Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Sanitizer] Add tests for safe + unsafe cases. #49761

Merged
merged 1 commit into from
Dec 24, 2024
Merged

[Sanitizer] Add tests for safe + unsafe cases. #49761

merged 1 commit into from
Dec 24, 2024

Conversation

chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Dec 18, 2024
edited
Loading

This tests for differences between setHTML and setHTMLUnsafe.

Since the html5lib testcase format only supports one result per testcase, we use two testcase files with identical inputs,
one each with the expectations for safe and unsafe variants.

Also, a drive-by fix for an issue uncovered by the tests: The
spec demands we block insertion in a <script> element (in safe cases).

Bug: 356601280
Change-Id: I1fb19f60fdcd7262292a983b548baebcaf43a440
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6039899
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Yifan Luo <lyf@chromium.org>
Reviewed-by: Joey Arhar <jarhar@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1397856}

@chromium-wpt-export-bot chromium-wpt-export-bot marked this pull request as ready for review December 18, 2024 13:34
@otherdaniel @chromium-wpt-export-bot
[Sanitizer] Add tests for safe + unsafe cases.
9829cbf 
This tests for differences between setHTML and setHTMLUnsafe.

Since the html5lib testcase format only supports one result per testcase, we use two testcase files with identical inputs,
one each with the expectations for safe and unsafe variants.

Also, a drive-by fix for an issue uncovered by the tests: The
spec demands we block insertion in a <script> element (in safe cases).

Bug: 356601280
Change-Id: I1fb19f60fdcd7262292a983b548baebcaf43a440
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6039899
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Yifan Luo <lyf@chromium.org>
Reviewed-by: Joey Arhar <jarhar@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1397856}
wpt-pr-bot
wpt-pr-bot approved these changes Dec 18, 2024
View reviewed changes
Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Chromium project.

@dev-ansung
Copy link
Contributor

WPT Command: python3 ./wpt run --channel=nightly --verify --verify-no-chaos-mode --verify-repeat-loop=0 --verify-repeat-restart=10 --github-checks-text-file=/home/test/artifacts/checkrun.md --affected base_head --log-mach-level=info --log-mach=- -y --no-pause --no-restart-on-unexpected --install-fonts --no-headless --verify-log-full --binary=/home/test/build/firefox/firefox firefox

Some affected tests had inconsistent (flaky) results:

Unstable results

Test Subtest Results Messages
/sanitizer-api/sethtml-safety.tentative.html CRASH: 6/10, OK: 4/10
/sanitizer-api/sethtml-safety.tentative.html wrapper PASS: 4/10, MISSING: 6/10
/sanitizer-api/sethtml-safety.tentative.html Testcase #0, setHTML("test)". FAIL: 4/10, MISSING: 6/10 can't access property "call", context[method] is undefined
/sanitizer-api/sethtml-safety.tentative.html Testcase #1, setHTML("<p>Hello</p>)". FAIL: 4/10, MISSING: 6/10 can't access property "call", context[method] is undefined
/sanitizer-api/sethtml-safety.tentative.html Testcase #2, setHTML("<div>Hello<script>World</script>xxx)". FAIL: 4/10, MISSING: 6/10 can't access property "call", context[method] is undefined
/sanitizer-api/sethtml-safety.tentative.html Testcase #3, setHTML("<div>Hello<script>World</script>xxx)". FAIL: 4/10, MISSING: 6/10 can't access property "call", context[method] is undefined
/sanitizer-api/sethtml-safety.tentative.html Testcase #4, setHTML("<svg>Hello<script>World</script>xxx)". FAIL: 4/10, MISSING: 6/10 can't access property "call", context[method] is undefined
/sanitizer-api/sethtml-safety.tentative.html Testcase #5, setHTML("<img src="https://bla.com/blubb" onclick="2+2" one="two">)". FAIL: 4/10, MISSING: 6/10 can't access property "call", context[method] is undefined
/sanitizer-api/sethtml-safety.tentative.html Testcase #6, setHTML("<img src="https://bla.com/blubb" onclick="2+2" one="two">)". FAIL: 4/10, MISSING: 6/10 can't access property "call", context[method] is undefined
/sanitizer-api/sethtml-safety.tentative.html Testcase #0, setHTMLUnsafe("test)". PASS: 4/10, MISSING: 6/10
/sanitizer-api/sethtml-safety.tentative.html Testcase #1, setHTMLUnsafe("<p>Hello</p>)". PASS: 4/10, MISSING: 6/10
/sanitizer-api/sethtml-safety.tentative.html Testcase #2, setHTMLUnsafe("<div>Hello<script>World</script>xxx)". PASS: 4/10, MISSING: 6/10
/sanitizer-api/sethtml-safety.tentative.html Testcase #3, setHTMLUnsafe("<div>Hello<script>World</script>xxx)". PASS: 4/10, MISSING: 6/10
/sanitizer-api/sethtml-safety.tentative.html Testcase #4, setHTMLUnsafe("<svg>Hello<script>World</script>xxx)". PASS: 4/10, MISSING: 6/10
/sanitizer-api/sethtml-safety.tentative.html Testcase #5, setHTMLUnsafe("<img src="https://bla.com/blubb" onclick="2+2" one="two">)". PASS: 4/10, MISSING: 6/10
/sanitizer-api/sethtml-safety.tentative.html Testcase #6, setHTMLUnsafe("<img src="https://bla.com/blubb" onclick="2+2" one="two">)". PASS: 4/10, MISSING: 6/10

These may be pre-existing or new flakes. Please try to reproduce (see the above WPT command, though some flags may not be needed when running locally) and determine if your change introduced the flake. If you are unable to reproduce the problem, please tag @web-platform-tests/wpt-core-team in a comment for help.

@dev-ansung
Copy link
Contributor

created crbug.com/385785711
@KyleJu @DanielRyanSmith can you help admin merge? Thanks!

@DanielRyanSmith DanielRyanSmith merged commit 9da4afa into master Dec 24, 2024
19 of 21 checks passed
@DanielRyanSmith DanielRyanSmith deleted the chromium-export-cl-6039899 branch December 24, 2024 00:23
sadym-chromium pushed a commit that referenced this pull request Jan 14, 2025
@chromium-wpt-export-bot @otherdaniel @sadym-chromium
[Sanitizer] Add tests for safe + unsafe cases. (#49761)
3ad92a3 
This tests for differences between setHTML and setHTMLUnsafe.

Since the html5lib testcase format only supports one result per testcase, we use two testcase files with identical inputs,
one each with the expectations for safe and unsafe variants.

Also, a drive-by fix for an issue uncovered by the tests: The
spec demands we block insertion in a <script> element (in safe cases).

Bug: 356601280
Change-Id: I1fb19f60fdcd7262292a983b548baebcaf43a440
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6039899
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Yifan Luo <lyf@chromium.org>
Reviewed-by: Joey Arhar <jarhar@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1397856}

Co-authored-by: Daniel Vogelheim <vogelheim@chromium.org>
@mbrodesser-Igalia mbrodesser-Igalia mentioned this pull request Jan 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wpt-pr-bot wpt-pr-bot wpt-pr-bot approved these changes

Assignees
No one assigned
Labels
chromium-export sanitizer-api wg-cg_wicg
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@chromium-wpt-export-bot @dev-ansung @wpt-pr-bot @DanielRyanSmith @otherdaniel