Add more dangling markup tests to WPT

As part of formally adding dangling markup injection mitigation to html spec[1], we need to add more tests to WPT. This change moves some of the existing tests to WPT, and add more tests. [1]: whatwg/html#10022 Change-Id: I7b03839adeb749c3206a4fb95a9dfa5785c634c4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5151927 Auto-Submit: Jun Kokatsu <jkokatsu@google.com> Reviewed-by: Yifan Luo <lyf@chromium.org> Commit-Queue: Jonathan Hao <phao@chromium.org> Reviewed-by: Jonathan Hao <phao@chromium.org> Cr-Commit-Position: refs/heads/main@{#1243370}
chromium · Jan 5, 2024 · 0f54fa3 · 0f54fa3
1 parent e9ceefa
commit 0f54fa3
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 11 deletions.
diff --git a/...up-mitigation-data-url.tentative.sub.html → ...up-mitigation-data-url.tentative.sub.html b/...up-mitigation-data-url.tentative.sub.html → ...up-mitigation-data-url.tentative.sub.html
diff --git a/...dangling-markup-mitigation.tentative.html → ...dangling-markup-mitigation.tentative.html b/...dangling-markup-mitigation.tentative.html → ...dangling-markup-mitigation.tentative.html
diff --git a/third_party/blink/web_tests/external/wpt/fetch/security/dangling-markup/media.html b/third_party/blink/web_tests/external/wpt/fetch/security/dangling-markup/media.html
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+  var resources = {"audio": "/media/sound_5.mp3", "video":"/media/test.mp4"};
+
+  for (const key in resources){
+    async_test(t => {
+      let elem = document.body.appendChild(document.createElement(key));
+      elem.onerror = t.unreached_func(`${key} should load`);
+      elem.oncanplay = t.step_func(() => {
+        t.done();
+      });
+      elem.src = resources[key];
+    }, `Should load ${key}`);
+
+    async_test(t => {
+      let elem = document.body.appendChild(document.createElement(key));
+      elem.onerror = t.step_func(() => {
+        t.done();
+      });
+      elem.oncanplay = t.unreached_func(`${key} should not load`);
+      elem.src = resources[key] + "?\n<";
+    }, `Should not load ${key} with dangling markup in URL`);
+  }
+</script>
diff --git a/...ests/security/dangling-markup/option.html → ...etch/security/dangling-markup/option.html b/...ests/security/dangling-markup/option.html → ...etch/security/dangling-markup/option.html
@@ -7,35 +7,35 @@
 
   var tests = [
     `
-      <form action="/security/resources/postmessage-post.php" method="post">
+      <form action="/resource-timing/resources/document-navigated.html" method="post">
         <input type="submit">
         <select name="dangling"><option>
     `,
     `
       <div>
-        <form action="/security/resources/postmessage-post.php" method="post">
+        <form action="/resource-timing/resources/document-navigated.html" method="post">
           <input type="submit">
           <select name="dangling"><option>
     `,
     `
-      <form action="/security/resources/postmessage-post.php" method="post" id="form">
+      <form action="/resource-timing/resources/document-navigated.html" method="post" id="form">
         <input type="submit">
       </form>
       <select name="dangling" form="form"><option>
     `,
     `
-      <form action="/security/resources/postmessage-post.php" method="post">
+      <form action="/resource-timing/resources/document-navigated.html" method="post">
         <input type="submit">
         <select name="dangling"><option label="yay">
     `,
     `
       <div>
-        <form action="/security/resources/postmessage-post.php" method="post">
+        <form action="/resource-timing/resources/document-navigated.html" method="post">
           <input type="submit">
           <select name="dangling"><option label="yay">
     `,
     `
-      <form action="/security/resources/postmessage-post.php" method="post" id="form">
+      <form action="/resource-timing/resources/document-navigated.html" method="post" id="form">
         <input type="submit">
       </form>
       <select name="dangling" form="form"><option label="yay">
@@ -49,4 +49,3 @@
     }, markup.replace(/[\n\r]/g, ''));
   });
 </script>
-
diff --git a/...urity/dangling-markup/resources/helper.js → ...urity/dangling-markup/resources/helper.js b/...urity/dangling-markup/resources/helper.js → ...urity/dangling-markup/resources/helper.js
diff --git a/...ts/security/dangling-markup/textarea.html → ...ch/security/dangling-markup/textarea.html b/...ts/security/dangling-markup/textarea.html → ...ch/security/dangling-markup/textarea.html
@@ -7,18 +7,18 @@
 
   var tests = [
     `
-      <form action="/security/resources/postmessage-post.php" method="post">
+      <form action="/resource-timing/resources/document-navigated.html" method="post">
         <input type="submit">
         <textarea name="dangling">
     `,
     `
       <div>
-        <form action="/security/resources/postmessage-post.php" method="post">
+        <form action="/resource-timing/resources/document-navigated.html" method="post">
           <input type="submit">
           <textarea name="dangling">
     `,
     `
-      <form action="/security/resources/postmessage-post.php" method="post" id="form">
+      <form action="/resource-timing/resources/document-navigated.html" method="post" id="form">
         <input type="submit">
       </form>
       <textarea name="dangling" form="form">
@@ -32,4 +32,3 @@
     }, markup.replace(/[\n\r]/g, ''));
   });
 </script>
-