Page MenuHomePhabricator
Differential D278839

Bug 1909705 - Fix WPT to adhere to spec. r=#dom-core!
ClosedPublic
Actions

Authored by sfarre on Jan 13 2026, 5:41 PM.
Tags
Referenced Files
Unknown Object (File)
Tue, Apr 14, 10:00 AM
Unknown Object (File)
Mon, Apr 13, 10:30 PM
Unknown Object (File)
Sun, Apr 5, 3:07 PM
Unknown Object (File)
Sat, Apr 4, 1:19 PM
Unknown Object (File)
Sat, Apr 4, 12:50 PM
Unknown Object (File)
Sat, Apr 4, 12:03 PM
Unknown Object (File)
Sat, Apr 4, 9:08 AM
Unknown Object (File)
Sat, Apr 4, 1:53 AM
View All 28 Files
Subscribers
smaug

Details

Reviewers
smaug
Group Reviewers
dom-core
Commits
rFIREFOXAUTOLAND8eca60565d91: Bug 1909705 - Fix WPT to adhere to spec. r=dom-core,smaug
Bugzilla Bug ID
1909705
Summary

Make reporting of sourceFile, lineNumber, column more consistent

Changes the test so that it checks for nulls.

Added test (#2) that has script running and therefore should have source
information.

/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html
also had the same problem, of expecting source code information with no
running javascript. Checks for null instead.

See https://w3c.github.io/webappsec-csp/#create-violation-for-global

Diff Detail

Event Timeline

sfarre planned changes to this revision.Jan 13 2026, 5:41 PM
sfarre created this revision.
Herald added a project: secure-revision. · View Herald TranscriptJan 13 2026, 5:41 PM
phab-bot changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 13 2026, 5:41 PM
phab-bot changed the edit policy from "Custom Policy" to "Restricted Project (Project)".
phab-bot removed a project: secure-revision.
sfarre requested review of this revision.Jan 13 2026, 5:42 PM
sfarre updated this revision to Diff 1183761.
sfarre retitled this revision from WIP: Bug 1909705 - Fix WPT to adhere to spec. to Bug 1909705 - Fix WPT to adhere to spec. r=#dom-core!.
sfarre added a reviewer: dom-core.
Harbormaster completed remote builds in B896760: Diff 1183761.Jan 13 2026, 6:00 PM
Harbormaster completed remote builds in B896759: Diff 1183760.
smaug requested changes to this revision.Jan 13 2026, 6:24 PM
smaug added a subscriber: smaug.
smaug added inline comments.
testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html
41

lineNumber nor columnNumber values aren't defined anywhere, so they could be anything.
I think we need to allow different values here.

This revision now requires changes to proceed.Jan 13 2026, 6:24 PM
smaug added a comment.Jan 13 2026, 6:24 PM

https://w3c.github.io/webappsec-csp/#issue-ee968c9a

sfarre requested review of this revision.Jan 14 2026, 12:11 PM
sfarre updated this revision to Diff 1184384.
Harbormaster completed remote builds in B897276: Diff 1184384.Jan 14 2026, 12:25 PM
sfarre marked an inline comment as done.Jan 14 2026, 12:31 PM
sfarre added inline comments.
testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html
41

Right. Created a new file to test for source information and I use e.g. [53, 54] and checks that the value is one of them, to test for 0 or 1 based numbering.

smaug accepted this revision.Jan 14 2026, 2:29 PM
smaug added a project: testing-approved.
smaug added inline comments.
testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation-2.https.sub.html
40

And these pass in Chrome too?

testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html
41

Could you add a comment why these are null, or perhaps a spec link or something.

This revision is now accepted and ready to land.Jan 14 2026, 2:29 PM
sfarre updated this revision to Diff 1189333.Jan 22 2026, 11:46 AM
sfarre marked 3 inline comments as done.
sfarre added inline comments.Jan 22 2026, 11:50 AM
testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation-2.https.sub.html
40

Hmm this seems to not pass on chrome, I was almost certain it passed with this change.

sfarre added inline comments.Jan 22 2026, 12:02 PM
testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation-2.https.sub.html
40

Now both tests confusingly does not pass on chrome. This one, where we expect to have a sourceFile, because we actually have JS running when the CSP violation happens, (line 54, theImage.src = foo), chrome reports null, but the other test, when we don't have js running, it reports the source file (and invalid src and line numbers).

Harbormaster completed remote builds in B901298: Diff 1189333.Jan 22 2026, 12:11 PM
sfarre updated this revision to Diff 1213219.Feb 26 2026, 10:37 PM
sfarre edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B920049: Diff 1213219.Feb 26 2026, 11:03 PM
sfarre updated this revision to Diff 1213243.Feb 26 2026, 11:07 PM
sfarre edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B920073: Diff 1213243.Feb 26 2026, 11:19 PM
Closed by commit rFIREFOXAUTOLAND8eca60565d91: Bug 1909705 - Fix WPT to adhere to spec. r=dom-core,smaug (authored by simon.farre.cx, committed by sfarre). · Explain WhyMar 4 2026, 1:40 PM
This revision was automatically updated to reflect the committed changes.
sfarre added a commit: rFIREFOXAUTOLAND8eca60565d91: Bug 1909705 - Fix WPT to adhere to spec. r=dom-core,smaug.
sfarre mentioned this in rFIREFOXBETA8eca60565d91: Bug 1909705 - Fix WPT to adhere to spec. r=dom-core,smaug.Mon, Mar 23, 10:52 PM
sfarre mentioned this in rFIREFOXRELEASE8eca60565d91: Bug 1909705 - Fix WPT to adhere to spec. r=dom-core,smaug.Wed, Apr 15, 7:24 PM

Revision Contents
Changeset List

Diff 1217010

View Options

dom/reporting/CSPViolationReportBody.cpp

Loading...
View Options

testing/web-platform/meta/content-security-policy/reporting-api/__dir__.ini

Loading...
View Options

testing/web-platform/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini

Loading...
View Options

testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini

Loading...
View Options

testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini

Loading...
View Options

testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini

Loading...
View Options

testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini

Loading...
View Options

testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini

Loading...
View Options

testing/web-platform/tests/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html

Loading...
View Options

testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation-2.https.sub.html

Loading...
View Options

testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation-2.https.sub.html.sub.headers

Loading...
View Options

testing/web-platform/tests/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html

Loading...
Privacy · Cookies · Legal