Bug 274519
| Summary: | Script elements in XHTML documents dont work with trusted types are enforced | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Luke Warlow <lwarlow> |
| Component: | SVG | Assignee: | Luke Warlow <lwarlow> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | lwarlow, rbuis, sabouhallawa, webkit-bug-importer, zimmermann |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 17 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | 246191, 274253 | ||
| Bug Blocks: | 266630 | ||
Luke Warlow
Currently the XMLDocumentParser::updateLeafTextNode() method calls appendData() which means the script elements all think they've been manipulated by JS and so aren't trusted.
This method should ideally use parserAppendData() which will fix script elements. However, this means that mutation events aren't fired which breaks SVGTRefElement's because they rely on mutation events to work.
SVGTRef is deprecated and unsupported by any other engine so is it possible we can remove support for them? (MDN already says they're not supported but that's erroneous based on the failing tests)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Nikolas Zimmermann
We had https://bugs.webkit.org/show_bug.cgi?id=246191 open to remove <tref> support.
Radar WebKit Bug Importer
<rdar://problem/128935225>
Luke Warlow
Pull request: https://github.com/WebKit/WebKit/pull/30389
EWS
Committed 281494@main (0446b6ec9aaa): <https://commits.webkit.org/281494@main>
Reviewed commits have been landed. Closing PR #30389 and removing active labels.