feat: update WPT usage #1032
feat: update WPT usage #1032
Conversation
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| // We need rejectUnauthorized support so we can't use built-in fetch(), sadly. | ||
| exports.doHeadRequestWithNoCertChecking = (url) => { | ||
| const agent = url.startsWith("https") | ||
| ? new https.Agent({ rejectUnauthorized: false }) |
Check failure
Code scanning / CodeQL
Disabling certificate validation High test
There was a problem hiding this comment.
This is taken directly from the implementation in https://github.com/jsdom/jsdom/blob/2f8a730/test/. Let me know if feel strong that the tests need to prevent MITM attacks.
There was a problem hiding this comment.
Looks like an equivalent is already in use with strictSSL disabled so is an existing vulnerability.
jlp-craigmorten
force-pushed
the
feat-update-wpt-tests
branch
2 times, most recently
from
4c82554
to
d06ebe2
Compare
Co-authored-by: Craig Morten <[email protected]>
jlp-craigmorten
force-pushed
the
feat-update-wpt-tests
branch
from
56a6f0a
to
eb37052
Compare
| description_1.0_combobox-focusable-manual.html: | ||
| [fail, title already used for name] |
There was a problem hiding this comment.
TODO: I think this might actually be passing
Resolves #1045
Updates the WPT submodule and tests.
jsdom
For the jsdom suite, i've included a (non-exhaustive) set of specs that are relevant to this package in their scope regarding accessible name, description, and role calculation:
The current status of the WPT coverage is:
Where "Skipped" includes a combination of both relevant and irrelevant tests, but for a practical test runtime it is pragmatic to skip instead of having an expected failure.
I have opted to equate a
nullreturn from this package (e.g. fromgetRole()) to be the equivalent of an empty role""which eliminates a number of failures (for expected generic or presentational roles). If this normalization is misrepresentative I can remove.browser
For the Cypress based suite I've made the necessary changes so that the tests run, but have not extended the suite to cover the additional accname (or other spec) tests that have been introduced since the last refresh for this setup.