commit 3ebc678b635c535e696736e4e97e67b1b8e1f36e
parent 42d675951bce60840489fbe32c0c852845c8e05a
Author: Euclid Ye <yezhizhenjiakang@gmail.com>
Date: Wed, 15 Oct 2025 08:21:58 +0000
Bug 1993490 [wpt PR 55299] - webdriver: Serialize script `String` argument correctly to prevent injection attack, a=testonly
Automatic update from web-platform-tests
Add new tests
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
--
Add symmetric test for `async_script`
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
--
wpt-commits: de98945541ca4cd454041fa81563500b7f9e1c5d, 4a15f22bbd9da4915636e8c2b8770a6b0b0d0110
wpt-pr: 55299
Diffstat:
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/testing/web-platform/tests/webdriver/tests/classic/execute_async_script/arguments.py b/testing/web-platform/tests/webdriver/tests/classic/execute_async_script/arguments.py
@@ -21,7 +21,9 @@ def test_null(session):
(True, "boolean"),
(42, "number"),
("foo", "string"),
-], ids=["boolean", "number", "string"])
+ ("foo\"bar", 'string'),
+ ('"); alert(1); //', "string"),
+], ids=["boolean", "number", "string", "string_quote", "string_injection"])
def test_primitives(session, value, expected_type):
result = execute_async_script(session, """
arguments[1]([typeof arguments[0], arguments[0]])
diff --git a/testing/web-platform/tests/webdriver/tests/classic/execute_script/arguments.py b/testing/web-platform/tests/webdriver/tests/classic/execute_script/arguments.py
@@ -19,7 +19,9 @@ def test_null(session):
(True, "boolean"),
(42, "number"),
("foo", "string"),
-], ids=["boolean", "number", "string"])
+ ("foo\"bar", 'string'),
+ ('"); alert(1); //', "string"),
+], ids=["boolean", "number", "string", "string_quote", "string_injection"])
def test_primitives(session, value, expected_type):
result = execute_script(session, "return [typeof arguments[0], arguments[0]]", args=[value])
actual = assert_success(result)
