Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempt to fix escaping in CSP tests #25275

Merged
merged 1 commit into from Sep 16, 2020
Merged

Attempt to fix escaping in CSP tests #25275

merged 1 commit into from Sep 16, 2020

Conversation

Hexcles
Copy link
Member

@Hexcles Hexcles commented Aug 28, 2020

{{GET}} is automatically HTML-escaped (not URL-encoded) when used in
.sub.html. There is some insufficient workaround in this test suite
for things like < >. This PR attempts to properly decode HTML entities.

Note: this is most likely not complete (only covers the case in #25141 ).
There are so many uses of {{GET}} in .sub.html in this suite that might
need similar treatment, so we might want to do this in e.g.
originFrameShouldBe instead.

@Hexcles
[WIP] Attempt to fix escaping in CSP tests
ebbe4b9 
{{GET}} is automatically HTML-escaped (*not* URL-encoded) when used in
`.sub.html`. There is some insufficient workaround in this test suite
for things like < >. This PR attempts to properly decode HTML entities.
@Hexcles Hexcles requested a review from andypaicu August 28, 2020 15:14
@Hexcles Hexcles mentioned this pull request Aug 28, 2020
Closed
@Hexcles
Copy link
Member Author

Hexcles commented Aug 28, 2020

Reviewers, could you please suggest a better place (e.g. a single entry point) to make this change as you're more familiar with the tests? I made this PoC without fully understanding the structure of this test suite.

@Hexcles
Copy link
Member Author

Hexcles commented Aug 28, 2020

cc @ziransun too

@Hexcles Hexcles closed this Aug 28, 2020
@Hexcles Hexcles reopened this Aug 28, 2020
@Hexcles
Copy link
Member Author

Hexcles commented Sep 14, 2020

ping @hillbrad @andypaicu

hillbrad
hillbrad approved these changes Sep 14, 2020
View reviewed changes
Copy link
Contributor

@hillbrad hillbrad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@Hexcles
Copy link
Member Author

Hexcles commented Sep 16, 2020

I did a cursory scan of frame-ancestors/support/frame-ancestors-test.sub.js and uses of its API in this suite without finding other obvious issues, so I'm merging this PR as is.

@Hexcles Hexcles merged commit 70f1fc9 into master Sep 16, 2020
@Hexcles Hexcles deleted the fix-csp branch September 16, 2020 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hillbrad hillbrad hillbrad approved these changes

@andypaicu andypaicu Awaiting requested review from andypaicu

Assignees

@hillbrad hillbrad

Labels
content-security-policy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Hexcles @hillbrad @wpt-pr-bot @moz-wptsync-bot