Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

10 files changed, 365 insertions, 0 deletions

diff --git a/testing/web-platform/meta/sanitizer-api/__dir__.ini b/testing/web-platform/meta/sanitizer-api/__dir__.ini
new file mode 100644
index 0000000000..fb4d1e09bf
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/__dir__.ini
@@ -0,0 +1 @@
+prefs: [dom.security.sanitizer.enabled:true, dom.security.setHTML.enabled:true]
diff --git a/testing/web-platform/meta/sanitizer-api/element-set-sanitized-html.https.html.ini b/testing/web-platform/meta/sanitizer-api/element-set-sanitized-html.https.html.ini
new file mode 100644
index 0000000000..2f3bcfc1c8
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/element-set-sanitized-html.https.html.ini
@@ -0,0 +1,3 @@
+[element-set-sanitized-html.https.html]
+  [Sanitizer: Element.setHTML with config: attributes: unknown attributes and with unknownMarkup]
+    expected: FAIL
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-config.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-config.https.html.ini
new file mode 100644
index 0000000000..1ebd6b2251
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-config.https.html.ini
@@ -0,0 +1,3 @@
+[sanitizer-config.https.html]
+  expected:
+    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-insecure-context.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-insecure-context.html.ini
new file mode 100644
index 0000000000..fb3a525b1e
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-insecure-context.html.ini
@@ -0,0 +1,4 @@
+[sanitizer-insecure-context.html]
+  expected:
+    if (os == "android") and debug and not fission: [OK, TIMEOUT]
+    if (os == "android") and debug and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-names.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-names.https.html.ini
new file mode 100644
index 0000000000..d8f4a8db48
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-names.https.html.ini
@@ -0,0 +1,38 @@
+[sanitizer-names.https.html]
+  expected:
+    if (os == "android") and fission: [OK, TIMEOUT]
+  [Element names in config item: elements]
+    expected: FAIL
+
+  [Element names in config item: removeElements]
+    expected: FAIL
+
+  [Element names in config item: replaceWithChildrenElements]
+    expected: FAIL
+
+  [Attribute names in config item: attributes]
+    expected: FAIL
+
+  [Attribute names in config item: removeAttributes]
+    expected: FAIL
+
+  [Namespaced attributes #2: attributes: [{"name":"xlink:href"}\]]
+    expected: FAIL
+
+  [Lower-case element names #0: "svg:feblend"]
+    expected: FAIL
+
+  [Mixed case element names #0: "feBlend" is preserved in config.]
+    expected: FAIL
+
+  [Lower-case element names #1: "svg:fecolormatrix"]
+    expected: FAIL
+
+  [Mixed case element names #1: "feColorMatrix" is preserved in config.]
+    expected: FAIL
+
+  [Lower-case element names #2: "svg:textpath"]
+    expected: FAIL
+
+  [Mixed case element names #2: "textPath" is preserved in config.]
+    expected: FAIL
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-query-config.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-query-config.https.html.ini
new file mode 100644
index 0000000000..f0670dff94
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-query-config.https.html.ini
@@ -0,0 +1,11 @@
+[sanitizer-query-config.https.html]
+  expected:
+    if (os == "android") and fission: [OK, TIMEOUT]
+  [SanitizerAPI getDefaultConfiguration()]
+    expected: FAIL
+
+  [SanitizerAPI getConfiguration() on default created Sanitizer]
+    expected: FAIL
+
+  [SanitizerAPI getConfiguration() reflects creation config.]
+    expected: FAIL
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-sanitize.https.tentative.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-sanitize.https.tentative.html.ini
new file mode 100644
index 0000000000..d1cb7c2715
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-sanitize.https.tentative.html.ini
@@ -0,0 +1,15 @@
+[sanitizer-sanitize.https.tentative.html]
+  max-asserts: 120
+  expected:
+    if (os == "android") and fission: [OK, TIMEOUT]
+  [SanitizerAPI with config: plaintext, sanitize from document function for <body>]
+    expected: FAIL
+
+  [SanitizerAPI with config: attributes: unknown attributes and with unknownMarkup, sanitize from document function for <body>]
+    expected: FAIL
+
+  [SanitizerAPI with config: plaintext, sanitize from document fragment function for <template>]
+    expected: FAIL
+
+  [SanitizerAPI with config: attributes: unknown attributes and with unknownMarkup, sanitize from document fragment function for <template>]
+    expected: FAIL
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-sanitizeFor.https.tentative.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-sanitizeFor.https.tentative.html.ini
new file mode 100644
index 0000000000..3cbc574a94
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-sanitizeFor.https.tentative.html.ini
@@ -0,0 +1,284 @@
+[sanitizer-sanitizeFor.https.tentative.html]
+  expected:
+    if (os == "android") and debug: [OK, TIMEOUT]
+  [Sanitizer.sanitizeFor("script", ...) should fail.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor("iframe", ...) should fail.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor("object", ...) should fail.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor("div", ...) should pass.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor function shouldn't load the image.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor(element, ..)]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor("div", "<em>Hello</em>") obeys parse context.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor("div", "<td>data</td>") obeys parse context.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor("template", "<em>Hello</em>") obeys parse context.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor("template", "<td>data</td>") obeys parse context.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor("table", "<em>Hello</em>") obeys parse context.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor("table", "<td>data</td>") obeys parse context.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: string]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: html fragment]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: broken html]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: empty object]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: number]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: zeros]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: arithmetic]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: empty string]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: undefined]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: document]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: html without close tag]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: scripts for default configs]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: script not as root]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: script deeper in the tree]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: onclick scripts]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: plaintext]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: xmp]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: invalid config_input]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: empty removeElements list]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: test html without close tag with removeElements list ['div'\]]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: default behavior for custom elements]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: allow custom elements]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: allow custom elements with allow elements]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: disallow custom elements]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: allow custom elements with drop list contains ["custom-element"\]]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: test script with ["script"\] as removeElements list]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeElements list ["test-element", "i"\]}]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeElements list ["dl", "p"\]}]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements list ["p"\]]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements list has no influence to removeElements]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: empty removeAttributes list with id attribute]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeAttributes list ["id"\] with id attribute]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeAttributes list ["data-attribute-with-dashes"\] with dom dataset js access]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements list with <p> attributes: ["title"\] and div attributes: ["id"\] lists]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements list with <p> removeAttributes: ["title"\]  and div removeAttributes: ["id"\] lists]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: attributes list ["id"\] with id attribute and onclick scripts]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: attributes list has no influence to removeAttributes list]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: Template element]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLAnchorElement with javascript protocal]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLAnchorElement with javascript protocal start with space]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLAnchorElement]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLAreaElement with javascript protocal]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLAreaElement with javascript protocal start with space]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLAreaElement]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLFormElement with javascript action]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLFormElement with javascript action start with space]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLFormElement]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLInputElement with javascript formaction]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLInputElement with javascript formaction start with space]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLInputElement]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLButtonElement with javascript formaction]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLButtonElement with javascript formaction start with space]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTMLButtonElement]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: malformed HTML]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTML with comments; comments not allowed]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTML with comments; comments]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTML with comments; !comments]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTML with comments deeper in the tree]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTML with comments deeper in the tree, comments]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: HTML with comments deeper in the tree, !comments]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: Unknown HTML names (HTMLUnknownElement instances) should not match elements parsed as non-HTML namespaces when nested.]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeElements list ["I", "DL"\]}]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeElements list ["i", "dl"\]}]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeElements list ["i", "dl"\]} with uppercase HTML]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeAttributes list ["ID"\] with id attribute]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeAttributes list ["ID"\] with ID attribute]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeAttributes list ["id"\] with ID attribute]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeElements with unknown elements and without unknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: replaceWithChildrenElements with unknown elements and without unknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements with unknown elements and without unknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeElements with unknown elements and with unknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: replaceWithChildrenElements with unknown elements and with unknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements with unknown elements and with unknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: attributes: unknown attributes and without unknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: attributes: unknown attributes and with unknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeAttributes: unknown attributes and without unknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: removeAttributes unknown attributes and with allowUnknownMarkup]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements list with <div> attributes: ["id"\] and removeAttributes: ["id"\] lists]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements list with <div> attributes: ["id", "title"\] does not override empty attributes: [\] list]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements list with <div> attributes: ["id", "title"\] does not override removeAttributes: ["id", "title"\] list]
+    expected: FAIL
+
+  [Sanitizer.sanitizeFor with config: elements list with <div> removeAttributes: ["id", "title"\] is effective even with attributes: ["id", "title"\] list]
+    expected: FAIL
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-secure-context.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-secure-context.https.html.ini
new file mode 100644
index 0000000000..4f9618f8a7
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-secure-context.https.html.ini
@@ -0,0 +1,3 @@
+[sanitizer-secure-context.https.html]
+  expected:
+    if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/sanitizer-api/sanitizer-unknown.https.html.ini b/testing/web-platform/meta/sanitizer-api/sanitizer-unknown.https.html.ini
new file mode 100644
index 0000000000..ac1e96d16f
--- /dev/null
+++ b/testing/web-platform/meta/sanitizer-api/sanitizer-unknown.https.html.ini
@@ -0,0 +1,3 @@
+[sanitizer-unknown.https.html]
+  [Unknown attribute names pass with unknownMarkup.]
+    expected: FAIL