-
-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: update WPT usage #1032
base: main
Are you sure you want to change the base?
feat: update WPT usage #1032
Conversation
|
// We need rejectUnauthorized support so we can't use built-in fetch(), sadly. | ||
exports.doHeadRequestWithNoCertChecking = (url) => { | ||
const agent = url.startsWith("https") | ||
? new https.Agent({ rejectUnauthorized: false }) |
Check failure
Code scanning / CodeQL
Disabling certificate validation High test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is taken directly from the implementation in https://github.com/jsdom/jsdom/blob/2f8a730/test/. Let me know if feel strong that the tests need to prevent MITM attacks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like an equivalent is already in use with strictSSL
disabled so is an existing vulnerability.
See https://github.com/eps1lon/dom-accessibility-api/blob/main/tests/wpt-jsdom/start-wpt-server.js#L85
4c82554
to
d06ebe2
Compare
Co-authored-by: Craig Morten <[email protected]>
56a6f0a
to
eb37052
Compare
description_1.0_combobox-focusable-manual.html: | ||
[fail, title already used for name] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO: I think this might actually be passing
Resolves #1045
Updates the WPT submodule and tests.
jsdom
For the jsdom suite, i've included a (non-exhaustive) set of specs that are relevant to this package in their scope regarding accessible name, description, and role calculation:
The current status of the WPT coverage is:
Where "Skipped" includes a combination of both relevant and irrelevant tests, but for a practical test runtime it is pragmatic to skip instead of having an expected failure.
I have opted to equate a
null
return from this package (e.g. fromgetRole()
) to be the equivalent of an empty role""
which eliminates a number of failures (for expected generic or presentational roles). If this normalization is misrepresentative I can remove.browser
For the Cypress based suite I've made the necessary changes so that the tests run, but have not extended the suite to cover the additional accname (or other spec) tests that have been introduced since the last refresh for this setup.