[pull] master from web-platform-tests:master #1757
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Differential Revision: https://phabricator.services.mozilla.com/D275360 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=2004005 gecko-commit: fd9997141938dcd70dacea83092ec425a1560fc6 gecko-reviewers: smaug
…ange This is gated by kMediaStreamTrackEmptyVideoFrameMonitor for more deterministic behavior and kWebRtcUnmuteTracksWhenPacketArrives2 which is the new killswitch. Bug: chromium:40821064 Change-Id: Ib0b87c8178d485565a9ead7883d673354617f858 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7216294 Commit-Queue: Philipp Hancke <philipp.hancke@googlemail.com> Reviewed-by: Henrik Boström <hbos@chromium.org> Reviewed-by: Guido Urdaneta <guidou@chromium.org> Cr-Commit-Position: refs/heads/main@{#1555346}
Bumps [genshi](https://github.com/edgewall/genshi) from 0.7.7 to 0.7.10. - [Release notes](https://github.com/edgewall/genshi/releases) - [Changelog](https://github.com/edgewall/genshi/blob/master/ChangeLog) - [Commits](edgewall/genshi@0.7.7...0.7.10) --- updated-dependencies: - dependency-name: genshi dependency-version: 0.7.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
… before require-trusted-types-for 'script' is set. Current spec [1] essentially caches the "script text" associated to a script element: it is initially empty and updated by various APIs calls. The "prepare the script element" algorithm is modified [2], so that "child text content" would go through the default policy if it does not match the cached "script text" [3]. Script enforcement could be alternatively be implemented by flags [4]. In that case, it might be tempting not to update the flags when the API calls modifying a script are performed before Trusted Types are actually enforced, with the rationale that these API calls are not considered untrusted at that time. For a cache-based implementations, this would be equivalent to not caching the "script text" until the first time it is set in a context when Trusted Types is enforced. However, WebKit and Chromium follow the spec and really try and run the default policy on the script text, even if the script text was modified before TrustedTypes enforcement got enabled. This PR adds tests to verify this behavior for HTML and SVG scripts. For completeness, this also verifies that if we remove the require-trusted-types-for meta tag before the test is executed, then TrustedTypes enforcement remains enabled per [5]. [1] https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts [2] https://w3c.github.io/trusted-types/dist/spec/#slot-value-verification [3] https://w3c.github.io/trusted-types/dist/spec/#prepare-the-script-text [4] w3c/trusted-types#579 [5] https://www.w3.org/TR/CSP3/#meta-element
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )