tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 66963d1d1beffb0013793a50d012296a2d29f77d
parent 965e8e9b9c1f9ef527a883b171159cacbeaa2711
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date:   Fri,  3 Oct 2025 08:59:22 +0000

Bug 1990849 [wpt PR 55062] - Allow absent line/column number in navigate-to-javascript-url-001., a=testonly

Automatic update from web-platform-tests
Allow no line/column number in navigate-to-javascript-url-001.

--

wpt-commits: fa9b326e624ed814a3e4995d4d28fc8e6feff954
wpt-pr: 55062

Diffstat:

Mtesting/web-platform/tests/trusted-types/navigate-to-javascript-url-001.html | 19+++++++++++++------


1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/testing/web-platform/tests/trusted-types/navigate-to-javascript-url-001.html b/testing/web-platform/tests/trusted-types/navigate-to-javascript-url-001.html
@@ -17,12 +17,19 @@
     assert_equals(violation.violatedDirective, "require-trusted-types-for");
     assert_equals(violation.disposition, "enforce");
     assert_equals(violation.sample, `Location href|${clipSampleIfNeeded(kJavaScriptURLCode)}`);
-    assert_equals(violation.lineNumber, 4);
-    // https://w3c.github.io/webappsec-csp/#create-violation-for-global does not
-    // say how to determine the location and browsers provide inconsistent
-    // values for column number, so just check it's at least the offset of the
-    // '=' character of window.
-    assert_greater_than_equal(violation.columnNumber, 9);
+
+    // https://w3c.github.io/webappsec-csp/#create-violation-for-global says,
+    // If the user agent [...] and can extract [... line and column number ...]
+    // We'll allow line and column number be absent. If either is present, we
+    // expect specific values.
+    if (violation.lineNumber || violation.columnNumber) {
+      assert_equals(violation.lineNumber, 4);
+      // https://w3c.github.io/webappsec-csp/#create-violation-for-global does
+      // not say how to determine the location and browsers provide inconsistent
+      // values for column number, so just check it's at least the offset of the
+      // '=' character of window.
+      assert_greater_than_equal(violation.columnNumber, 9);
+    }
     assert_equals(result.exception, null);
   }, "Setting window.location to a javascript: URL without a default policy should report a CSP violation instead of executing the JavaScript code.");
 </script>