Auto merge of #27806 - jonathanKingston:secure-contexts-with-creation-url, r=jdm

Add creation url and Secure Contexts

A more complete version of https://github.com/servo/servo/pull/27793

I've added in creation/creator URLs to match the HTML spec for the "global settings object" which doesn't exist in Servo but lots of its concepts exist within the Global Scope.

This fixes the previously mentioned blob url test fails but has the previously mentioned issues in https://github.com/servo/servo/pull/27793

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [ ] `./mach build -d` does not report any errors
- [ ] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)

<!-- Either: -->
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

2 files changed, 21 insertions, 4 deletions

diff --git a/components/script/dom/bindings/codegen/CodegenRust.py b/components/script/dom/bindings/codegen/CodegenRust.py
index 83e68cdce76..13c295ef1a2 100644
--- a/components/script/dom/bindings/codegen/CodegenRust.py
+++ b/components/script/dom/bindings/codegen/CodegenRust.py
@@ -1517,7 +1517,7 @@ def getRetvalDeclarationForType(returnType, descriptorProvider):
                     returnType)
 
 
-def MemberCondition(pref, func, exposed):
+def MemberCondition(pref, func, exposed, secure):
     """
     A string representing the condition for a member to actually be exposed.
     Any of the arguments can be None. If not None, they should have the
@@ -1526,11 +1526,14 @@ def MemberCondition(pref, func, exposed):
     pref: The name of the preference.
     func: The name of the function.
     exposed: One or more names of an exposed global.
+    secure: Requires secure context.
     """
     assert pref is None or isinstance(pref, str)
     assert func is None or isinstance(func, str)
     assert exposed is None or isinstance(exposed, set)
-    assert func is None or pref is None or exposed is None
+    assert func is None or pref is None or exposed is None or secure is None
+    if secure:
+        return 'Condition::SecureContext()'
     if pref:
         return 'Condition::Pref("%s")' % pref
     if func:
@@ -1580,7 +1583,8 @@ class PropertyDefiner:
                                           "Pref"),
             PropertyDefiner.getStringAttr(interfaceMember,
                                           "Func"),
-            interfaceMember.exposureSet)
+            interfaceMember.exposureSet,
+            interfaceMember.getExtendedAttribute("SecureContext"))
 
     def generateGuardedArray(self, array, name, specTemplate, specTerminator,
                              specType, getCondition, getDataTuple):
@@ -3038,7 +3042,7 @@ let global = incumbent_global.reflector().get_jsobject();\n"""
         for m in interface.members:
             if m.isAttr() and not m.isStatic() and m.type.isJSONType():
                 name = m.identifier.name
-                conditions = MemberCondition(None, None, m.exposureSet)
+                conditions = MemberCondition(None, None, m.exposureSet, None)
                 ret_conditions = '&[' + ", ".join(conditions) + "]"
                 ret += fill(
                     """
@@ -7838,6 +7842,7 @@ impl %(base)s {
                 if PropertyDefiner.getStringAttr(m, 'Pref') or \
                    PropertyDefiner.getStringAttr(m, 'Func') or \
                    PropertyDefiner.getStringAttr(m, 'Exposed') or \
+                   m.getExtendedAttribute('SecureContext') or \
                    (m.isMethod() and m.isIdentifierLess()):
                     continue
                 display = m.identifier.name + ('()' if m.isMethod() else '')
diff --git a/components/script/dom/bindings/guard.rs b/components/script/dom/bindings/guard.rs
index 188d36fee17..17f3a3d20bc 100644
--- a/components/script/dom/bindings/guard.rs
+++ b/components/script/dom/bindings/guard.rs
@@ -6,6 +6,9 @@
 
 use crate::dom::bindings::codegen::InterfaceObjectMap;
 use crate::dom::bindings::interface::is_exposed_in;
+use crate::dom::globalscope::GlobalScope;
+use crate::realms::AlreadyInRealm;
+use crate::realms::InRealm;
 use crate::script_runtime::JSContext;
 use js::rust::HandleObject;
 use servo_config::prefs;
@@ -45,16 +48,25 @@ pub enum Condition {
     Pref(&'static str),
     // The condition is satisfied if the interface is exposed in the global.
     Exposed(InterfaceObjectMap::Globals),
+    SecureContext(),
     /// The condition is always satisfied.
     Satisfied,
 }
 
+fn is_secure_context(cx: JSContext) -> bool {
+    unsafe {
+        let in_realm_proof = AlreadyInRealm::assert_for_cx(JSContext::from_ptr(*cx));
+        GlobalScope::from_context(*cx, InRealm::Already(&in_realm_proof)).is_secure_context()
+    }
+}
+
 impl Condition {
     pub fn is_satisfied(&self, cx: JSContext, obj: HandleObject, global: HandleObject) -> bool {
         match *self {
             Condition::Pref(name) => prefs::pref_map().get(name).as_bool().unwrap_or(false),
             Condition::Func(f) => f(cx, obj),
             Condition::Exposed(globals) => is_exposed_in(global, globals),
+            Condition::SecureContext() => is_secure_context(cx),
             Condition::Satisfied => true,
         }
     }