Bug 1679091 [wpt PR 26631] - Remove setInnerHTML completely, a=testonly

Automatic update from web-platform-tests Remove setInnerHTML completely The conversation [1] about the recent changes to setInnerHTML have led to the conclusion [2] that perhaps we shouldn't add a new XSS sink method at all. That would "fix" the declarative Shadow DOM problem, but would create a new sink that all security libraries would need to know about and handle. Seems like not a good trade. In the meantime, a polyfill can stand in for setInnerHTML: Element.prototype.setInnerHTML = function(content) { const fragment = (new DOMParser()).parseFromString(`<pre>${content}</pre>`, 'text/html', {includeShadowRoots: true}); this.replaceChildren(...fragment.body.firstChild.childNodes); }; [1] whatwg/dom#912 [2] whatwg/dom#912 (comment) Bug: 1042130 Change-Id: Ibaf15a3edf86be9a720225dea2ba2741f2882b8c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2555589 Auto-Submit: Mason Freed <masonfreedchromium.org> Commit-Queue: Kouhei Ueno <kouheichromium.org> Reviewed-by: Kouhei Ueno <kouheichromium.org> Cr-Commit-Position: refs/heads/master{#830501} -- wpt-commits: 60d87a5d19f5cf033f96b26f9597b32ad2732792 wpt-pr: 26631 UltraBlame original commit: 1046b32a6c9d31383f782745ed88a9d1fd4bc71e
marco-c · Dec 3, 2020 · 09433ce · 09433ce
1 parent 38137fb
commit 09433ce
Show file tree

Hide file tree

Showing 5 changed files with 196 additions and 908 deletions.
diff --git a/...eb-platform/tests/shadow-dom/declarative/declarative-shadow-dom-attachment.tentative.html b/...eb-platform/tests/shadow-dom/declarative/declarative-shadow-dom-attachment.tentative.html
@@ -125,6 +125,22 @@
 >
 <
 script
+src
+=
+"
+support
+/
+helpers
+.
+js
+"
+>
+<
+/
+script
+>
+<
+script
 >
 const
 shadowContent
@@ -256,16 +272,10 @@
 '
 )
 ;
-wrapper
-.
 setInnerHTML
 (
+wrapper
 declarativeString
-{
-includeShadowRoots
-:
-true
-}
 )
 ;
 const

diff --git a/...ing/web-platform/tests/shadow-dom/declarative/declarative-shadow-dom-basic.tentative.html b/...ing/web-platform/tests/shadow-dom/declarative/declarative-shadow-dom-basic.tentative.html
@@ -109,6 +109,22 @@
 script
 >
 <
+script
+src
+=
+"
+support
+/
+helpers
+.
+js
+"
+>
+<
+/
+script
+>
+<
 div
 id
 =
@@ -374,10 +390,9 @@
 '
 )
 ;
-div
-.
 setInnerHTML
 (
+div
 <
 div
 id
@@ -436,11 +451,6 @@
 /
 div
 >
-{
-includeShadowRoots
-:
-true
-}
 )
 ;
 const
@@ -598,10 +608,9 @@
 '
 )
 ;
-div
-.
 setInnerHTML
 (
+div
 <
 div
 id
@@ -626,11 +635,6 @@
 /
 div
 >
-{
-includeShadowRoots
-:
-true
-}
 )
 ;
 const
@@ -748,10 +752,9 @@
 '
 )
 ;
-div
-.
 setInnerHTML
 (
+div
 <
 div
 id
@@ -776,11 +779,6 @@
 /
 div
 >
-{
-includeShadowRoots
-:
-true
-}
 )
 ;
 const
@@ -863,10 +861,9 @@
 '
 )
 ;
-div
-.
 setInnerHTML
 (
+div
 <
 div
 id
@@ -904,11 +901,6 @@
 /
 div
 >
-{
-includeShadowRoots
-:
-true
-}
 )
 ;
 const
@@ -1041,10 +1033,9 @@
 '
 )
 ;
-div
-.
 setInnerHTML
 (
+div
 <
 div
 id
@@ -1070,11 +1061,6 @@
 /
 div
 >
-{
-includeShadowRoots
-:
-true
-}
 )
 ;
 var
@@ -1120,10 +1106,9 @@
 "
 )
 ;
-div
-.
 setInnerHTML
 (
+div
 <
 div
 id
@@ -1148,11 +1133,6 @@
 /
 div
 >
-{
-includeShadowRoots
-:
-true
-}
 )
 ;
 host
@@ -1213,140 +1193,6 @@
 '
 )
 ;
-test
-(
-(
-)
-=
->
-{
-const
-host
-=
-document
-.
-createElement
-(
-'
-div
-'
-)
-;
-/
-/
-Root
-element
-of
-setInnerHTML
-is
-a
-<
-template
-shadowroot
->
-:
-host
-.
-setInnerHTML
-(
-'
-<
-template
-shadowroot
-=
-open
->
-<
-/
-template
->
-'
-{
-allowShadowRoot
-:
-true
-}
-)
-;
-assert_equals
-(
-host
-.
-shadowRoot
-null
-"
-Shadow
-root
-should
-not
-be
-present
-"
-)
-;
-const
-tmpl
-=
-host
-.
-querySelector
-(
-'
-template
-'
-)
-;
-assert_true
-(
-!
-!
-tmpl
-"
-Template
-should
-still
-be
-present
-"
-)
-;
-assert_equals
-(
-tmpl
-.
-getAttribute
-(
-'
-shadowroot
-'
-)
-"
-open
-"
-"
-'
-shadowroot
-'
-attribute
-should
-still
-be
-present
-"
-)
-;
-}
-'
-Declarative
-Shadow
-DOM
-:
-setInnerHTML
-root
-element
-'
-)
-;
 <
 /
 script