Skip to content

[Gecko Bug 1935434] Implement forgiving parsing for trusted-types CSP directive. #51691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 31, 2025
Merged

[Gecko Bug 1935434] Implement forgiving parsing for trusted-types CSP directive. #51691

merged 1 commit into from
Mar 31, 2025

Conversation

moz-wptsync-bot
Copy link
Collaborator

Currently, we just discard the whole directive if an invalid token is
found. With this patch, we instead ignore such a token. Also improves
tests in should-trusted-type-policy-creation-be-blocked-by-csp-002.html
so that we really check that the original trusted-types directive is
preserved after serialization.

See w3c/webappsec-csp#363 (comment)

Differential Revision: https://phabricator.services.mozilla.com/D243358

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1935434
gecko-commit: 3a01a7335e0b5b05b49cbda19324a9b8a06ab315
gecko-reviewers: smaug

wpt-pr-bot
wpt-pr-bot approved these changes Mar 28, 2025
View reviewed changes
Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Firefox project.

@fred-wang @moz-wptsync-bot
Implement forgiving parsing for trusted-types CSP directive.
16202f3 
Currently, we just discard the whole directive if an invalid token is
found. With this patch, we instead ignore such a token. Also improves
tests in should-trusted-type-policy-creation-be-blocked-by-csp-002.html
so that we really check that the original trusted-types directive is
preserved after serialization.

See w3c/webappsec-csp#363 (comment)

Differential Revision: https://phabricator.services.mozilla.com/D243358

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1935434
gecko-commit: f27925f3d6f792efb037cdb55bb98b972c11c1c6
gecko-reviewers: smaug
@moz-wptsync-bot moz-wptsync-bot merged commit 1c543cd into master Mar 31, 2025
19 checks passed
@moz-wptsync-bot moz-wptsync-bot deleted the gecko/1935434 branch March 31, 2025 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wpt-pr-bot wpt-pr-bot wpt-pr-bot approved these changes

Assignees

No one assigned

Labels

mozilla:gecko-sync trusted-types wg-s_webappsec

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@moz-wptsync-bot @wpt-pr-bot @fred-wang