aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--components/script/dom/element.rs33
-rw-r--r--components/script/dom/htmlimageelement.rs10
-rw-r--r--components/script/dom/htmllinkelement.rs16
-rw-r--r--components/script/dom/htmlscriptelement.rs29
-rw-r--r--components/script/dom/webidls/HTMLImageElement.webidl2
-rw-r--r--components/script/dom/webidls/HTMLLinkElement.webidl2
-rw-r--r--components/script/stylesheet_loader.rs23
-rw-r--r--tests/wpt/metadata/html/dom/interfaces.html.ini6
-rw-r--r--tests/wpt/metadata/html/dom/reflection-metadata.html.ini156
-rw-r--r--tests/wpt/metadata/subresource-integrity/subresource-integrity.sub.html.ini6
10 files changed, 81 insertions, 202 deletions
diff --git a/components/script/dom/element.rs b/components/script/dom/element.rs
index be1e0eca42e..bd3925c04f9 100644
--- a/components/script/dom/element.rs
+++ b/components/script/dom/element.rs
@@ -79,6 +79,7 @@ use html5ever::serialize::TraversalScope;
use html5ever::serialize::TraversalScope::{ChildrenOnly, IncludeNode};
use html5ever_atoms::{Prefix, LocalName, Namespace, QualName};
use js::jsapi::{HandleValue, JSAutoCompartment};
+use net_traits::request::CorsSettings;
use parking_lot::RwLock;
use ref_filter_map::ref_filter_map;
use script_layout_interface::message::ReflowQueryType;
@@ -2897,3 +2898,35 @@ impl Runnable for ElementPerformFullscreenExit {
promise.resolve(promise.global().get_cx(), HandleValue::undefined());
}
}
+
+pub fn reflect_cross_origin_attribute(element: &Element) -> Option<DOMString> {
+ let attr = element.get_attribute(&ns!(), &local_name!("crossorigin"));
+
+ if let Some(mut val) = attr.map(|v| v.Value()) {
+ val.make_ascii_lowercase();
+ if val == "anonymous" || val == "use-credentials" {
+ return Some(val);
+ }
+ return Some(DOMString::from("anonymous"));
+ }
+ None
+}
+
+pub fn set_cross_origin_attribute(element: &Element, value: Option<DOMString>) {
+ match value {
+ Some(val) => element.set_string_attribute(&local_name!("crossorigin"), val),
+ None => {
+ element.remove_attribute(&ns!(), &local_name!("crossorigin"));
+ }
+ }
+}
+
+pub fn cors_setting_for_element(element: &Element) -> Option<CorsSettings> {
+ reflect_cross_origin_attribute(element).map_or(None, |attr| {
+ match &*attr {
+ "anonymous" => Some(CorsSettings::Anonymous),
+ "use-credentials" => Some(CorsSettings::UseCredentials),
+ _ => unreachable!()
+ }
+ })
+}
diff --git a/components/script/dom/htmlimageelement.rs b/components/script/dom/htmlimageelement.rs
index 29ddcd0a7c4..629d5d50fb6 100644
--- a/components/script/dom/htmlimageelement.rs
+++ b/components/script/dom/htmlimageelement.rs
@@ -19,6 +19,7 @@ use dom::bindings::refcounted::Trusted;
use dom::bindings::str::DOMString;
use dom::document::Document;
use dom::element::{AttributeMutation, Element, RawLayoutElementHelpers};
+use dom::element::{reflect_cross_origin_attribute, set_cross_origin_attribute};
use dom::event::Event;
use dom::eventtarget::EventTarget;
use dom::htmlareaelement::HTMLAreaElement;
@@ -335,9 +336,14 @@ impl HTMLImageElementMethods for HTMLImageElement {
make_setter!(SetSrc, "src");
// https://html.spec.whatwg.org/multipage/#dom-img-crossOrigin
- make_enumerated_getter!(CrossOrigin, "crossorigin", "anonymous", "use-credentials");
+ fn GetCrossOrigin(&self) -> Option<DOMString> {
+ reflect_cross_origin_attribute(self.upcast::<Element>())
+ }
+
// https://html.spec.whatwg.org/multipage/#dom-img-crossOrigin
- make_setter!(SetCrossOrigin, "crossorigin");
+ fn SetCrossOrigin(&self, value: Option<DOMString>) {
+ set_cross_origin_attribute(self.upcast::<Element>(), value);
+ }
// https://html.spec.whatwg.org/multipage/#dom-img-usemap
make_getter!(UseMap, "usemap");
diff --git a/components/script/dom/htmllinkelement.rs b/components/script/dom/htmllinkelement.rs
index 8f5d530769a..674db5c8a0c 100644
--- a/components/script/dom/htmllinkelement.rs
+++ b/components/script/dom/htmllinkelement.rs
@@ -15,6 +15,7 @@ use dom::cssstylesheet::CSSStyleSheet;
use dom::document::Document;
use dom::domtokenlist::DOMTokenList;
use dom::element::{AttributeMutation, Element, ElementCreator};
+use dom::element::{cors_setting_for_element, reflect_cross_origin_attribute, set_cross_origin_attribute};
use dom::globalscope::GlobalScope;
use dom::htmlelement::HTMLElement;
use dom::node::{Node, document_from_node, window_from_node};
@@ -239,6 +240,9 @@ impl HTMLLinkElement {
let element = self.upcast::<Element>();
+ // Step 3
+ let cors_setting = cors_setting_for_element(element);
+
let mq_attribute = element.get_attribute(&ns!(), &local_name!("media"));
let value = mq_attribute.r().map(|a| a.value());
let mq_str = match value {
@@ -262,7 +266,7 @@ impl HTMLLinkElement {
loader.load(StylesheetContextSource::LinkElement {
url: url,
media: Some(media),
- }, integrity_metadata.to_owned());
+ }, cors_setting, integrity_metadata.to_owned());
}
fn handle_favicon_url(&self, rel: &str, href: &str, sizes: &Option<String>) {
@@ -379,6 +383,16 @@ impl HTMLLinkElementMethods for HTMLLinkElement {
// https://html.spec.whatwg.org/multipage/#dom-link-target
make_setter!(SetTarget, "target");
+ // https://html.spec.whatwg.org/multipage/#dom-link-crossorigin
+ fn GetCrossOrigin(&self) -> Option<DOMString> {
+ reflect_cross_origin_attribute(self.upcast::<Element>())
+ }
+
+ // https://html.spec.whatwg.org/multipage/#dom-link-crossorigin
+ fn SetCrossOrigin(&self, value: Option<DOMString>) {
+ set_cross_origin_attribute(self.upcast::<Element>(), value);
+ }
+
// https://drafts.csswg.org/cssom/#dom-linkstyle-sheet
fn GetSheet(&self) -> Option<Root<DOMStyleSheet>> {
self.get_cssom_stylesheet().map(Root::upcast)
diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs
index cf0d3c6cf94..1a946871f32 100644
--- a/components/script/dom/htmlscriptelement.rs
+++ b/components/script/dom/htmlscriptelement.rs
@@ -4,7 +4,6 @@
use document_loader::LoadType;
use dom::attr::Attr;
-use dom::bindings::codegen::Bindings::AttrBinding::AttrMethods;
use dom::bindings::codegen::Bindings::DocumentBinding::DocumentMethods;
use dom::bindings::codegen::Bindings::HTMLScriptElementBinding;
use dom::bindings::codegen::Bindings::HTMLScriptElementBinding::HTMLScriptElementMethods;
@@ -17,6 +16,7 @@ use dom::bindings::reflector::DomObject;
use dom::bindings::str::DOMString;
use dom::document::Document;
use dom::element::{AttributeMutation, Element, ElementCreator};
+use dom::element::{cors_setting_for_element, reflect_cross_origin_attribute, set_cross_origin_attribute};
use dom::event::{Event, EventBubbles, EventCancelable};
use dom::eventdispatcher::EventStatus;
use dom::globalscope::GlobalScope;
@@ -369,12 +369,7 @@ impl HTMLScriptElement {
.unwrap_or_else(|| doc.encoding());
// Step 14.
- let cors_setting = match self.GetCrossOrigin() {
- Some(ref s) if *s == "anonymous" => Some(CorsSettings::Anonymous),
- Some(ref s) if *s == "use-credentials" => Some(CorsSettings::UseCredentials),
- None => None,
- _ => unreachable!()
- };
+ let cors_setting = cors_setting_for_element(element);
// TODO: Step 15: Module script credentials mode.
@@ -707,28 +702,12 @@ impl HTMLScriptElementMethods for HTMLScriptElement {
// https://html.spec.whatwg.org/multipage/#dom-script-crossorigin
fn GetCrossOrigin(&self) -> Option<DOMString> {
- let element = self.upcast::<Element>();
- let attr = element.get_attribute(&ns!(), &local_name!("crossorigin"));
-
- if let Some(mut val) = attr.map(|v| v.Value()) {
- val.make_ascii_lowercase();
- if val == "anonymous" || val == "use-credentials" {
- return Some(val);
- }
- return Some(DOMString::from("anonymous"));
- }
- None
+ reflect_cross_origin_attribute(self.upcast::<Element>())
}
// https://html.spec.whatwg.org/multipage/#dom-script-crossorigin
fn SetCrossOrigin(&self, value: Option<DOMString>) {
- let element = self.upcast::<Element>();
- match value {
- Some(val) => element.set_string_attribute(&local_name!("crossorigin"), val),
- None => {
- element.remove_attribute(&ns!(), &local_name!("crossorigin"));
- }
- }
+ set_cross_origin_attribute(self.upcast::<Element>(), value);
}
// https://html.spec.whatwg.org/multipage/#dom-script-text
diff --git a/components/script/dom/webidls/HTMLImageElement.webidl b/components/script/dom/webidls/HTMLImageElement.webidl
index 88e0dae8d3b..7bd69124d87 100644
--- a/components/script/dom/webidls/HTMLImageElement.webidl
+++ b/components/script/dom/webidls/HTMLImageElement.webidl
@@ -8,7 +8,7 @@ interface HTMLImageElement : HTMLElement {
attribute DOMString alt;
attribute DOMString src;
// attribute DOMString srcset;
- attribute DOMString crossOrigin;
+ attribute DOMString? crossOrigin;
attribute DOMString useMap;
attribute boolean isMap;
attribute unsigned long width;
diff --git a/components/script/dom/webidls/HTMLLinkElement.webidl b/components/script/dom/webidls/HTMLLinkElement.webidl
index 46b611d3548..bfab6270092 100644
--- a/components/script/dom/webidls/HTMLLinkElement.webidl
+++ b/components/script/dom/webidls/HTMLLinkElement.webidl
@@ -5,7 +5,7 @@
// https://html.spec.whatwg.org/multipage/#htmllinkelement
interface HTMLLinkElement : HTMLElement {
attribute DOMString href;
- // attribute DOMString crossOrigin;
+ attribute DOMString? crossOrigin;
attribute DOMString rel;
readonly attribute DOMTokenList relList;
attribute DOMString media;
diff --git a/components/script/stylesheet_loader.rs b/components/script/stylesheet_loader.rs
index 637f0619fc5..25b06e31de9 100644
--- a/components/script/stylesheet_loader.rs
+++ b/components/script/stylesheet_loader.rs
@@ -20,7 +20,7 @@ use hyper_serde::Serde;
use ipc_channel::ipc;
use ipc_channel::router::ROUTER;
use net_traits::{FetchResponseListener, FetchMetadata, Metadata, NetworkError, ReferrerPolicy};
-use net_traits::request::{CredentialsMode, Destination, RequestInit, Type as RequestType};
+use net_traits::request::{CorsSettings, CredentialsMode, Destination, RequestInit, RequestMode, Type as RequestType};
use network_listener::{NetworkListener, PreInvoke};
use parking_lot::RwLock;
use script_layout_interface::message::Msg;
@@ -196,7 +196,8 @@ impl<'a> StylesheetLoader<'a> {
}
impl<'a> StylesheetLoader<'a> {
- pub fn load(&self, source: StylesheetContextSource, integrity_metadata: String) {
+ pub fn load(&self, source: StylesheetContextSource, cors_setting: Option<CorsSettings>,
+ integrity_metadata: String) {
let url = source.url();
let document = document_from_node(self.elem);
let context = Arc::new(Mutex::new(StylesheetContext {
@@ -231,8 +232,18 @@ impl<'a> StylesheetLoader<'a> {
url: url.clone(),
type_: RequestType::Style,
destination: Destination::Style,
- credentials_mode: CredentialsMode::Include,
- use_url_credentials: true,
+ // https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request
+ // Step 1
+ mode: match cors_setting {
+ Some(_) => RequestMode::CorsMode,
+ None => RequestMode::NoCors,
+ },
+ // https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request
+ // Step 3-4
+ credentials_mode: match cors_setting {
+ Some(CorsSettings::Anonymous) => CredentialsMode::CredentialsSameOrigin,
+ _ => CredentialsMode::Include,
+ },
origin: document.url(),
pipeline_id: Some(self.elem.global().pipeline_id()),
referrer_url: Some(document.url()),
@@ -247,6 +258,8 @@ impl<'a> StylesheetLoader<'a> {
impl<'a> StyleStylesheetLoader for StylesheetLoader<'a> {
fn request_stylesheet(&self, import: &Arc<RwLock<ImportRule>>) {
- self.load(StylesheetContextSource::Import(import.clone()), "".to_owned())
+ //TODO (mrnayak) : Whether we should use the original loader's CORS setting?
+ //Fix this when spec has more details.
+ self.load(StylesheetContextSource::Import(import.clone()), None, "".to_owned())
}
}
diff --git a/tests/wpt/metadata/html/dom/interfaces.html.ini b/tests/wpt/metadata/html/dom/interfaces.html.ini
index 4de1ed5423f..0ec4b89fbcf 100644
--- a/tests/wpt/metadata/html/dom/interfaces.html.ini
+++ b/tests/wpt/metadata/html/dom/interfaces.html.ini
@@ -1041,15 +1041,9 @@
[HTMLBaseElement interface: document.createElement("base") must inherit property "target" with the proper type (1)]
expected: FAIL
- [HTMLLinkElement interface: attribute crossOrigin]
- expected: FAIL
-
[HTMLLinkElement interface: attribute sizes]
expected: FAIL
- [HTMLLinkElement interface: document.createElement("link") must inherit property "crossOrigin" with the proper type (1)]
- expected: FAIL
-
[HTMLLinkElement interface: document.createElement("link") must inherit property "sizes" with the proper type (7)]
expected: FAIL
diff --git a/tests/wpt/metadata/html/dom/reflection-metadata.html.ini b/tests/wpt/metadata/html/dom/reflection-metadata.html.ini
index 5d2c8295e81..236dbe01e91 100644
--- a/tests/wpt/metadata/html/dom/reflection-metadata.html.ini
+++ b/tests/wpt/metadata/html/dom/reflection-metadata.html.ini
@@ -2715,12 +2715,6 @@
[link.tabIndex: IDL set to -2147483648 followed by getAttribute()]
expected: FAIL
- [link.crossOrigin: typeof IDL attribute]
- expected: FAIL
-
- [link.crossOrigin: IDL get with DOM attribute unset]
- expected: FAIL
-
[link.crossOrigin: setAttribute() to "" followed by IDL get]
expected: FAIL
@@ -8832,156 +8826,6 @@
[link.tabIndex: IDL set to -2147483648]
expected: FAIL
- [link.crossOrigin: setAttribute() to ""]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to undefined]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to 7]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to 1.5]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to true]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to false]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to object "[object Object\]"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to NaN]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to Infinity]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to -Infinity]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "\\0"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to null]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to object "test-toString"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to object "test-valueOf"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "anonymous"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "xanonymous"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "anonymous\\0"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "nonymous"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "ANONYMOUS"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "use-credentials"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "xuse-credentials"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "use-credentials\\0"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "se-credentials"]
- expected: FAIL
-
- [link.crossOrigin: setAttribute() to "USE-CREDENTIALS"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to ""]
- expected: FAIL
-
- [link.crossOrigin: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [link.crossOrigin: IDL set to undefined]
- expected: FAIL
-
- [link.crossOrigin: IDL set to 7]
- expected: FAIL
-
- [link.crossOrigin: IDL set to 1.5]
- expected: FAIL
-
- [link.crossOrigin: IDL set to true]
- expected: FAIL
-
- [link.crossOrigin: IDL set to false]
- expected: FAIL
-
- [link.crossOrigin: IDL set to object "[object Object\]"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to NaN]
- expected: FAIL
-
- [link.crossOrigin: IDL set to Infinity]
- expected: FAIL
-
- [link.crossOrigin: IDL set to -Infinity]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "\\0"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to null]
- expected: FAIL
-
- [link.crossOrigin: IDL set to object "test-toString"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to object "test-valueOf"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "anonymous"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "xanonymous"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "anonymous\\0"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "nonymous"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "ANONYMOUS"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "use-credentials"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "xuse-credentials"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "use-credentials\\0"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "se-credentials"]
- expected: FAIL
-
- [link.crossOrigin: IDL set to "USE-CREDENTIALS"]
- expected: FAIL
-
[meta.dir: setAttribute() to ""]
expected: FAIL
diff --git a/tests/wpt/metadata/subresource-integrity/subresource-integrity.sub.html.ini b/tests/wpt/metadata/subresource-integrity/subresource-integrity.sub.html.ini
index ded3e16badb..552620d337a 100644
--- a/tests/wpt/metadata/subresource-integrity/subresource-integrity.sub.html.ini
+++ b/tests/wpt/metadata/subresource-integrity/subresource-integrity.sub.html.ini
@@ -1,8 +1,7 @@
[subresource-integrity.sub.html]
type: testharness
+
expected: OK
- [Style: <crossorigin='anonymous'> with correct hash, ACAO: *]
- expected: FAIL
[Style: Same-origin with correct sha256 and sha512 hash, rel='alternate stylesheet' enabled]
expected: FAIL
@@ -13,9 +12,6 @@
[Style: Same-origin with sha256 match, sha512 mismatch]
expected: FAIL
- [Style: <crossorigin='use-credentials'> with correct hash, CORS-eligible]
- expected: FAIL
-
[Style: <crossorigin='anonymous'> with CORS-ineligible resource]
expected: FAIL
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-01 11:43:43 +0000