summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fledge/tentative/TODO
blob: d50e49261164795e9f49e50100de04178bc5ff7f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

Need tests for (likely not a complete list):

* directFromSellerSignals.
* All generateBid() and scoreAd() input parameters.
* All interest group fields (passed to auction, have effect on auction).
    Validation when joining/leaving interest group is already covered.
* Filtering/prioritization (including bidding signals influencing priorities)
* Size restrictions.
* Updates (both after auction and triggered).
* All auctionConfig parameters (including invalid auctionConfigs, and ones
    with no buyers).
* Interest group expiration.
* Multiple buyers.
* Multiple interest group with same owner.
* Multiple origin auctions (buyer != publisher != seller).
* Multiple frame tests (including join IG policy, run auction policy,
    loading URNs in fencedframes in other frames, loading component
    ad URNs in fenced frames of other frames, etc)
* adAuctionConfig passed to reportResult().
* trusted scoring signals.
* Component ads.
* Component auctions.
* browserSignals fields in scoring/bidding methods.
* In reporting methods, browserSignals fields: dataVersion, topLevelSeller,
    componentSeller, modifiedBid, adCost, madeHighestScoringOtherBid
    (with interest group from another origin).
* Loading ads in iframes.
* In fencedframes window.fence.setReportEventDataForAutomaticBeacons()
* Calling leaveAdInterestGroup() in the frame of a winning ad (and one
    of its component ads)
* Network timeouts.
* Validate specific escaping behavior logic (still under discussion). There
    are a number of different rules for which characters are escaped, and
    whether spacess are escaped as "%20" or "+".
* Reports not sent if ad not used.
* Ties.
* Interactions with local network access API, which requires public
    networks to send CORS preflights for requests made over local networks.
    Needs testing with public publisher pages running auctions with
    sellers / buyers / update URLs on local networks.

If possible:
* Aggregate reporting.
* Join/leave permission delegation via .well-known files.
* k-anonymity.
* Signals request batching. This is an optional feature, so can't require it,
    but maybe a test where batching could be used, and make sure things work,
    whether batching is used or not?
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 20:20:58 +0000