fledge/tentative/TODO - external/w3c/web-platform-tests - Git at Google

 Need tests for (likely not a complete list):

 * directFromSellerSignals.
 * All generateBid() and scoreAd() input parameters.
 * All interest group fields (passed to auction, have effect on auction).
     Validation when joining/leaving interest group is already covered.
 * Filtering/prioritization (including bidding signals influencing priorities)
 * Size restrictions.
 * Updates (both after auction and triggered).
 * All auctionConfig parameters (including invalid auctionConfigs, and ones
     with no buyers).
 * Joining interest group with duration of 0 should just leave the IG (not
     currently guaranteed to work, due to potential time skew between processes).
 * Multiple buyers.
 * Multiple interest group with same owner.
 * Multiple origin auctions (buyer != publisher != seller).
 * Multiple frame tests (including join IG policy, run auction policy,
     loading URNs in fencedframes in other frames, loading component
     ad URNs in fenced frames of other frames, etc)
 * adAuctionConfig passed to reportResult().
 * Component ads (including scoring signals fetches).
 * Component auctions.
 * browserSignals fields in scoring/bidding methods.
 * In reporting methods, browserSignals fields: dataVersion, topLevelSeller,
     componentSeller, modifiedBid, adCost, madeHighestScoringOtherBid
     (with interest group from another origin).
 * Loading ads in iframes.
 * In fencedframes window.fence.setReportEventDataForAutomaticBeacons()
 * Calling leaveAdInterestGroup() in the frame of a winning ad (and one
     of its component ads)
 * Network timeouts.
 * Validate specific escaping behavior logic (still under discussion). There
     are a number of different rules for which characters are escaped, and
     whether spacess are escaped as "%20" or "+".
 * Reports not sent if ad not used.
 * Ties.
 * Interactions with local network access API, which requires public
     networks to send CORS preflights for requests made over local networks.
     Needs testing with public publisher pages running auctions with
     sellers / buyers / update URLs on local networks.

 If possible:
 * Aggregate reporting.
 * Join/leave permission delegation via .well-known files.
 * k-anonymity.
 * Signals request batching. This is an optional feature, so can't require it,
     but maybe a test where batching could be used, and make sure things work,
     whether batching is used or not?
	Need tests for (likely not a complete list):

	* directFromSellerSignals.
	* All generateBid() and scoreAd() input parameters.
	* All interest group fields (passed to auction, have effect on auction).
	Validation when joining/leaving interest group is already covered.
	* Filtering/prioritization (including bidding signals influencing priorities)
	* Size restrictions.
	* Updates (both after auction and triggered).
	* All auctionConfig parameters (including invalid auctionConfigs, and ones
	with no buyers).
	* Joining interest group with duration of 0 should just leave the IG (not
	currently guaranteed to work, due to potential time skew between processes).
	* Multiple buyers.
	* Multiple interest group with same owner.
	* Multiple origin auctions (buyer != publisher != seller).
	* Multiple frame tests (including join IG policy, run auction policy,
	loading URNs in fencedframes in other frames, loading component
	ad URNs in fenced frames of other frames, etc)
	* adAuctionConfig passed to reportResult().
	* Component ads (including scoring signals fetches).
	* Component auctions.
	* browserSignals fields in scoring/bidding methods.
	* In reporting methods, browserSignals fields: dataVersion, topLevelSeller,
	componentSeller, modifiedBid, adCost, madeHighestScoringOtherBid
	(with interest group from another origin).
	* Loading ads in iframes.
	* In fencedframes window.fence.setReportEventDataForAutomaticBeacons()
	* Calling leaveAdInterestGroup() in the frame of a winning ad (and one
	of its component ads)
	* Network timeouts.
	* Validate specific escaping behavior logic (still under discussion). There
	are a number of different rules for which characters are escaped, and
	whether spacess are escaped as "%20" or "+".
	* Reports not sent if ad not used.
	* Ties.
	* Interactions with local network access API, which requires public
	networks to send CORS preflights for requests made over local networks.
	Needs testing with public publisher pages running auctions with
	sellers / buyers / update URLs on local networks.

	If possible:
	* Aggregate reporting.
	* Join/leave permission delegation via .well-known files.
	* k-anonymity.
	* Signals request batching. This is an optional feature, so can't require it,
	but maybe a test where batching could be used, and make sure things work,
	whether batching is used or not?