chromium/src
0
Fork 0
Code Activity

Completely disable all Web Component v0 APIs access via WebIDL

Browse Source 
This CL removes the Web Components V0 APIs (Shadow DOM v0, Custom
Elements v0, and HTML Imports) from the web platform. The features
are still available for use by limited internal code directly, for
a limited additional period. See crbug.com/1111843 for reference.

These features were deprecated in August, 2018, in [1], and removed
by default in Chromium M80, in [2] and [3]. For those sites that
needed additional time, there was then a "deprecation extension" [4]
(sometimes called a "reverse origin trial") that allowed sites to
continue using these APIs through M87. Now that M87 has branched
to Beta, the origin trial has now ended. These public APIs are
now disabled for all sites.

With this CL, several test suites are being skipped in
TestExpectations, including several folders that have been prepared
in advance:
  crbug.com/1081941 web-components-v0-only/* [ Skip ]
  crbug.com/1081941 virtual/web-components-v0-disabled/* [ Skip ]
  crbug.com/1081941 http/tests/htmlimports/* [ Skip ]

Once this CL has landed and stabilized, these folders/tests will be
deleted entirely.

[1] https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/h-JwMiPUnuU/sl79aLoLBQAJ
[2] https://chromium-review.googlesource.com/c/chromium/src/+/1850795
[3] https://chromium-review.googlesource.com/c/chromium/src/+/1869562
[4] https://developers.chrome.com/origintrials/#/view_trial/2431943798780067841

Bug: 911943, 1111843

Change-Id: Ia7bde5af655eba43538d18ce1335ed3e72846503
Cq-Do-Not-Cancel-Tryjobs: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2195005
Reviewed-by: Annie Sullivan <sullivan@chromium.org>
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Reviewed-by: Bo <boliu@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Auto-Submit: Mason Freed <masonfreed@chromium.org>
Commit-Queue: Mason Freed <masonfreed@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813894}
This commit is contained in:
Mason Freed
2020-10-05 20:42:56 +00:00
committed by Commit Bot
parent 30f39afd38
commit e8c86032cb
26 changed files with 27 additions and 636 deletions

29
android_webview/javatests/src/org/chromium/android_webview/test/AwSettingsTest.java

@@ -3465,35 +3465,6 @@ public class AwSettingsTest {
Assert.assertEquals(expectedTitle, actualTitle);
}
@Test
@SmallTest
@Feature({"AndroidWebView", "Preferences"})
public void testWebComponentsV0Reenabled() throws Throwable {
// TODO(1021631): This test should be removed once Android Webview
// disables Web Components v0 by default.
final TestAwContentsClient client = new TestAwContentsClient();
final AwTestContainerView view =
mActivityTestRule.createAwTestContainerViewOnMainSync(client);
final AwContents awContents = view.getAwContents();
CallbackHelper onPageFinishedHelper = client.getOnPageFinishedHelper();
AwActivityTestRule.enableJavaScriptOnUiThread(awContents);
final String expectedTitle = "enabled"; // https://crbug.com/1021631
final String page = "<!doctype html>"
+ "<script>"
+ "const htmlImportsEnabled = 'import' in document.createElement('link');"
+ "const customElementsV0Enabled = 'registerElement' in document;"
+ "const shadowDomV0Enabled = 'createShadowRoot' in document.createElement('div');"
+ "if (htmlImportsEnabled && customElementsV0Enabled && shadowDomV0Enabled) {"
+ " document.title = 'enabled';"
+ "} else {"
+ " document.title = 'disabled';"
+ "}"
+ "</script>";
mActivityTestRule.loadDataSync(awContents, onPageFinishedHelper, page, "text/html", false);
String actualTitle = mActivityTestRule.getTitleOnUiThread(awContents);
Assert.assertEquals(expectedTitle, actualTitle);
}
private static class SelectionRangeTestDependencyFactory extends TestDependencyFactory {
private boolean mDoNotUpdate;
public SelectionRangeTestDependencyFactory(boolean doNotUpdate) {

7
chrome/test/data/webui/webui_resource_browsertest.cc

@@ -116,13 +116,6 @@ class WebUIResourceBrowserTestV0 : public InProcessBrowserTest {
std::vector<int> include_libraries_;
};
IN_PROC_BROWSER_TEST_F(WebUIResourceBrowserTestV0, I18nProcessTest) {
AddLibrary(IDR_WEBUI_JS_LOAD_TIME_DATA);
AddLibrary(IDR_WEBUI_JS_I18N_TEMPLATE_NO_PROCESS);
AddLibrary(IDR_WEBUI_JS_UTIL);
LoadFile("i18n_process_test.html");
}
IN_PROC_BROWSER_TEST_F(WebUIResourceBrowserTest, ListTest) {
LoadTestUrl("js/cr/ui/list_test.html");
}

197
content/browser/loader/cross_site_document_blocking_browsertest.cc

@@ -461,12 +461,6 @@ class CrossSiteDocumentBlockingTestBase : public ContentBrowserTest {
network::switches::kHostResolverRules,
"MAP * " + embedded_test_server()->host_port_pair().ToString() +
",EXCLUDE localhost");
// TODO(yoichio): This is temporary switch to support chrome internal
// components migration from the old web APIs.
// After completion of the migration, we should remove this.
// See crbug.com/911943 for detail.
command_line->AppendSwitchASCII(switches::kEnableBlinkFeatures,
"HTMLImports");
}
void VerifyImgRequest(std::string resource, CorbExpectations expectations) {
@@ -1426,197 +1420,6 @@ IN_PROC_BROWSER_TEST_P(CrossSiteDocumentBlockingTest, PrefetchIsNotImpacted) {
EXPECT_EQ("<p>contents of the response</p>", response_body);
}
// This test covers a scenario where foo.com document HTML-Imports a bar.com
// document. Because of historical reasons, bar.com fetches use foo.com's
// URLLoaderFactory. This means that |request_initiator_origin_lock|
// enforcement can incorrectly classify such fetches as malicious
// (kIncorrectLock). This test ensures that UMAs properly detect such mishaps.
//
// TODO(lukasza, yoichio): https://crbug.com/766694: Remove this test once HTML
// Imports are removed from the codebase.
IN_PROC_BROWSER_TEST_P(CrossSiteDocumentBlockingTest,
HtmlImports_IncorrectLock) {
embedded_test_server()->StartAcceptingConnections();
// Prepare to intercept the network request at the IPC layer.
// This has to be done before the RenderFrameHostImpl is created.
//
// Note: we want to verify that the blocking prevents the data from being sent
// over IPC. Testing later (e.g. via Response/Headers Web APIs) might give a
// false sense of security, since some sanitization happens inside the
// renderer (e.g. via FetchResponseData::CreateCorsFilteredResponse).
GURL json_url("http://bar.com/site_isolation/nosniff.json");
RequestInterceptor interceptor(json_url);
// Navigate to the test page.
GURL foo_url("http://foo.com/title1.html");
EXPECT_TRUE(NavigateToURL(shell(), foo_url));
// Trigger a HTML import from another site. The imported document will
// perform a fetch of nosniff.json same-origin (bar.com) via <script> element.
// CORB should normally allow such fetch (request_initiator == bar.com ==
// origin_of_fetch_target), but here the fetch will be blocked, because
// request_initiator_origin_lock (a.com) will differ from request_initiator.
// Such mishap is okay, because CORB only blocks HTML/XML/JSON and such
// content type wouldn't have worked in <script> (or other non-XHR/fetch
// context) anyway.
GURL html_import_url(
"http://bar.com/cross_site_document_blocking/html_import.html");
const char* html_import_injection_template = R"(
var link = document.createElement('link');
link.rel = 'import';
link.href = $1;
document.head.appendChild(link);
)";
{
base::HistogramTester histograms;
std::string script =
JsReplace(html_import_injection_template, html_import_url);
ExecuteScriptAsync(shell()->web_contents(), script);
interceptor.WaitForRequestCompletion();
// NetworkService enforces |request_initiator_origin_lock| for CORB,
// which means that legitimate fetches from HTML Imported scripts may get
// incorrectly blocked.
interceptor.Verify(CorbExpectations::kShouldBeBlockedWithoutSniffing,
"no resource body needed for blocking verification");
}
}
// This test doesn't cover desirable behavior, but rather highlights bugs in
// implementation of HTML Imports:
// 1. On one hand:
// - "/site_isolation/nosniff.json" is resolved relative to foo.com
// - request_initiator is set to foo.com
// 2. But
// - CORB sees that the request was made from bar.com and blocks it.
//
// The test helps show that the bug above means that in XHR/fetch scenarios
// request_initiator is accidentally compatible with
// request_initiator_origin_lock and therefore the lock can be safely enforced.
//
// There are 2 almost identical tests here:
// - HtmlImports_CompatibleLock1
// - HtmlImports_CompatibleLock2
// They differ in which document is HTML Imported (and how the fetch of
// nosniff.json is triggered).
//
// TODO(lukasza, yoichio): https://crbug.com/766694: Remove this test once HTML
// Imports are removed from the codebase.
IN_PROC_BROWSER_TEST_P(CrossSiteDocumentBlockingTest,
HtmlImports_CompatibleLock1) {
embedded_test_server()->StartAcceptingConnections();
// Prepare to intercept the network request at the IPC layer.
// This has to be done before the RenderFrameHostImpl is created.
//
// Note: we want to verify that the blocking prevents the data from being sent
// over IPC. Testing later (e.g. via Response/Headers Web APIs) might give a
// false sense of security, since some sanitization happens inside the
// renderer (e.g. via FetchResponseData::CreateCorsFilteredResponse).
GURL json_url("http://foo.com/site_isolation/nosniff.json");
RequestInterceptor interceptor(json_url);
// Navigate to the test page.
GURL foo_url("http://foo.com/title1.html");
EXPECT_TRUE(NavigateToURL(shell(), foo_url));
// Trigger a HTML import from another site. The imported document will
// perform a fetch of nosniff.json same-origin (bar.com). CORB should
// allow all same-origin fetches.
GURL html_import_url(
"http://bar.com/cross_site_document_blocking/html_import2.html");
const char* html_import_injection_template = R"(
var link = document.createElement('link');
link.rel = 'import';
link.href = $1;
document.head.appendChild(link);
)";
{
DOMMessageQueue msg_queue;
base::HistogramTester histograms;
std::string script =
JsReplace(html_import_injection_template, html_import_url);
ExecuteScriptAsync(shell()->web_contents(), script);
interceptor.WaitForRequestCompletion();
// |request_initiator| is same-origin (foo.com), and so the fetch should not
// be blocked by CORB.
interceptor.Verify(CorbExpectations::kShouldBeAllowedWithoutSniffing,
GetTestFileContents("site_isolation", "nosniff.json"));
std::string fetch_result;
EXPECT_TRUE(msg_queue.WaitForMessage(&fetch_result));
EXPECT_THAT(fetch_result, ::testing::HasSubstr("BODY: runMe"));
}
}
// This test doesn't cover desirable behavior, but rather highlights bugs in
// implementation of HTML Imports:
// 1. On one hand:
// - "/site_isolation/nosniff.json" is resolved relative to foo.com
// - request_initiator is set to foo.com
// 2. But
// - CORB sees that the request was made from bar.com and blocks it.
//
// The test helps show that the bug above means that in XHR/fetch scenarios
// request_initiator is accidentally compatible with
// request_initiator_origin_lock and therefore the lock can be safely enforced.
//
// There are 2 almost identical tests here:
// - HtmlImports_CompatibleLock1
// - HtmlImports_CompatibleLock2
// They differ in which document is HTML Imported (and how the fetch of
// nosniff.json is triggered).
//
// TODO(lukasza, yoichio): https://crbug.com/766694: Remove this test once HTML
// Imports are removed from the codebase.
IN_PROC_BROWSER_TEST_P(CrossSiteDocumentBlockingTest,
HtmlImports_CompatibleLock2) {
embedded_test_server()->StartAcceptingConnections();
// Prepare to intercept the network request at the IPC layer.
// This has to be done before the RenderFrameHostImpl is created.
//
// Note: we want to verify that the blocking prevents the data from being sent
// over IPC. Testing later (e.g. via Response/Headers Web APIs) might give a
// false sense of security, since some sanitization happens inside the
// renderer (e.g. via FetchResponseData::CreateCorsFilteredResponse).
GURL json_url("http://foo.com/site_isolation/nosniff.json");
RequestInterceptor interceptor(json_url);
// Navigate to the test page.
GURL foo_url("http://foo.com/title1.html");
EXPECT_TRUE(NavigateToURL(shell(), foo_url));
// Trigger a HTML import from another site. The imported document will
// perform a fetch of nosniff.json same-origin (bar.com). CORB should
// allow all same-origin fetches.
GURL html_import_url(
"http://bar.com/cross_site_document_blocking/html_import3.html");
const char* html_import_injection_template = R"(
var link = document.createElement('link');
link.rel = 'import';
link.href = $1;
document.head.appendChild(link);
)";
{
DOMMessageQueue msg_queue;
base::HistogramTester histograms;
std::string script =
JsReplace(html_import_injection_template, html_import_url);
ExecuteScriptAsync(shell()->web_contents(), script);
interceptor.WaitForRequestCompletion();
// |request_initiator| is same-origin (foo.com), and so the fetch should not
// be blocked by CORB.
interceptor.Verify(CorbExpectations::kShouldBeAllowedWithoutSniffing,
GetTestFileContents("site_isolation", "nosniff.json"));
std::string fetch_result;
EXPECT_TRUE(msg_queue.WaitForMessage(&fetch_result));
EXPECT_THAT(fetch_result, ::testing::HasSubstr("BODY: runMe"));
}
}
INSTANTIATE_TEST_SUITE_P(
WithCORBProtectionSniffing,
CrossSiteDocumentBlockingTest,

62
content/browser/security_exploit_browsertest.cc

@@ -436,15 +436,6 @@ class CorsExploitBrowserTest : public ContentBrowserTest {
public:
CorsExploitBrowserTest() = default;
void SetUpCommandLine(base::CommandLine* command_line) override {
// TODO(yoichio): This is temporary switch to support chrome internal
// components migration from the old web APIs.
// After completion of the migration, we should remove this.
// See https://crbug.com/911943 for detail.
command_line->AppendSwitchASCII(switches::kEnableBlinkFeatures,
"HTMLImports");
}
void SetUpOnMainThread() override {
host_resolver()->AddRule("*", "127.0.0.1");
SetupCrossSiteRedirector(embedded_test_server());
@@ -454,59 +445,6 @@ class CorsExploitBrowserTest : public ContentBrowserTest {
DISALLOW_COPY_AND_ASSIGN(CorsExploitBrowserTest);
};
// This is a regression test for https://crbug.com/961614 - it makes sure that
// the trustworthy |request_initiator_origin_lock| takes precedent over
// the untrustworthy |request.request_initiator|.
//
// For spoofing a |request.request_initiator| that doesn't match
// |request_initiator_origin_lock|, the test relies on a misfeature of HTML
// Imports. It is unclear how to replicate such spoofing once HTML imports are
// deprecated.
IN_PROC_BROWSER_TEST_F(CorsExploitBrowserTest,
OriginHeaderSpoofViaHtmlImports) {
std::string victim_path = "/victim/secret.json";
net::test_server::ControllableHttpResponse victim_response(
embedded_test_server(), victim_path, false);
ASSERT_TRUE(embedded_test_server()->Start());
GURL attacker_url(
embedded_test_server()->GetURL("attacker.com", "/title1.html"));
GURL module_url(embedded_test_server()->GetURL(
"module.com", "/cross_site_document_blocking/html_import3.html"));
GURL victim_url(embedded_test_server()->GetURL("victim.com", victim_path));
EXPECT_TRUE(NavigateToURL(shell(), attacker_url));
// From a renderer process locked to attacker.com, load a HTML Import from
// module.com. HTML Imports implementation allows attacker.com to issue
// requests on behalf of the module.com module - here attacker.com initiates a
// request for a victim.com resource.
const char kScriptTemplate[] = R"(
link = document.createElement('link');
link.rel = 'import';
link.href = $1;
link.onload = () => {
with(link.import.documentElement.appendChild(
link.import.createElement('script'))) {
crossOrigin = 'use-credentials';
src = $2
}
};
document.documentElement.appendChild(link);
)";
std::string script = JsReplace(kScriptTemplate, module_url, victim_url);
ASSERT_TRUE(ExecJs(shell(), script));
// Verify that attacker.com-controlled request for a victim.com resource uses
// CORS and has `Origin: http://attacker.com` request header (rather than
// `Origin: http://module.com`).
victim_response.WaitForRequest();
net::test_server::HttpRequest::HeaderMap headers =
victim_response.http_request()->headers;
ASSERT_TRUE(base::Contains(headers, "Origin"));
EXPECT_EQ(url::Origin::Create(attacker_url).Serialize(), headers["Origin"]);
}
// Test that receiving a commit with incorrect origin properly terminates the
// renderer process.
IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, MismatchedOriginOnCommit) {

44
headless/lib/headless_origin_trials_browsertest.cc

@@ -60,29 +60,6 @@ class HeadlessOriginTrialsBrowserTest : public HeadlessBrowserTest {
#else
#define MAYBE_TrialsCanBeEnabled TrialsCanBeEnabled
#endif
IN_PROC_BROWSER_TEST_F(HeadlessOriginTrialsBrowserTest,
MAYBE_TrialsCanBeEnabled) {
HeadlessBrowserContext* browser_context =
browser()->CreateBrowserContextBuilder().Build();
// TODO(crbug.com/1050190): Implement a permanent, sample trial so this test
// doesn't rely on WebComponents V0, which will eventually go away.
HeadlessWebContents* web_contents =
browser_context->CreateWebContentsBuilder()
.SetInitialURL(
GURL("https://example.test/origin_trial_webcomponentsv0.html"))
.Build();
EXPECT_TRUE(WaitForLoad(web_contents));
// Ensure we can call createShadowRoot(), which is only available when the
// WebComponents V0 origin trial is enabled.
EXPECT_TRUE(EvaluateScript(web_contents,
"document.createElement('div').createShadowRoot() "
"instanceof ShadowRoot")
->GetResult()
->GetValue()
->GetBool());
}
// Flaky on Windows Debug https://crbug.com/1090801
#if defined(NO_WIN_FLAKES) && !defined(NDEBUG)
@@ -120,26 +97,5 @@ IN_PROC_BROWSER_TEST_F(HeadlessOriginTrialsBrowserTest,
#else
#define MAYBE_WebComponentsV0CustomElements WebComponentsV0CustomElements
#endif
IN_PROC_BROWSER_TEST_F(HeadlessOriginTrialsBrowserTest,
MAYBE_WebComponentsV0CustomElements) {
HeadlessBrowserContext* browser_context =
browser()->CreateBrowserContextBuilder().Build();
HeadlessWebContents* web_contents =
browser_context->CreateWebContentsBuilder()
.SetInitialURL(
GURL("https://example.test/origin_trial_webcomponentsv0.html"))
.Build();
EXPECT_TRUE(WaitForLoad(web_contents));
// Ensure we can call registerElement(), which is only available when the
// WebComponents V0 origin trial is enabled.
EXPECT_EQ(
"function",
EvaluateScript(web_contents, "typeof document.registerElement('my-tag')")
->GetResult()
->GetValue()
->GetString());
}
} // namespace headless

6
headless/test/data/protocol/emulation/virtual-time-html-import-expected.txt

@@ -1,6 +0,0 @@
Tests that an html import followed by a pending script does not break virtual time.
[
[0] : imported html
[1] : ran module
[2] : ran script
]

59
headless/test/data/protocol/emulation/virtual-time-html-import.js

@@ -1,59 +0,0 @@
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
(async function(testRunner) {
const {page, session, dp} = await testRunner.startBlank(
`Tests that an html import followed by a pending script does not break ` +
`virtual time.`);
const FetchHelper = await testRunner.loadScriptAbsolute(
'../fetch/resources/fetch-test.js');
const helper = new FetchHelper(testRunner, dp);
helper.setEnableLogging(false);
await helper.enable();
helper.onceRequest('http://test.com/index.html').fulfill(
FetchHelper.makeContentResponse(`
<!DOCTYPE html>
<link rel="import" href="/import.html">
<script src="/script.js"></script>
<script type="module" src="/module.js"></script>`)
);
helper.onceRequest('http://test.com/import.html').fulfill(
FetchHelper.makeContentResponse(`
<script>console.log("imported html");</script>`)
);
helper.onceRequest('http://test.com/script.js').fulfill(
FetchHelper.makeContentResponse(`
console.log("ran script");`,
"application/javascript")
);
helper.onceRequest('http://test.com/module.js').fulfill(
FetchHelper.makeContentResponse(`
console.log("ran module");`,
"application/javascript")
);
await dp.Runtime.enable();
await dp.Page.enable();
let log_lines = [];
dp.Runtime.onConsoleAPICalled(data => {
log_lines.push(data.params.args[0].value);
});
dp.Emulation.onVirtualTimeBudgetExpired(async data => {
testRunner.log(log_lines.sort());
testRunner.completeTest();
});
await dp.Emulation.setVirtualTimePolicy({policy: 'pause'});
await dp.Emulation.setVirtualTimePolicy({
policy: 'pauseIfNetworkFetchesPending', budget: 5000,
waitForNavigation: true});
dp.Page.navigate({url: 'http://test.com/index.html'});
})

8
headless/test/headless_protocol_browsertest.cc

@@ -56,12 +56,6 @@ class HeadlessProtocolBrowserTest
// Make sure the navigations spawn new processes. We run test harness
// in one process (harness.test) and tests in another.
command_line->AppendSwitch(::switches::kSitePerProcess);
// TODO(yoichio): This is temporary switch to support chrome internal
// components migration from the old web APIs.
// After completion of the migration, we should remove this.
// See crbug.com/911943 for detail.
command_line->AppendSwitchASCII(switches::kEnableBlinkFeatures,
"HTMLImports");
}
private:
@@ -236,8 +230,6 @@ HEADLESS_PROTOCOL_TEST(VirtualTimeLocalStorage,
"emulation/virtual-time-local-storage.js")
HEADLESS_PROTOCOL_TEST(VirtualTimePendingScript,
"emulation/virtual-time-pending-script.js")
HEADLESS_PROTOCOL_TEST(VirtualTimeHtmlImport,
"emulation/virtual-time-html-import.js")
HEADLESS_PROTOCOL_TEST(VirtualTimeRedirect,
"emulation/virtual-time-redirect.js")
HEADLESS_PROTOCOL_TEST(VirtualTimeSessionStorage,

2
third_party/blink/renderer/core/dom/document.idl vendored

@@ -165,8 +165,6 @@ typedef (HTMLScriptElement or SVGScriptElement) HTMLOrSVGScriptElement;
// Custom Elements
// https://w3c.github.io/webcomponents/spec/custom/#extensions-to-document-interface-to-register
// FIXME: The registerElement return type should be Function.
[RuntimeEnabled=CustomElementsV0, CallWith=ScriptState, CustomElementCallbacks, RaisesException, DeprecateAs=DocumentRegisterElement] any registerElement(DOMString type, optional ElementRegistrationOptions options = {});
// https://w3c.github.io/webcomponents/spec/custom/#extensions-to-document-interface-to-instantiate
[CustomElementCallbacks, PerWorldBindings, RaisesException, ImplementedAs=CreateElementForBinding] Element createElement(DOMString localName, (DOMString or ElementCreationOptions) options);
[CustomElementCallbacks, RaisesException] Element createElementNS(DOMString? namespaceURI, DOMString qualifiedName, (DOMString or ElementCreationOptions) options);

2
third_party/blink/renderer/core/dom/element.idl vendored

@@ -133,8 +133,6 @@ callback ScrollStateCallback = void (ScrollState scrollState);
// Non-standard API
[MeasureAs=ElementScrollIntoViewIfNeeded] void scrollIntoViewIfNeeded(optional boolean centerIfNeeded);
[RuntimeEnabled=ShadowDOMV0, RaisesException, DeprecateAs=ElementCreateShadowRoot] ShadowRoot createShadowRoot();
[RuntimeEnabled=ShadowDOMV0] NodeList getDestinationInsertionPoints();
// Experimental accessibility API
[RuntimeEnabled=ComputedAccessibilityInfo] readonly attribute DOMString? computedRole;

3
third_party/blink/renderer/core/dom/text.idl vendored

@@ -29,7 +29,4 @@
// Mixin Slotable
// https://dom.spec.whatwg.org/#mixin-slotable
[ImplementedAs=assignedSlotForBinding] readonly attribute HTMLSlotElement? assignedSlot;
// Non-standard API:
[RuntimeEnabled=ShadowDOMV0] NodeList getDestinationInsertionPoints();
};

4
third_party/blink/renderer/core/html/html_link_element.idl vendored

@@ -51,10 +51,6 @@
// https://drafts.csswg.org/cssom/#the-linkstyle-interface
readonly attribute StyleSheet? sheet;
// HTML Imports
// https://w3c.github.io/webcomponents/spec/imports/#interface-import
[RuntimeEnabled=HTMLImports] readonly attribute Document? import;
// Subresource Integrity
// https://w3c.github.io/webappsec-subresource-integrity/#HTMLLinkElement
[Reflect] attribute DOMString integrity;

27
third_party/blink/web_tests/TestExpectations vendored

@@ -1369,6 +1369,29 @@ crbug.com/1053725 [ Win7 ] fast/forms/calendar-picker/date-picker-appearance-dis
# ====== Form Controls Refresh failures until here ======
# ===== These tests fail when Web Components v0 is removed =====
crbug.com/1081941 web-components-v0-only/* [ Skip ]
crbug.com/1081941 virtual/web-components-v0-disabled/* [ Skip ]
crbug.com/1081941 http/tests/htmlimports/* [ Skip ]
crbug.com/1081941 http/tests/custom/xhr-response-does-not-have-registry.html [ Skip ]
crbug.com/1081941 http/tests/custom-elements/no-registry-test.html [ Skip ]
crbug.com/1081941 http/tests/devtools/import-open-inspector.js [ Skip ]
crbug.com/1081941 http/tests/devtools/elements/html-link-import.js [ Skip ]
crbug.com/1081941 http/tests/devtools/elements/styles-3/style-rule-from-imported-stylesheet.js [ Skip ]
crbug.com/1081941 http/tests/devtools/network/network-imported-resource-content.js [ Skip ]
crbug.com/1081941 http/tests/devtools/resource-tree/resource-tree-htmlimports.js [ Skip ]
crbug.com/1081941 http/tests/linkHeader/link-rel-import-css-rule-capital.html [ Skip ]
crbug.com/1081941 http/tests/security/contentSecurityPolicy/nonces/import-enforce-allowed.php [ Skip ]
crbug.com/1081941 http/tests/security/contentSecurityPolicy/nonces/import-enforce-blocked.php [ Skip ]
crbug.com/1081941 http/tests/security/contentSecurityPolicy/nonces/import-multiple-allowed.php [ Skip ]
crbug.com/1081941 http/tests/security/contentSecurityPolicy/nonces/import-multiple-blocked.php [ Skip ]
crbug.com/1081941 http/tests/security/contentSecurityPolicy/nonces/import-reportonly-allowed.php [ Skip ]
crbug.com/1081941 http/tests/security/referrer-policy-attribute-import-no-referrer.html [ Skip ]
crbug.com/1081941 http/tests/subresource_filter/resource-in-import-disallowed.html [ Skip ]
# ===== Web Components v0 until here =====
# Bug in FormControlsRefresh <select multiple> tap behavior:
crbug.com/1045672 fast/forms/select/listbox-tap.html [ Failure ]
@@ -5410,9 +5433,6 @@ crbug.com/1062984 external/wpt/paint-timing/fcp-only/fcp-invisible-3d-rotate.htm
crbug.com/1062984 external/wpt/paint-timing/fcp-only/fcp-out-of-bounds-translate.html [ Failure ]
crbug.com/1062984 external/wpt/paint-timing/fcp-only/fcp-text-input.html [ Failure ]
# Sheriff 2019-03-01
crbug.com/937416 http/tests/devtools/resource-tree/resource-tree-htmlimports.js [ Pass Failure ]
# Also crbug.com/1044535
crbug.com/937416 http/tests/devtools/resource-tree/resource-tree-frame-navigate.js [ Pass Failure Timeout ]
@@ -5444,7 +5464,6 @@ crbug.com/943969 [ Win ] inspector-protocol/css/css-get-media-queries.js [ Pass
crbug.com/945665 http/tests/devtools/elements/styles-3/styles-add-new-rule-tab.js [ Pass Failure ]
crbug.com/945665 http/tests/devtools/elements/styles-3/styles-add-new-rule.js [ Pass Failure Timeout ]
crbug.com/945665 http/tests/devtools/elements/styles-3/styles-disable-inherited.js [ Pass Failure ]
crbug.com/945665 [ Win7 ] http/tests/devtools/elements/styles-3/style-rule-from-imported-stylesheet.js [ Failure Pass ]
crbug.com/945665 http/tests/devtools/elements/styles-3/styles-change-node-while-editing.js [ Pass Failure ]
crbug.com/945629 http/tests/devtools/network/network-filters.js [ Pass Failure Timeout ]

2
third_party/blink/web_tests/external/wpt/custom-elements/historical-expected.txt vendored

@@ -1,5 +1,5 @@
This is a testharness.js-based test.
FAIL document.registerElement should not exist assert_false: expected false got true
PASS document.registerElement should not exist
FAIL document.createElement(localName, "string") should not work assert_false: expected false got true
FAIL document.createElementNS(namespace, qualifiedName, "string") should not work assert_false: expected false got true
Harness: the test ran to completion.

6
third_party/blink/web_tests/external/wpt/shadow-dom/historical-expected.txt vendored

@@ -1,7 +1,7 @@
This is a testharness.js-based test.
FAIL element.createShadowRoot should not exist assert_false: expected false got true
FAIL element.getDestinationInsertionPoints should not exist assert_false: expected false got true
FAIL text.getDestinationInsertionPoints should not exist assert_false: expected false got true
PASS element.createShadowRoot should not exist
PASS element.getDestinationInsertionPoints should not exist
PASS text.getDestinationInsertionPoints should not exist
FAIL event.path should not exist assert_false: expected false got true
FAIL HTMLContentElement should not exist assert_false: expected false got true
Harness: the test ran to completion.

20
third_party/blink/web_tests/http/tests/origin_trials/webexposed/webcomponentsv0-basic-import-disabled.html vendored

@@ -1,20 +0,0 @@
<!DOCTYPE html>
<meta charset="utf-8">
<link id="target" rel="import" href="resources/html-imports-hello.html">
<script src="../../../../resources/testharness.js"></script>
<script src="../../../../resources/testharnessreport.js"></script>
<script>
// Behavior is different depending on if the runtime flag is enabled.
if (self.internals.runtimeFlags.htmlImportsEnabled) {
// Runtime flag is enabled, so import will actually work. Explicitly call
// done() to avoid timeout while test framework waits for a test to run.
setup({single_test: true});
done();
} else {
test(() => {
assert_equals(target.import, undefined);
}, 'Basic html file should not be imported');
}
</script>

23
third_party/blink/web_tests/http/tests/origin_trials/webexposed/webcomponentsv0-basic-import-enabled-insecure-context.html vendored

@@ -1,23 +0,0 @@
<!DOCTYPE html>
<meta charset="utf-8">
<!-- NOTE: The token must match the UNAUTHENTICATED_ORIGIN used in the test.
Generate this token with the command:
generate_token.py http://example.test:8000 WebComponentsV0 --expire-timestamp=2000000000
-->
<meta http-equiv="origin-trial" content="ApvQmWyEJ1hMIUp80AK+wjmYaGlmF2UA9MSWCt5vej5J+gj5XsYaAyyczK5df2RvdvrgZ8YloMdZRXp3v1pi9AoAAABaeyJvcmlnaW4iOiAiaHR0cDovL2V4YW1wbGUudGVzdDo4MDAwIiwgImZlYXR1cmUiOiAiV2ViQ29tcG9uZW50c1YwIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9"/>
<link id="target" rel="import" href="resources/html-imports-hello.html">
<script src="../../resources/testharness.js"></script>
<script src="../../resources/testharnessreport.js"></script>
<script src="../../resources/get-host-info.js"></script>
<script>
if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
window.location = get_host_info().UNAUTHENTICATED_ORIGIN +
window.location.pathname;
} else {
test(() => {
assert_equals(target.import.querySelector('h1').textContent, 'Hello');
}, 'Basic html file should be imported in insecure context');
}
</script>

16
third_party/blink/web_tests/http/tests/origin_trials/webexposed/webcomponentsv0-basic-import-enabled.html vendored

@@ -1,16 +0,0 @@
<!DOCTYPE html>
<meta charset="utf-8">
<!-- Generate this token with the command:
generate_token.py http://127.0.0.1:8000 WebComponentsV0 --expire-timestamp=2000000000
-->
<meta http-equiv="origin-trial" content="Ar9dxxaQ+S9WJDVAL5PqZEtGNqgN2jeewmtzi1+9TK2oavYps7dKu36815FgbztKvcJJ2QATr2g0k0U6nQaDOAMAAABXeyJvcmlnaW4iOiAiaHR0cDovLzEyNy4wLjAuMTo4MDAwIiwgImZlYXR1cmUiOiAiV2ViQ29tcG9uZW50c1YwIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9" />
<link id="target" rel="import" href="resources/html-imports-hello.html">
<script src="../../../../resources/testharness.js"></script>
<script src="../../../../resources/testharnessreport.js"></script>
<script>
test(() => {
assert_equals(target.import.querySelector('h1').textContent, 'Hello');
}, 'Basic html file should be imported');
</script>

20
third_party/blink/web_tests/http/tests/origin_trials/webexposed/webcomponentsv0-nested-import-disabled.html vendored

@@ -1,20 +0,0 @@
<!DOCTYPE html>
<meta charset="utf-8">
<link id="target" rel="import" href="resources/html-imports-parent.html">
<script src="../../../../resources/testharness.js"></script>
<script src="../../../../resources/testharnessreport.js"></script>
<script>
// Behavior is different depending on if the runtime flag is enabled.
if (self.internals.runtimeFlags.htmlImportsEnabled) {
// Runtime flag is enabled, so import will actually work. Explicitly call
// done() to avoid timeout while test framework waits for a test to run.
setup({single_test: true});
done();
} else {
test(() => {
assert_equals(document.nestedChildScriptHasRun, undefined);
}, 'Script should not run in nested child import');
}
</script>

16
third_party/blink/web_tests/http/tests/origin_trials/webexposed/webcomponentsv0-nested-import-enabled.html vendored

@@ -1,16 +0,0 @@
<!DOCTYPE html>
<meta charset="utf-8">
<!-- Generate this token with the command:
generate_token.py http://127.0.0.1:8000 WebComponentsV0 --expire-timestamp=2000000000
-->
<meta http-equiv="origin-trial" content="Ar9dxxaQ+S9WJDVAL5PqZEtGNqgN2jeewmtzi1+9TK2oavYps7dKu36815FgbztKvcJJ2QATr2g0k0U6nQaDOAMAAABXeyJvcmlnaW4iOiAiaHR0cDovLzEyNy4wLjAuMTo4MDAwIiwgImZlYXR1cmUiOiAiV2ViQ29tcG9uZW50c1YwIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9" />
<link id="target" rel="import" href="resources/html-imports-parent.html">
<script src="../../../../resources/testharness.js"></script>
<script src="../../../../resources/testharnessreport.js"></script>
<script>
test(() => {
assert_true(document.nestedChildScriptHasRun);
}, 'Script should run in nested child import');
</script>

21
third_party/blink/web_tests/http/tests/origin_trials/webexposed/webcomponentsv0-usecounter-customelementv0.html vendored

@@ -1,21 +0,0 @@
<!DOCTYPE html>
<meta charset="utf-8">
<!-- Generate this token with the command:
generate_token.py http://127.0.0.1:8000 WebComponentsV0 --expire-timestamp=2000000000
-->
<meta http-equiv="origin-trial" content="Ar9dxxaQ+S9WJDVAL5PqZEtGNqgN2jeewmtzi1+9TK2oavYps7dKu36815FgbztKvcJJ2QATr2g0k0U6nQaDOAMAAABXeyJvcmlnaW4iOiAiaHR0cDovLzEyNy4wLjAuMTo4MDAwIiwgImZlYXR1cmUiOiAiV2ViQ29tcG9uZW50c1YwIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9" />
<div id="div"></div>
<script src="../../../../resources/testharness.js"></script>
<script src="../../../../resources/testharnessreport.js"></script>
<script>
test(() => {
// From blink/public/mojom/web_feature/web_feature.mojom
const DocumentRegisterElementOnReverseOriginTrials = 2849;
assert_false(internals.isUseCounted(document, DocumentRegisterElementOnReverseOriginTrials));
document.registerElement('my-tag');
const isCounted = internals.isUseCounted(document, DocumentRegisterElementOnReverseOriginTrials);
assert_true(isCounted);
}, 'Comfirm DocumentRegisterElementOnReverseOriginTrials counter');
</script>

21
third_party/blink/web_tests/http/tests/origin_trials/webexposed/webcomponentsv0-usecounter-htmlimports.html vendored

@@ -1,21 +0,0 @@
<!DOCTYPE html>
<meta charset="utf-8">
<!-- Generate this token with the command:
generate_token.py http://127.0.0.1:8000 WebComponentsV0 --expire-timestamp=2000000000
-->
<meta http-equiv="origin-trial" content="Ar9dxxaQ+S9WJDVAL5PqZEtGNqgN2jeewmtzi1+9TK2oavYps7dKu36815FgbztKvcJJ2QATr2g0k0U6nQaDOAMAAABXeyJvcmlnaW4iOiAiaHR0cDovLzEyNy4wLjAuMTo4MDAwIiwgImZlYXR1cmUiOiAiV2ViQ29tcG9uZW50c1YwIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9" />
<div id="div"></div>
<script src="../../../../resources/testharness.js"></script>
<script src="../../../../resources/testharnessreport.js"></script>
<script>
test(() => {
// From blink/public/mojom/web_feature/web_feature.mojom
const HTMLImportsOnReverseOriginTrials = 2847;
assert_false(internals.isUseCounted(document, HTMLImportsOnReverseOriginTrials));
div.innerHTML = "<link id='target' rel='import' href='resources/html-imports-hello.html'>"
const isCounted = internals.isUseCounted(document, HTMLImportsOnReverseOriginTrials);
assert_true(isCounted);
}, 'Comfirm HTMLImportsOnReverseOriginTrials counter');
</script>

21
third_party/blink/web_tests/http/tests/origin_trials/webexposed/webcomponentsv0-usecounter-shadowdomv0.html vendored

@@ -1,21 +0,0 @@
<!DOCTYPE html>
<meta charset="utf-8">
<!-- Generate this token with the command:
generate_token.py http://127.0.0.1:8000 WebComponentsV0 --expire-timestamp=2000000000
-->
<meta http-equiv="origin-trial" content="Ar9dxxaQ+S9WJDVAL5PqZEtGNqgN2jeewmtzi1+9TK2oavYps7dKu36815FgbztKvcJJ2QATr2g0k0U6nQaDOAMAAABXeyJvcmlnaW4iOiAiaHR0cDovLzEyNy4wLjAuMTo4MDAwIiwgImZlYXR1cmUiOiAiV2ViQ29tcG9uZW50c1YwIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9" />
<div id="div"></div>
<script src="../../../../resources/testharness.js"></script>
<script src="../../../../resources/testharnessreport.js"></script>
<script>
test(() => {
// From blink/public/mojom/web_feature/web_feature.mojom
const ElementCreateShadowRootOnReverseOriginTrials = 2848;
assert_false(internals.isUseCounted(document, ElementCreateShadowRootOnReverseOriginTrials));
div.createShadowRoot();
const isCounted = internals.isUseCounted(document, ElementCreateShadowRootOnReverseOriginTrials);
assert_true(isCounted);
}, 'Comfirm ElementCreateShadowRootOnReverseOriginTrials counter');
</script>

5
third_party/blink/web_tests/webexposed/element-instance-property-listing-expected.txt vendored

@@ -104,7 +104,6 @@ namespace http://www.w3.org/1999/xhtml
property computedStyleMap
property contains
property contentEditable
property createShadowRoot
property dataset
property dir
property dispatchEvent
@@ -122,7 +121,6 @@ namespace http://www.w3.org/1999/xhtml
property getAttributeNodeNS
property getBoundingClientRect
property getClientRects
property getDestinationInsertionPoints
property getElementsByClassName
property getElementsByTagName
property getElementsByTagNameNS
@@ -782,7 +780,6 @@ html element link
property hreflang
property imageSizes
property imageSrcset
property import
property importance
property integrity
property media
@@ -1315,7 +1312,6 @@ namespace http://www.w3.org/2000/svg
property computedRole
property computedStyleMap
property contains
property createShadowRoot
property dataset
property dispatchEvent
property elementTiming
@@ -1330,7 +1326,6 @@ namespace http://www.w3.org/2000/svg
property getAttributeNodeNS
property getBoundingClientRect
property getClientRects
property getDestinationInsertionPoints
property getElementsByClassName
property getElementsByTagName
property getElementsByTagNameNS

5
third_party/blink/web_tests/webexposed/global-interface-listing-expected.txt vendored

@@ -1787,7 +1787,6 @@ interface Document : Node
method queryCommandValue
method querySelector
method querySelectorAll
method registerElement
method releaseEvents
method replaceChildren
method requestStorageAccess
@@ -2091,7 +2090,6 @@ interface Element : Node
method closest
method computedStyleMap
method constructor
method createShadowRoot
method getAnimations
method getAttribute
method getAttributeNS
@@ -2100,7 +2098,6 @@ interface Element : Node
method getAttributeNodeNS
method getBoundingClientRect
method getClientRects
method getDestinationInsertionPoints
method getElementsByClassName
method getElementsByTagName
method getElementsByTagNameNS
@@ -3585,7 +3582,6 @@ interface HTMLLinkElement : HTMLElement
getter hreflang
getter imageSizes
getter imageSrcset
getter import
getter importance
getter integrity
getter media
@@ -8282,7 +8278,6 @@ interface Text : CharacterData
getter assignedSlot
getter wholeText
method constructor
method getDestinationInsertionPoints
method splitText
interface TextDecoder
attribute @@toStringTag

37
tools/perf/core/about_tracing_integration_test.py

@@ -1,37 +0,0 @@
# Copyright 2016 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
from telemetry import decorators
from telemetry.testing import tab_test_case
class AboutTracingIntegrationTest(tab_test_case.TabTestCase):
@decorators.Disabled('android',
'win', # https://crbug.com/632871
'chromeos') # https://crbug.com/654044
def testBasicTraceRecording(self):
action_runner = self._tab.action_runner
action_runner.Navigate('chrome://tracing')
record_button_js = (
"document.querySelector('tr-ui-timeline-view').shadowRoot."
"querySelector('#record-button')")
# Click 'record' to trigger record selection diaglog.
action_runner.WaitForElement(element_function=record_button_js)
action_runner.ClickElement(element_function=record_button_js)
# Wait for record selection diaglog to pop up, then click record.
action_runner.WaitForElement(selector='.overlay')
action_runner.ClickElement(
element_function=("document.querySelector('.overlay').shadowRoot."
"querySelectorAll('button')[0]"))
# Stop recording after 1 seconds.
action_runner.Wait(1)
action_runner.ClickElement(
element_function=
"document.querySelector('.overlay').querySelector('button')")
# Make sure that we can see the browser track.
action_runner.WaitForElement(selector='div[title~="Browser"]')