274253 – Trusted types fails to protect against a script edited mid-parse

Bug 274253 - Trusted types fails to protect against a script edited mid-parse

Summary: Trusted types fails to protect against a script edited mid-parse

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	Safari 17
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Luke Warlow

URL:
Keywords:	InRadar

Depends on:	269365
Blocks:	266630 274519
	Show dependency tree / graph

Reported:	2024-05-16 05:33 PDT by Luke Warlow
Modified:	2024-05-23 13:09 PDT (History)
CC List:	1 user (show)

See Also:	https://github.com/web-platform-tests/wpt/pull/46308

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke Warlow 2024-05-16 05:33:27 PDT

It's possible for a script to be edited by JS before it's finished parsing. In these cases they should trigger a trusted types violation.

Comment 1 Luke Warlow 2024-05-16 05:36:41 PDT

Pull request: https://github.com/WebKit/WebKit/pull/28648

Comment 2 Radar WebKit Bug Importer 2024-05-23 05:34:13 PDT

<rdar://problem/128606254>

Comment 3 EWS 2024-05-23 13:09:47 PDT

Committed 279225@main (c31d9c40707d): <https://commits.webkit.org/279225@main>

Reviewed commits have been landed. Closing PR #28648 and removing active labels.