/D227943 UltraBlame original commit: db598441827d9d6b96eaf6105be7e9a3329bc722
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Dec 1, 2024
…ibuteNS. r=smaug See whatwg/dom#1268 https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute Differential Revision: https://phabricator.services.mozilla.com/D227943 UltraBlame original commit: eb723beab1df058d28341911456022a9f41c9bab
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Dec 1, 2024
…ibuteNS. r=smaug See whatwg/dom#1268 https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute Differential Revision: https://phabricator.services.mozilla.com/D227943 UltraBlame original commit: db598441827d9d6b96eaf6105be7e9a3329bc722
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Dec 1, 2024
…ibuteNS. r=smaug See whatwg/dom#1268 https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute Differential Revision: https://phabricator.services.mozilla.com/D227943 UltraBlame original commit: eb723beab1df058d28341911456022a9f41c9bab
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Dec 1, 2024
…ibuteNS. r=smaug See whatwg/dom#1268 https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute Differential Revision: https://phabricator.services.mozilla.com/D227943 UltraBlame original commit: db598441827d9d6b96eaf6105be7e9a3329bc722
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Dec 1, 2024
…ibuteNS. r=smaug See whatwg/dom#1268 https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute Differential Revision: https://phabricator.services.mozilla.com/D227943 UltraBlame original commit: eb723beab1df058d28341911456022a9f41c9bab
This was referenced Jan 3, 2025
fred-wang
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 13, 2025
This test is intended to cover setting href [1] [2] but it also currently verifies some (currently not specified) unrelated behavior when setting the text of the script via innerHTML. A similar test exist in block-text-node-insertion-into-svg-script-element.html, but for a disconnected script. This PR just move the unrelated test to trusted-types-svg-script.html instead. [1] w3c/svgwg#934 [2] whatwg/dom#1268
fred-wang
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 13, 2025
…butes This is a tentative test for [1] covering bullet 3 from [2]. There is a separate PR to cover the bullet 2 [3]. Most of these are probably already covered by other tests but assertions are scattered into multiple files as a side check in the default policy callback, so they are hard to understand and to guarantee they actually run (some mistakes were previously found about this in the past). Additionnaly, this new test cover both setAttribute and setAttributeNS and ensure the correct callback is called exactly once with proper attributes (e.g. to verify a call to setAttribute does not trigger the callback with the parameters of a reflected IDL attribute). [1] whatwg/dom#1268 [2] https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute [3] #50025
fred-wang
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 13, 2025
…butes This is a tentative test for [1] covering bullet 3 from [2]. There is a separate PR to cover the bullet 2 [3]. Most of these are probably already covered by other tests but assertions are scattered into multiple files as a side check in the default policy callback, so they are hard to understand and to guarantee they actually run (some mistakes were previously found about this in the past). Additionnaly, this new test cover both setAttribute and setAttributeNS and ensure the correct callback is called exactly once with proper attributes (e.g. to verify a call to setAttribute does not trigger the callback with the parameters of a reflected IDL attribute). [1] whatwg/dom#1268 [2] https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute [3] #50025
fred-wang
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 13, 2025
…butes (#50046) This is a tentative test for [1] covering bullet 3 from [2]. There is a separate PR to cover the bullet 2 [3]. Most of these are probably already covered by other tests but assertions are scattered into multiple files as a side check in the default policy callback, so they are hard to understand and to guarantee they actually run (some mistakes were previously found about this in the past). Additionally, this new test cover both setAttribute and setAttributeNS and ensure the correct callback is called exactly once with proper attributes (e.g. to verify a call to setAttribute does not trigger the callback with the parameters of a reflected IDL attribute). [1] whatwg/dom#1268 [2] https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute [3] #50025
fred-wang
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 13, 2025
…50043) * Remove unrelated checks from trusted-types-svg-script-set-href.html This test is intended to cover setting href [1] [2] but it also currently verifies some (currently not specified) unrelated behavior when setting the text of the script via innerHTML. A similar test exist in block-text-node-insertion-into-svg-script-element.html, but for a disconnected script. This PR just move the unrelated test to trusted-types-svg-script.html instead. [1] w3c/svgwg#934 [2] whatwg/dom#1268
sadym-chromium
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 14, 2025
…butes (#50046) This is a tentative test for [1] covering bullet 3 from [2]. There is a separate PR to cover the bullet 2 [3]. Most of these are probably already covered by other tests but assertions are scattered into multiple files as a side check in the default policy callback, so they are hard to understand and to guarantee they actually run (some mistakes were previously found about this in the past). Additionally, this new test cover both setAttribute and setAttributeNS and ensure the correct callback is called exactly once with proper attributes (e.g. to verify a call to setAttribute does not trigger the callback with the parameters of a reflected IDL attribute). [1] whatwg/dom#1268 [2] https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute [3] #50025
sadym-chromium
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 14, 2025
…50043) * Remove unrelated checks from trusted-types-svg-script-set-href.html This test is intended to cover setting href [1] [2] but it also currently verifies some (currently not specified) unrelated behavior when setting the text of the script via innerHTML. A similar test exist in block-text-node-insertion-into-svg-script-element.html, but for a disconnected script. This PR just move the unrelated test to trusted-types-svg-script.html instead. [1] w3c/svgwg#934 [2] whatwg/dom#1268
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Jan 15, 2025
…S and non-event-handler attri…, a=testonly Automatic update from web-platform-tests Add tests for setAttribute/setAttributeNS and non-event-handler attributes (#50046) This is a tentative test for [1] covering bullet 3 from [2]. There is a separate PR to cover the bullet 2 [3]. Most of these are probably already covered by other tests but assertions are scattered into multiple files as a side check in the default policy callback, so they are hard to understand and to guarantee they actually run (some mistakes were previously found about this in the past). Additionally, this new test cover both setAttribute and setAttributeNS and ensure the correct callback is called exactly once with proper attributes (e.g. to verify a call to setAttribute does not trigger the callback with the parameters of a reflected IDL attribute). [1] whatwg/dom#1268 [2] https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute [3] web-platform-tests/wpt#50025 -- wpt-commits: 35de05425036bf714b270c76dd00892900002963 wpt-pr: 50046
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Jan 15, 2025
…es-svg-script-set-href.html, a=testonly Automatic update from web-platform-tests Remove unrelated checks from trusted-types-svg-script-set-href.html (#50043) * Remove unrelated checks from trusted-types-svg-script-set-href.html This test is intended to cover setting href [1] [2] but it also currently verifies some (currently not specified) unrelated behavior when setting the text of the script via innerHTML. A similar test exist in block-text-node-insertion-into-svg-script-element.html, but for a disconnected script. This PR just move the unrelated test to trusted-types-svg-script.html instead. [1] w3c/svgwg#934 [2] whatwg/dom#1268 -- wpt-commits: 696792b6aa714c2d7c54b986814bbdbbdecf1dd8 wpt-pr: 50043
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Jan 16, 2025
…S and non-event-handler attri…, a=testonly Automatic update from web-platform-tests Add tests for setAttribute/setAttributeNS and non-event-handler attributes (#50046) This is a tentative test for [1] covering bullet 3 from [2]. There is a separate PR to cover the bullet 2 [3]. Most of these are probably already covered by other tests but assertions are scattered into multiple files as a side check in the default policy callback, so they are hard to understand and to guarantee they actually run (some mistakes were previously found about this in the past). Additionally, this new test cover both setAttribute and setAttributeNS and ensure the correct callback is called exactly once with proper attributes (e.g. to verify a call to setAttribute does not trigger the callback with the parameters of a reflected IDL attribute). [1] whatwg/dom#1268 [2] https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute [3] web-platform-tests/wpt#50025 -- wpt-commits: 35de05425036bf714b270c76dd00892900002963 wpt-pr: 50046 UltraBlame original commit: 4846e5ab139c44c223566809053c5948cd2d8d16
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Jan 16, 2025
…es-svg-script-set-href.html, a=testonly Automatic update from web-platform-tests Remove unrelated checks from trusted-types-svg-script-set-href.html (#50043) * Remove unrelated checks from trusted-types-svg-script-set-href.html This test is intended to cover setting href [1] [2] but it also currently verifies some (currently not specified) unrelated behavior when setting the text of the script via innerHTML. A similar test exist in block-text-node-insertion-into-svg-script-element.html, but for a disconnected script. This PR just move the unrelated test to trusted-types-svg-script.html instead. [1] w3c/svgwg#934 [2] whatwg/dom#1268 -- wpt-commits: 696792b6aa714c2d7c54b986814bbdbbdecf1dd8 wpt-pr: 50043 UltraBlame original commit: c08a3d36866a0421ce1e7f511543715b7a9c1b38
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Jan 16, 2025
…S and non-event-handler attri…, a=testonly Automatic update from web-platform-tests Add tests for setAttribute/setAttributeNS and non-event-handler attributes (#50046) This is a tentative test for [1] covering bullet 3 from [2]. There is a separate PR to cover the bullet 2 [3]. Most of these are probably already covered by other tests but assertions are scattered into multiple files as a side check in the default policy callback, so they are hard to understand and to guarantee they actually run (some mistakes were previously found about this in the past). Additionally, this new test cover both setAttribute and setAttributeNS and ensure the correct callback is called exactly once with proper attributes (e.g. to verify a call to setAttribute does not trigger the callback with the parameters of a reflected IDL attribute). [1] whatwg/dom#1268 [2] https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute [3] web-platform-tests/wpt#50025 -- wpt-commits: 35de05425036bf714b270c76dd00892900002963 wpt-pr: 50046 UltraBlame original commit: 4846e5ab139c44c223566809053c5948cd2d8d16
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Jan 16, 2025
…es-svg-script-set-href.html, a=testonly Automatic update from web-platform-tests Remove unrelated checks from trusted-types-svg-script-set-href.html (#50043) * Remove unrelated checks from trusted-types-svg-script-set-href.html This test is intended to cover setting href [1] [2] but it also currently verifies some (currently not specified) unrelated behavior when setting the text of the script via innerHTML. A similar test exist in block-text-node-insertion-into-svg-script-element.html, but for a disconnected script. This PR just move the unrelated test to trusted-types-svg-script.html instead. [1] w3c/svgwg#934 [2] whatwg/dom#1268 -- wpt-commits: 696792b6aa714c2d7c54b986814bbdbbdecf1dd8 wpt-pr: 50043 UltraBlame original commit: c08a3d36866a0421ce1e7f511543715b7a9c1b38
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Jan 16, 2025
…S and non-event-handler attri…, a=testonly Automatic update from web-platform-tests Add tests for setAttribute/setAttributeNS and non-event-handler attributes (#50046) This is a tentative test for [1] covering bullet 3 from [2]. There is a separate PR to cover the bullet 2 [3]. Most of these are probably already covered by other tests but assertions are scattered into multiple files as a side check in the default policy callback, so they are hard to understand and to guarantee they actually run (some mistakes were previously found about this in the past). Additionally, this new test cover both setAttribute and setAttributeNS and ensure the correct callback is called exactly once with proper attributes (e.g. to verify a call to setAttribute does not trigger the callback with the parameters of a reflected IDL attribute). [1] whatwg/dom#1268 [2] https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute [3] web-platform-tests/wpt#50025 -- wpt-commits: 35de05425036bf714b270c76dd00892900002963 wpt-pr: 50046 UltraBlame original commit: 4846e5ab139c44c223566809053c5948cd2d8d16
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Jan 16, 2025
…es-svg-script-set-href.html, a=testonly Automatic update from web-platform-tests Remove unrelated checks from trusted-types-svg-script-set-href.html (#50043) * Remove unrelated checks from trusted-types-svg-script-set-href.html This test is intended to cover setting href [1] [2] but it also currently verifies some (currently not specified) unrelated behavior when setting the text of the script via innerHTML. A similar test exist in block-text-node-insertion-into-svg-script-element.html, but for a disconnected script. This PR just move the unrelated test to trusted-types-svg-script.html instead. [1] w3c/svgwg#934 [2] whatwg/dom#1268 -- wpt-commits: 696792b6aa714c2d7c54b986814bbdbbdecf1dd8 wpt-pr: 50043 UltraBlame original commit: c08a3d36866a0421ce1e7f511543715b7a9c1b38
i3roly
pushed a commit
to i3roly/firefox-dynasty
that referenced
this pull request
Jan 17, 2025
…S and non-event-handler attri…, a=testonly Automatic update from web-platform-tests Add tests for setAttribute/setAttributeNS and non-event-handler attributes (#50046) This is a tentative test for [1] covering bullet 3 from [2]. There is a separate PR to cover the bullet 2 [3]. Most of these are probably already covered by other tests but assertions are scattered into multiple files as a side check in the default policy callback, so they are hard to understand and to guarantee they actually run (some mistakes were previously found about this in the past). Additionally, this new test cover both setAttribute and setAttributeNS and ensure the correct callback is called exactly once with proper attributes (e.g. to verify a call to setAttribute does not trigger the callback with the parameters of a reflected IDL attribute). [1] whatwg/dom#1268 [2] https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute [3] web-platform-tests/wpt#50025 -- wpt-commits: 35de05425036bf714b270c76dd00892900002963 wpt-pr: 50046
i3roly
pushed a commit
to i3roly/firefox-dynasty
that referenced
this pull request
Jan 17, 2025
…es-svg-script-set-href.html, a=testonly Automatic update from web-platform-tests Remove unrelated checks from trusted-types-svg-script-set-href.html (#50043) * Remove unrelated checks from trusted-types-svg-script-set-href.html This test is intended to cover setting href [1] [2] but it also currently verifies some (currently not specified) unrelated behavior when setting the text of the script via innerHTML. A similar test exist in block-text-node-insertion-into-svg-script-element.html, but for a disconnected script. This PR just move the unrelated test to trusted-types-svg-script.html instead. [1] w3c/svgwg#934 [2] whatwg/dom#1268 -- wpt-commits: 696792b6aa714c2d7c54b986814bbdbbdecf1dd8 wpt-pr: 50043
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This calls the get Trusted Types-compliant attribute value algorithm from Trusted Types (w3c/trusted-types#418) from attribute's change, append, and replace.
Changed the signature of setAttribute and setAttributeNS to accept Trusted Types as values. The underlying Attr node's values continue to be DOMString, so moving nodes across elements or adding standalone attributes to elements can cause TT violations. This matches WPT tests and the Chromium's implementation.
See and #789. Supercedes #809 and #1247
(See WHATWG Working Mode: Changes for more details.)
Preview | Diff