From c6441dc9161581bc5cac4d2f4188bde9b2b293f5 Mon Sep 17 00:00:00 2001 From: Ms2ger Date: Tue, 23 Jan 2024 11:10:21 +0100 Subject: [PATCH 1/4] Expose getRandomValues in ShadowRealms --- WebCryptoAPI/getRandomValues.any.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/WebCryptoAPI/getRandomValues.any.js b/WebCryptoAPI/getRandomValues.any.js index 574134eb76dcd8..6171b70cdb561e 100644 --- a/WebCryptoAPI/getRandomValues.any.js +++ b/WebCryptoAPI/getRandomValues.any.js @@ -1,3 +1,5 @@ +// META: global=window,worker,shadowrealm + // Step 1. test(function() { assert_throws_dom("TypeMismatchError", function() { From f6e6a2996ab14ed7802427af49da0e3d2eb80de8 Mon Sep 17 00:00:00 2001 From: Philip Chimento Date: Thu, 16 Jan 2025 12:45:27 -0800 Subject: [PATCH 2/4] Run idlharness test in ShadowRealm --- WebCryptoAPI/idlharness.https.any.js | 1 + 1 file changed, 1 insertion(+) diff --git a/WebCryptoAPI/idlharness.https.any.js b/WebCryptoAPI/idlharness.https.any.js index ae65eb49f2120e..1cc34547acbf5c 100644 --- a/WebCryptoAPI/idlharness.https.any.js +++ b/WebCryptoAPI/idlharness.https.any.js @@ -1,6 +1,7 @@ // META: script=/resources/WebIDLParser.js // META: script=/resources/idlharness.js // META: timeout=long +// META: global=window,dedicatedworker,shadowrealm-in-window // https://w3c.github.io/webcrypto/Overview.html From a67ed68f4e0099786b2f1622d9c75da260a8cbf2 Mon Sep 17 00:00:00 2001 From: Philip Chimento Date: Thu, 21 Nov 2024 17:08:51 -0800 Subject: [PATCH 3/4] Expose randomUUID in ShadowRealms from secure contexts --- WebCryptoAPI/randomUUID.https.any.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/WebCryptoAPI/randomUUID.https.any.js b/WebCryptoAPI/randomUUID.https.any.js index 600a9728f0b147..5cdbc9159a5b97 100644 --- a/WebCryptoAPI/randomUUID.https.any.js +++ b/WebCryptoAPI/randomUUID.https.any.js @@ -1,3 +1,5 @@ +// META: global=window,worker,shadowrealm + // Run for enough iterations that we're likely to catch edge-cases, like // failing to set a reserved bit: const iterations = 256; From 61f075a1daf6bbe3a07a215d04194bb6e533decd Mon Sep 17 00:00:00 2001 From: Philip Chimento Date: Fri, 17 Jan 2025 10:27:45 -0800 Subject: [PATCH 4/4] Run test for absence of SubtleCrypto in ShadowRealm scopes ShadowRealm scopes, even when created in a secure context, should not be able to access crypto.subtle, SubtleCrypto, or CryptoKey, because those are not [Exposed=*]. --- WebCryptoAPI/historical.any.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/WebCryptoAPI/historical.any.js b/WebCryptoAPI/historical.any.js index 67ca9d9767df9d..19dcdbe9cf535c 100644 --- a/WebCryptoAPI/historical.any.js +++ b/WebCryptoAPI/historical.any.js @@ -1,6 +1,8 @@ -// META: global=window,dedicatedworker,sharedworker +// META: global=window,dedicatedworker,sharedworker,shadowrealm // -// Do not run this in a service worker as that's always in a secure context +// Do not run this in a service worker as that's always in a secure context. +// ShadowRealm scopes created from secure contexts are OK, because SubtleCrypto +// is not [Exposed=*]. test(() => { assert_equals(self.crypto.subtle, undefined);