diff options
43 files changed, 433 insertions, 455 deletions
diff --git a/Cargo.lock b/Cargo.lock index cecdada6176..b8ac73f4f73 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1223,7 +1223,7 @@ dependencies = [ [[package]] name = "content-security-policy" version = "0.5.4" -source = "git+https://github.com/servo/rust-content-security-policy/?branch=servo-csp#81f95254fbfe98dd6e130260fd872cf950de9fcd" +source = "git+https://github.com/servo/rust-content-security-policy/?branch=servo-csp#fcd91e99139ca96629e04e1a8010f96374f0370f" dependencies = [ "base64 0.22.1", "bitflags 2.9.0", diff --git a/components/script/dom/element.rs b/components/script/dom/element.rs index c040078f707..d92d5c124d1 100644 --- a/components/script/dom/element.rs +++ b/components/script/dom/element.rs @@ -149,7 +149,6 @@ use crate::dom::raredata::ElementRareData; use crate::dom::servoparser::ServoParser; use crate::dom::shadowroot::{IsUserAgentWidget, ShadowRoot}; use crate::dom::text::Text; -use crate::dom::types::TrustedTypePolicyFactory; use crate::dom::validation::Validatable; use crate::dom::validitystate::ValidationFlags; use crate::dom::virtualmethods::{VirtualMethods, vtable_for}; @@ -1961,35 +1960,6 @@ impl Element { .unwrap_or_else(|_| TrustedScriptURLOrUSVString::USVString(USVString(value.to_owned()))) } - pub(crate) fn set_trusted_type_url_attribute( - &self, - local_name: &LocalName, - value: TrustedScriptURLOrUSVString, - can_gc: CanGc, - ) -> Fallible<()> { - assert_eq!(*local_name, local_name.to_ascii_lowercase()); - let value = match value { - TrustedScriptURLOrUSVString::USVString(url) => { - let global = self.owner_global(); - // TODO(36258): Reflectively get the name of the class - let sink = format!("{} {}", "HTMLScriptElement", &local_name); - let result = TrustedTypePolicyFactory::get_trusted_type_compliant_string( - &global, - url.to_string(), - &sink, - "'script'", - can_gc, - ); - result? - }, - // This partially implements <https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-compliant-string-algorithm> - // Step 1: If input is an instance of expectedType, return stringified input and abort these steps. - TrustedScriptURLOrUSVString::TrustedScriptURL(script_url) => script_url.to_string(), - }; - self.set_attribute(local_name, AttrValue::String(value), can_gc); - Ok(()) - } - pub(crate) fn get_string_attribute(&self, local_name: &LocalName) -> DOMString { match self.get_attribute(&ns!(), local_name) { Some(x) => x.Value(), diff --git a/components/script/dom/globalscope.rs b/components/script/dom/globalscope.rs index f097642f424..527d03eed4e 100644 --- a/components/script/dom/globalscope.rs +++ b/components/script/dom/globalscope.rs @@ -18,11 +18,12 @@ use base::id::{ ServiceWorkerId, ServiceWorkerRegistrationId, WebViewId, }; use constellation_traits::{ - BlobData, BlobImpl, BroadcastMsg, FileBlob, MessagePortImpl, MessagePortMsg, PortMessageTask, - ScriptToConstellationChan, ScriptToConstellationMessage, + BlobData, BlobImpl, BroadcastMsg, FileBlob, LoadData, LoadOrigin, MessagePortImpl, + MessagePortMsg, PortMessageTask, ScriptToConstellationChan, ScriptToConstellationMessage, }; use content_security_policy::{ - CheckResult, CspList, PolicyDisposition, PolicySource, Violation, ViolationResource, + CheckResult, CspList, Destination, Initiator, NavigationCheckType, ParserMetadata, + PolicyDisposition, PolicySource, Request, Violation, ViolationResource, }; use crossbeam_channel::Sender; use devtools_traits::{PageError, ScriptToDevtoolsControlMsg}; @@ -62,6 +63,7 @@ use profile_traits::{ipc as profile_ipc, mem as profile_mem, time as profile_tim use script_bindings::interfaces::GlobalScopeHelpers; use servo_url::{ImmutableOrigin, MutableOrigin, ServoUrl}; use timers::{TimerEventId, TimerEventRequest, TimerSource}; +use url::Origin; use uuid::Uuid; #[cfg(feature = "webgpu")] use webgpu_traits::{DeviceLostReason, WebGPUDevice}; @@ -2951,6 +2953,33 @@ impl GlobalScope { is_js_evaluation_allowed == CheckResult::Allowed } + pub(crate) fn should_navigation_request_be_blocked(&self, load_data: &LoadData) -> bool { + let Some(csp_list) = self.get_csp_list() else { + return false; + }; + let request = Request { + url: load_data.url.clone().into_url(), + origin: match &load_data.load_origin { + LoadOrigin::Script(immutable_origin) => immutable_origin.clone().into_url_origin(), + _ => Origin::new_opaque(), + }, + // TODO: populate this field correctly + redirect_count: 0, + destination: Destination::None, + initiator: Initiator::None, + nonce: "".to_owned(), + integrity_metadata: "".to_owned(), + parser_metadata: ParserMetadata::None, + }; + // TODO: set correct navigation check type for form submission if applicable + let (result, violations) = + csp_list.should_navigation_request_be_blocked(&request, NavigationCheckType::Other); + + self.report_csp_violations(violations); + + result == CheckResult::Blocked + } + pub(crate) fn create_image_bitmap( &self, image: ImageBitmapSource, diff --git a/components/script/dom/htmlelement.rs b/components/script/dom/htmlelement.rs index e7efbde9b1d..59b71543d6d 100644 --- a/components/script/dom/htmlelement.rs +++ b/components/script/dom/htmlelement.rs @@ -116,7 +116,7 @@ impl HTMLElement { /// `.outerText` in JavaScript.` /// /// <https://html.spec.whatwg.org/multipage/#get-the-text-steps> - fn get_inner_outer_text(&self, can_gc: CanGc) -> DOMString { + pub(crate) fn get_inner_outer_text(&self, can_gc: CanGc) -> DOMString { let node = self.upcast::<Node>(); let window = node.owner_window(); let element = self.as_element(); @@ -134,6 +134,16 @@ impl HTMLElement { DOMString::from(text) } + + /// <https://html.spec.whatwg.org/multipage/#set-the-inner-text-steps> + pub(crate) fn set_inner_text(&self, input: DOMString, can_gc: CanGc) { + // Step 1: Let fragment be the rendered text fragment for value given element's node + // document. + let fragment = self.rendered_text_fragment(input, can_gc); + + // Step 2: Replace all with fragment within element. + Node::replace_all(Some(fragment.upcast()), self.upcast::<Node>(), can_gc); + } } impl HTMLElementMethods<crate::DomTypeHolder> for HTMLElement { @@ -494,12 +504,7 @@ impl HTMLElementMethods<crate::DomTypeHolder> for HTMLElement { /// <https://html.spec.whatwg.org/multipage/#set-the-inner-text-steps> fn SetInnerText(&self, input: DOMString, can_gc: CanGc) { - // Step 1: Let fragment be the rendered text fragment for value given element's node - // document. - let fragment = self.rendered_text_fragment(input, can_gc); - - // Step 2: Replace all with fragment within element. - Node::replace_all(Some(fragment.upcast()), self.upcast::<Node>(), can_gc); + self.set_inner_text(input, can_gc) } /// <https://html.spec.whatwg.org/multipage/#dom-outertext> diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs index c5194c4527f..0fbff86e44a 100644 --- a/components/script/dom/htmliframeelement.rs +++ b/components/script/dom/htmliframeelement.rs @@ -162,8 +162,13 @@ impl HTMLIFrameElement { if load_data.url.scheme() == "javascript" { let window_proxy = self.GetContentWindow(); if let Some(window_proxy) = window_proxy { + if document + .global() + .should_navigation_request_be_blocked(&load_data) + { + return; + } // Important re security. See https://github.com/servo/servo/issues/23373 - // TODO: check according to https://w3c.github.io/webappsec-csp/#should-block-navigation-request if ScriptThread::check_load_origin(&load_data.load_origin, &document.url().origin()) { ScriptThread::eval_js_url(&window_proxy.global(), &mut load_data, can_gc); @@ -274,6 +279,7 @@ impl HTMLIFrameElement { Some(document.insecure_requests_policy()), document.has_trustworthy_ancestor_or_current_origin(), ); + load_data.policy_container = Some(window.as_global_scope().policy_container()); let element = self.upcast::<Element>(); load_data.srcdoc = String::from(element.get_string_attribute(&local_name!("srcdoc"))); self.navigate_or_reload_child_browsing_context( @@ -356,7 +362,7 @@ impl HTMLIFrameElement { None }; - let load_data = LoadData::new( + let mut load_data = LoadData::new( LoadOrigin::Script(document.origin().immutable().clone()), url, creator_pipeline_id, @@ -373,6 +379,10 @@ impl HTMLIFrameElement { let is_about_blank = pipeline_id.is_some() && pipeline_id == self.about_blank_pipeline_id.get(); + if is_about_blank { + load_data.policy_container = Some(window.as_global_scope().policy_container()); + } + let history_handling = if is_about_blank { NavigationHistoryBehavior::Replace } else { @@ -402,7 +412,7 @@ impl HTMLIFrameElement { let document = self.owner_document(); let window = self.owner_window(); let pipeline_id = Some(window.pipeline_id()); - let load_data = LoadData::new( + let mut load_data = LoadData::new( LoadOrigin::Script(document.origin().immutable().clone()), url, pipeline_id, @@ -412,6 +422,7 @@ impl HTMLIFrameElement { Some(document.insecure_requests_policy()), document.has_trustworthy_ancestor_or_current_origin(), ); + load_data.policy_container = Some(window.as_global_scope().policy_container()); let browsing_context_id = BrowsingContextId::new(); let webview_id = window.window_proxy().webview_id(); self.pipeline_id.set(None); diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs index 58853f600d2..9d0ca807748 100644 --- a/components/script/dom/htmlscriptelement.rs +++ b/components/script/dom/htmlscriptelement.rs @@ -32,6 +32,7 @@ use net_traits::{ }; use servo_config::pref; use servo_url::{ImmutableOrigin, ServoUrl}; +use style::attr::AttrValue; use style::str::{HTML_SPACE_CHARACTERS, StaticStringVec}; use stylo_atoms::Atom; use uuid::Uuid; @@ -44,7 +45,9 @@ use crate::dom::bindings::codegen::Bindings::DocumentBinding::DocumentMethods; use crate::dom::bindings::codegen::Bindings::HTMLScriptElementBinding::HTMLScriptElementMethods; use crate::dom::bindings::codegen::Bindings::NodeBinding::NodeMethods; use crate::dom::bindings::codegen::GenericBindings::HTMLElementBinding::HTMLElement_Binding::HTMLElementMethods; -use crate::dom::bindings::codegen::UnionTypes::TrustedScriptURLOrUSVString; +use crate::dom::bindings::codegen::UnionTypes::{ + TrustedScriptOrString, TrustedScriptURLOrUSVString, +}; use crate::dom::bindings::error::Fallible; use crate::dom::bindings::inheritance::Castable; use crate::dom::bindings::refcounted::Trusted; @@ -64,6 +67,8 @@ use crate::dom::globalscope::GlobalScope; use crate::dom::htmlelement::HTMLElement; use crate::dom::node::{ChildrenMutation, CloneChildrenFlag, Node, NodeTraits}; use crate::dom::performanceresourcetiming::InitiatorType; +use crate::dom::trustedscript::TrustedScript; +use crate::dom::trustedscripturl::TrustedScriptURL; use crate::dom::virtualmethods::VirtualMethods; use crate::fetch::create_a_potential_cors_request; use crate::network_listener::{self, NetworkListener, PreInvoke, ResourceTimingListener}; @@ -667,7 +672,7 @@ impl HTMLScriptElement { // Step 5. Let source text be el's child text content. // Step 6. If el has no src attribute, and source text is the empty string, then return. - let text = self.Text(); + let text = self.text(); if text.is_empty() && !element.has_attribute(&local_name!("src")) { return; } @@ -1272,6 +1277,15 @@ impl HTMLScriptElement { let event = Event::new(window.upcast(), type_, bubbles, cancelable, can_gc); event.fire(self.upcast(), can_gc) } + + fn text(&self) -> DOMString { + match self.Text() { + TrustedScriptOrString::String(value) => value, + TrustedScriptOrString::TrustedScript(trusted_script) => { + DOMString::from(trusted_script.to_string()) + }, + } + } } impl VirtualMethods for HTMLScriptElement { @@ -1286,7 +1300,7 @@ impl VirtualMethods for HTMLScriptElement { if *attr.local_name() == local_name!("src") { if let AttributeMutation::Set(_) = mutation { if !self.parser_inserted.get() && self.upcast::<Node>().is_connected() { - self.prepare(CanGc::note()); + self.prepare(can_gc); } } } @@ -1344,10 +1358,25 @@ impl VirtualMethods for HTMLScriptElement { impl HTMLScriptElementMethods<crate::DomTypeHolder> for HTMLScriptElement { // https://html.spec.whatwg.org/multipage/#dom-script-src - make_trusted_type_url_getter!(Src, "src"); + fn Src(&self) -> TrustedScriptURLOrUSVString { + let element = self.upcast::<Element>(); + element.get_trusted_type_url_attribute(&local_name!("src")) + } - // https://html.spec.whatwg.org/multipage/#dom-script-src - make_trusted_type_url_setter!(SetSrc, "src"); + /// <https://w3c.github.io/trusted-types/dist/spec/#the-src-idl-attribute> + fn SetSrc(&self, value: TrustedScriptURLOrUSVString, can_gc: CanGc) -> Fallible<()> { + let element = self.upcast::<Element>(); + let local_name = &local_name!("src"); + let value = TrustedScriptURL::get_trusted_script_url_compliant_string( + &element.owner_global(), + value, + "HTMLScriptElement", + local_name, + can_gc, + )?; + element.set_attribute(local_name, AttrValue::String(value), can_gc); + Ok(()) + } // https://html.spec.whatwg.org/multipage/#dom-script-type make_getter!(Type, "type"); @@ -1416,14 +1445,77 @@ impl HTMLScriptElementMethods<crate::DomTypeHolder> for HTMLScriptElement { // https://html.spec.whatwg.org/multipage/#dom-script-referrerpolicy make_setter!(SetReferrerPolicy, "referrerpolicy"); - // https://html.spec.whatwg.org/multipage/#dom-script-text - fn Text(&self) -> DOMString { - self.upcast::<Node>().child_text_content() + /// <https://w3c.github.io/trusted-types/dist/spec/#dom-htmlscriptelement-innertext> + fn InnerText(&self, can_gc: CanGc) -> TrustedScriptOrString { + // Step 1: Return the result of running get the text steps with this. + TrustedScriptOrString::String(self.upcast::<HTMLElement>().get_inner_outer_text(can_gc)) } - // https://html.spec.whatwg.org/multipage/#dom-script-text - fn SetText(&self, value: DOMString, can_gc: CanGc) { - self.upcast::<Node>().SetTextContent(Some(value), can_gc) + /// <https://w3c.github.io/trusted-types/dist/spec/#the-innerText-idl-attribute> + fn SetInnerText(&self, input: TrustedScriptOrString, can_gc: CanGc) -> Fallible<()> { + // Step 1: Let value be the result of calling Get Trusted Type compliant string with TrustedScript, + // this's relevant global object, the given value, HTMLScriptElement innerText, and script. + let value = TrustedScript::get_trusted_script_compliant_string( + &self.owner_global(), + input, + "HTMLScriptElement", + "innerText", + can_gc, + )?; + // Step 3: Run set the inner text steps with this and value. + self.upcast::<HTMLElement>() + .set_inner_text(DOMString::from(value), can_gc); + Ok(()) + } + + /// <https://html.spec.whatwg.org/multipage/#dom-script-text> + fn Text(&self) -> TrustedScriptOrString { + TrustedScriptOrString::String(self.upcast::<Node>().child_text_content()) + } + + /// <https://w3c.github.io/trusted-types/dist/spec/#the-text-idl-attribute> + fn SetText(&self, value: TrustedScriptOrString, can_gc: CanGc) -> Fallible<()> { + // Step 1: Let value be the result of calling Get Trusted Type compliant string with TrustedScript, + // this's relevant global object, the given value, HTMLScriptElement text, and script. + let value = TrustedScript::get_trusted_script_compliant_string( + &self.owner_global(), + value, + "HTMLScriptElement", + "text", + can_gc, + )?; + // Step 2: Set this's script text value to the given value. + // TODO: Implement for https://w3c.github.io/trusted-types/dist/spec/#prepare-script-text + // Step 3: String replace all with the given value within this. + Node::string_replace_all(DOMString::from(value), self.upcast::<Node>(), can_gc); + Ok(()) + } + + /// <https://w3c.github.io/trusted-types/dist/spec/#the-textContent-idl-attribute> + fn GetTextContent(&self) -> Option<TrustedScriptOrString> { + // Step 1: Return the result of running get text content with this. + Some(TrustedScriptOrString::String( + self.upcast::<Node>().GetTextContent()?, + )) + } + + /// <https://w3c.github.io/trusted-types/dist/spec/#the-textContent-idl-attribute> + fn SetTextContent(&self, value: Option<TrustedScriptOrString>, can_gc: CanGc) -> Fallible<()> { + // Step 1: Let value be the result of calling Get Trusted Type compliant string with TrustedScript, + // this's relevant global object, the given value, HTMLScriptElement textContent, and script. + let value = TrustedScript::get_trusted_script_compliant_string( + &self.owner_global(), + value.unwrap_or(TrustedScriptOrString::String(DOMString::from(""))), + "HTMLScriptElement", + "textContent", + can_gc, + )?; + // Step 2: Set this's script text value to value. + // TODO: Implement for https://w3c.github.io/trusted-types/dist/spec/#prepare-script-text + // Step 3: Run set text content with this and value. + self.upcast::<Node>() + .SetTextContent(Some(DOMString::from(value)), can_gc); + Ok(()) } } diff --git a/components/script/dom/macros.rs b/components/script/dom/macros.rs index 997341984c6..cc44497d0b9 100644 --- a/components/script/dom/macros.rs +++ b/components/script/dom/macros.rs @@ -122,32 +122,6 @@ macro_rules! make_url_setter( ); #[macro_export] -macro_rules! make_trusted_type_url_getter( - ( $attr:ident, $htmlname:tt ) => ( - fn $attr(&self) -> TrustedScriptURLOrUSVString { - use $crate::dom::bindings::inheritance::Castable; - use $crate::dom::element::Element; - let element = self.upcast::<Element>(); - element.get_trusted_type_url_attribute(&html5ever::local_name!($htmlname)) - } - ); -); - -#[macro_export] -macro_rules! make_trusted_type_url_setter( - ( $attr:ident, $htmlname:tt ) => ( - fn $attr(&self, value: TrustedScriptURLOrUSVString, can_gc: CanGc) -> Fallible<()> { - use $crate::dom::bindings::inheritance::Castable; - use $crate::dom::element::Element; - use $crate::script_runtime::CanGc; - let element = self.upcast::<Element>(); - element.set_trusted_type_url_attribute(&html5ever::local_name!($htmlname), - value, can_gc) - } - ); -); - -#[macro_export] macro_rules! make_form_action_getter( ( $attr:ident, $htmlname:tt ) => ( fn $attr(&self) -> DOMString { diff --git a/components/script/dom/servoparser/mod.rs b/components/script/dom/servoparser/mod.rs index 0650fde676e..5878573d552 100644 --- a/components/script/dom/servoparser/mod.rs +++ b/components/script/dom/servoparser/mod.rs @@ -21,6 +21,7 @@ use html5ever::{Attribute, ExpandedName, LocalName, QualName, local_name, ns}; use hyper_serde::Serde; use markup5ever::TokenizerResult; use mime::{self, Mime}; +use net_traits::policy_container::PolicyContainer; use net_traits::request::RequestId; use net_traits::{ FetchMetadata, FetchResponseListener, Metadata, NetworkError, ResourceFetchTiming, @@ -813,6 +814,27 @@ impl ParserContext { pushed_entry_index: None, } } + + pub(crate) fn append_parent_to_csp_list(&self, policy_container: Option<&PolicyContainer>) { + let Some(policy_container) = policy_container else { + return; + }; + let Some(parent_csp_list) = &policy_container.csp_list else { + return; + }; + let Some(parser) = self.parser.as_ref().map(|p| p.root()) else { + return; + }; + let new_csp_list = match parser.document.get_csp_list() { + None => parent_csp_list.clone(), + Some(original_csp_list) => { + let mut appended_csp_list = original_csp_list.clone(); + appended_csp_list.append(parent_csp_list.clone()); + appended_csp_list.to_owned() + }, + }; + parser.document.set_csp_list(Some(new_csp_list)); + } } impl FetchResponseListener for ParserContext { diff --git a/components/script/dom/trustedscript.rs b/components/script/dom/trustedscript.rs index 5ce51c24989..648fcc8c239 100644 --- a/components/script/dom/trustedscript.rs +++ b/components/script/dom/trustedscript.rs @@ -1,14 +1,19 @@ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ +use std::fmt; use dom_struct::dom_struct; use crate::dom::bindings::codegen::Bindings::TrustedScriptBinding::TrustedScriptMethods; +use crate::dom::bindings::codegen::UnionTypes::TrustedScriptOrString; +use crate::dom::bindings::error::Fallible; use crate::dom::bindings::reflector::{Reflector, reflect_dom_object}; use crate::dom::bindings::root::DomRoot; use crate::dom::bindings::str::DOMString; use crate::dom::globalscope::GlobalScope; +use crate::dom::trustedtypepolicy::TrustedType; +use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory; use crate::script_runtime::CanGc; #[dom_struct] @@ -30,6 +35,37 @@ impl TrustedScript { pub(crate) fn new(data: String, global: &GlobalScope, can_gc: CanGc) -> DomRoot<Self> { reflect_dom_object(Box::new(Self::new_inherited(data)), global, can_gc) } + + pub(crate) fn get_trusted_script_compliant_string( + global: &GlobalScope, + value: TrustedScriptOrString, + containing_class: &str, + field: &str, + can_gc: CanGc, + ) -> Fallible<String> { + match value { + TrustedScriptOrString::String(value) => { + let sink = format!("{} {}", containing_class, field); + TrustedTypePolicyFactory::get_trusted_type_compliant_string( + TrustedType::TrustedScript, + global, + value.as_ref().to_owned(), + &sink, + "'script'", + can_gc, + ) + }, + + TrustedScriptOrString::TrustedScript(trusted_script) => Ok(trusted_script.to_string()), + } + } +} + +impl fmt::Display for TrustedScript { + #[inline] + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + f.write_str(&self.data) + } } impl TrustedScriptMethods<crate::DomTypeHolder> for TrustedScript { diff --git a/components/script/dom/trustedscripturl.rs b/components/script/dom/trustedscripturl.rs index ba1e0335abc..3f0aef248b3 100644 --- a/components/script/dom/trustedscripturl.rs +++ b/components/script/dom/trustedscripturl.rs @@ -7,10 +7,14 @@ use std::fmt; use dom_struct::dom_struct; use crate::dom::bindings::codegen::Bindings::TrustedScriptURLBinding::TrustedScriptURLMethods; +use crate::dom::bindings::codegen::UnionTypes::TrustedScriptURLOrUSVString; +use crate::dom::bindings::error::Fallible; use crate::dom::bindings::reflector::{Reflector, reflect_dom_object}; use crate::dom::bindings::root::DomRoot; use crate::dom::bindings::str::DOMString; use crate::dom::globalscope::GlobalScope; +use crate::dom::trustedtypepolicy::TrustedType; +use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory; use crate::script_runtime::CanGc; #[dom_struct] @@ -32,6 +36,31 @@ impl TrustedScriptURL { pub(crate) fn new(data: String, global: &GlobalScope, can_gc: CanGc) -> DomRoot<Self> { reflect_dom_object(Box::new(Self::new_inherited(data)), global, can_gc) } + + pub(crate) fn get_trusted_script_url_compliant_string( + global: &GlobalScope, + value: TrustedScriptURLOrUSVString, + containing_class: &str, + field: &str, + can_gc: CanGc, + ) -> Fallible<String> { + match value { + TrustedScriptURLOrUSVString::USVString(value) => { + let sink = format!("{} {}", containing_class, field); + TrustedTypePolicyFactory::get_trusted_type_compliant_string( + TrustedType::TrustedScriptURL, + global, + value.as_ref().to_owned(), + &sink, + "'script'", + can_gc, + ) + }, + TrustedScriptURLOrUSVString::TrustedScriptURL(trusted_script_url) => { + Ok(trusted_script_url.to_string()) + }, + } + } } impl fmt::Display for TrustedScriptURL { diff --git a/components/script/dom/trustedtypepolicy.rs b/components/script/dom/trustedtypepolicy.rs index 2ec5015eb88..d4def7269ed 100644 --- a/components/script/dom/trustedtypepolicy.rs +++ b/components/script/dom/trustedtypepolicy.rs @@ -7,6 +7,7 @@ use std::rc::Rc; use dom_struct::dom_struct; use js::jsapi::JSObject; use js::rust::HandleValue; +use strum_macros::IntoStaticStr; use crate::dom::bindings::callback::ExceptionHandling; use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyBinding::TrustedTypePolicyMethods; @@ -38,6 +39,13 @@ pub struct TrustedTypePolicy { create_script_url: Option<Rc<CreateScriptURLCallback>>, } +#[derive(Clone, IntoStaticStr)] +pub(crate) enum TrustedType { + TrustedHTML, + TrustedScript, + TrustedScriptURL, +} + impl TrustedTypePolicy { fn new_inherited(name: String, options: &TrustedTypePolicyOptions) -> Self { Self { @@ -59,51 +67,87 @@ impl TrustedTypePolicy { reflect_dom_object(Box::new(Self::new_inherited(name, options)), global, can_gc) } - // TODO(36258): Remove when we refactor get_trusted_type_policy_value to take an enum - // value to handle which callback to call. The callback should not be exposed outside - // of the policy object, but is currently used in TrustedPolicyFactory::process_value_with_default_policy - pub(crate) fn create_script_url(&self) -> Option<Rc<CreateScriptURLCallback>> { - self.create_script_url.clone() + /// <https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-policy-value-algorithm> + fn check_callback_if_missing(throw_if_missing: bool) -> Fallible<Option<String>> { + // Step 3.1: If throwIfMissing throw a TypeError. + if throw_if_missing { + Err(Type("Cannot find type".to_owned())) + } else { + // Step 3.2: Else return null. + Ok(None) + } } - /// This does not take all arguments as specified. That's because the return type of the - /// trusted type function and object are not the same. 2 of the 3 string callbacks return - /// a DOMString, while the other one returns an USVString. Additionally, all three callbacks - /// have a unique type signature in WebIDL. - /// - /// To circumvent these type problems, rather than implementing the full functionality here, - /// part of the algorithm is implemented on the caller side. There, we only call the callback - /// and create the object. The rest of the machinery is ensuring the right values pass through - /// to the relevant callbacks. - /// /// <https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-policy-value-algorithm> - pub(crate) fn get_trusted_type_policy_value<S, PolicyCallback>( + pub(crate) fn get_trusted_type_policy_value( &self, - policy_value_callback: PolicyCallback, + expected_type: TrustedType, + cx: JSContext, + input: DOMString, + arguments: Vec<HandleValue>, throw_if_missing: bool, - ) -> Fallible<Option<S>> - where - S: AsRef<str>, - PolicyCallback: FnOnce() -> Option<Fallible<Option<S>>>, - { + can_gc: CanGc, + ) -> Fallible<Option<String>> { + rooted!(in(*cx) let this_object: *mut JSObject); // Step 1: Let functionName be a function name for the given trustedTypeName, based on the following table: - // Step 2: Let function be policy’s options[functionName]. - let function = policy_value_callback(); - match function { - // Step 3: If function is null, then: - None => { - // Step 3.1: If throwIfMissing throw a TypeError. - if throw_if_missing { - Err(Type("Cannot find type".to_owned())) - } else { - // Step 3.2: Else return null. - Ok(None) - } + match expected_type { + TrustedType::TrustedHTML => match &self.create_html { + // Step 3: If function is null, then: + None => TrustedTypePolicy::check_callback_if_missing(throw_if_missing), + // Step 2: Let function be policy’s options[functionName]. + Some(callback) => { + // Step 4: Let policyValue be the result of invoking function with value as a first argument, + // items of arguments as subsequent arguments, and callback **this** value set to null, + // rethrowing any exceptions. + callback + .Call_( + &this_object.handle(), + input, + arguments, + ExceptionHandling::Rethrow, + can_gc, + ) + .map(|result| result.map(|str| str.as_ref().to_owned())) + }, + }, + TrustedType::TrustedScript => match &self.create_script { + // Step 3: If function is null, then: + None => TrustedTypePolicy::check_callback_if_missing(throw_if_missing), + // Step 2: Let function be policy’s options[functionName]. + Some(callback) => { + // Step 4: Let policyValue be the result of invoking function with value as a first argument, + // items of arguments as subsequent arguments, and callback **this** value set to null, + // rethrowing any exceptions. + callback + .Call_( + &this_object.handle(), + input, + arguments, + ExceptionHandling::Rethrow, + can_gc, + ) + .map(|result| result.map(|str| str.as_ref().to_owned())) + }, + }, + TrustedType::TrustedScriptURL => match &self.create_script_url { + // Step 3: If function is null, then: + None => TrustedTypePolicy::check_callback_if_missing(throw_if_missing), + // Step 2: Let function be policy’s options[functionName]. + Some(callback) => { + // Step 4: Let policyValue be the result of invoking function with value as a first argument, + // items of arguments as subsequent arguments, and callback **this** value set to null, + // rethrowing any exceptions. + callback + .Call_( + &this_object.handle(), + input, + arguments, + ExceptionHandling::Rethrow, + can_gc, + ) + .map(|result| result.map(|str| str.as_ref().to_owned())) + }, }, - // Step 4: Let policyValue be the result of invoking function with value as a first argument, - // items of arguments as subsequent arguments, and callback **this** value set to null, - // rethrowing any exceptions. - Some(policy_value) => policy_value, } } @@ -118,27 +162,30 @@ impl TrustedTypePolicy { /// to the relevant callbacks. /// /// <https://w3c.github.io/trusted-types/dist/spec/#create-a-trusted-type-algorithm> - pub(crate) fn create_trusted_type<R, S, PolicyCallback, TrustedTypeCallback>( + pub(crate) fn create_trusted_type<R, TrustedTypeCallback>( &self, - policy_value_callback: PolicyCallback, + expected_type: TrustedType, + cx: JSContext, + input: DOMString, + arguments: Vec<HandleValue>, trusted_type_creation_callback: TrustedTypeCallback, + can_gc: CanGc, ) -> Fallible<DomRoot<R>> where R: DomObject, - S: AsRef<str>, - PolicyCallback: FnOnce() -> Option<Fallible<Option<S>>>, TrustedTypeCallback: FnOnce(String) -> DomRoot<R>, { // Step 1: Let policyValue be the result of executing Get Trusted Type policy value // with the same arguments as this algorithm and additionally true as throwIfMissing. - let policy_value = self.get_trusted_type_policy_value(policy_value_callback, true); + let policy_value = + self.get_trusted_type_policy_value(expected_type, cx, input, arguments, true, can_gc); match policy_value { // Step 2: If the algorithm threw an error, rethrow the error and abort the following steps. Err(error) => Err(error), Ok(policy_value) => { // Step 3: Let dataString be the result of stringifying policyValue. let data_string = match policy_value { - Some(value) => value.as_ref().into(), + Some(value) => value, // Step 4: If policyValue is null or undefined, set dataString to the empty string. None => "".to_owned(), }; @@ -164,22 +211,12 @@ impl TrustedTypePolicyMethods<crate::DomTypeHolder> for TrustedTypePolicy { can_gc: CanGc, ) -> Fallible<DomRoot<TrustedHTML>> { self.create_trusted_type( - || { - self.create_html.clone().map(|callback| { - rooted!(in(*cx) let this_object: *mut JSObject); - // Step 4: Let policyValue be the result of invoking function with value as a first argument, - // items of arguments as subsequent arguments, and callback **this** value set to null, - // rethrowing any exceptions. - callback.Call_( - &this_object.handle(), - input, - arguments, - ExceptionHandling::Rethrow, - can_gc, - ) - }) - }, + TrustedType::TrustedHTML, + cx, + input, + arguments, |data_string| TrustedHTML::new(data_string, &self.global(), can_gc), + can_gc, ) } /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicy-createscript> @@ -191,22 +228,12 @@ impl TrustedTypePolicyMethods<crate::DomTypeHolder> for TrustedTypePolicy { can_gc: CanGc, ) -> Fallible<DomRoot<TrustedScript>> { self.create_trusted_type( - || { - self.create_script.clone().map(|callback| { - rooted!(in(*cx) let this_object: *mut JSObject); - // Step 4: Let policyValue be the result of invoking function with value as a first argument, - // items of arguments as subsequent arguments, and callback **this** value set to null, - // rethrowing any exceptions. - callback.Call_( - &this_object.handle(), - input, - arguments, - ExceptionHandling::Rethrow, - can_gc, - ) - }) - }, + TrustedType::TrustedScript, + cx, + input, + arguments, |data_string| TrustedScript::new(data_string, &self.global(), can_gc), + can_gc, ) } /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicy-createscripturl> @@ -218,22 +245,12 @@ impl TrustedTypePolicyMethods<crate::DomTypeHolder> for TrustedTypePolicy { can_gc: CanGc, ) -> Fallible<DomRoot<TrustedScriptURL>> { self.create_trusted_type( - || { - self.create_script_url.clone().map(|callback| { - rooted!(in(*cx) let this_object: *mut JSObject); - // Step 4: Let policyValue be the result of invoking function with value as a first argument, - // items of arguments as subsequent arguments, and callback **this** value set to null, - // rethrowing any exceptions. - callback.Call_( - &this_object.handle(), - input, - arguments, - ExceptionHandling::Rethrow, - can_gc, - ) - }) - }, + TrustedType::TrustedScriptURL, + cx, + input, + arguments, |data_string| TrustedScriptURL::new(data_string, &self.global(), can_gc), + can_gc, ) } } diff --git a/components/script/dom/trustedtypepolicyfactory.rs b/components/script/dom/trustedtypepolicyfactory.rs index 0dcc78b7cd0..0927446b904 100644 --- a/components/script/dom/trustedtypepolicyfactory.rs +++ b/components/script/dom/trustedtypepolicyfactory.rs @@ -6,11 +6,9 @@ use std::cell::RefCell; use content_security_policy::CheckResult; use dom_struct::dom_struct; use html5ever::{LocalName, Namespace, QualName, local_name, ns}; -use js::jsapi::JSObject; use js::jsval::NullValue; use js::rust::HandleValue; -use crate::dom::bindings::callback::ExceptionHandling; use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyFactoryBinding::{ TrustedTypePolicyFactoryMethods, TrustedTypePolicyOptions, }; @@ -23,7 +21,7 @@ use crate::dom::globalscope::GlobalScope; use crate::dom::trustedhtml::TrustedHTML; use crate::dom::trustedscript::TrustedScript; use crate::dom::trustedscripturl::TrustedScriptURL; -use crate::dom::trustedtypepolicy::TrustedTypePolicy; +use crate::dom::trustedtypepolicy::{TrustedType, TrustedTypePolicy}; use crate::js::conversions::ToJSValConvertible; use crate::script_runtime::{CanGc, JSContext}; @@ -144,50 +142,40 @@ impl TrustedTypePolicyFactory { /// <https://w3c.github.io/trusted-types/dist/spec/#process-value-with-a-default-policy-algorithm> #[allow(unsafe_code)] pub(crate) fn process_value_with_default_policy( + expected_type: TrustedType, global: &GlobalScope, input: String, sink: &str, can_gc: CanGc, - ) -> Fallible<Option<DomRoot<TrustedScriptURL>>> { + ) -> Fallible<Option<String>> { // Step 1: Let defaultPolicy be the value of global’s trusted type policy factory's default policy. let global_policy_factory = global.trusted_types(can_gc); let default_policy = match global_policy_factory.default_policy.get() { - None => return Ok(Some(TrustedScriptURL::new(input, global, can_gc))), + None => return Ok(None), Some(default_policy) => default_policy, }; let cx = GlobalScope::get_cx(); // Step 2: Let policyValue be the result of executing Get Trusted Type policy value, // with the following arguments: - let policy_value = default_policy.get_trusted_type_policy_value( - || { - // TODO(36258): support other trusted types as well by changing get_trusted_type_policy_value to accept - // the trusted type as enum and call the appropriate callback based on that. - default_policy.create_script_url().map(|callback| { - rooted!(in(*cx) let this_object: *mut JSObject); - rooted!(in(*cx) let mut trusted_type_name_value = NullValue()); - unsafe { - "TrustedScriptURL".to_jsval(*cx, trusted_type_name_value.handle_mut()); - } + rooted!(in(*cx) let mut trusted_type_name_value = NullValue()); + unsafe { + let trusted_type_name: &'static str = expected_type.clone().into(); + trusted_type_name.to_jsval(*cx, trusted_type_name_value.handle_mut()); + } - rooted!(in(*cx) let mut sink_value = NullValue()); - unsafe { - sink.to_jsval(*cx, sink_value.handle_mut()); - } + rooted!(in(*cx) let mut sink_value = NullValue()); + unsafe { + sink.to_jsval(*cx, sink_value.handle_mut()); + } - let args = vec![trusted_type_name_value.handle(), sink_value.handle()]; - // Step 4: Let policyValue be the result of invoking function with value as a first argument, - // items of arguments as subsequent arguments, and callback **this** value set to null, - // rethrowing any exceptions. - callback.Call_( - &this_object.handle(), - DOMString::from(input.to_owned()), - args, - ExceptionHandling::Rethrow, - can_gc, - ) - }) - }, + let arguments = vec![trusted_type_name_value.handle(), sink_value.handle()]; + let policy_value = default_policy.get_trusted_type_policy_value( + expected_type, + cx, + DOMString::from(input.to_owned()), + arguments, false, + can_gc, ); let data_string = match policy_value { // Step 3: If the algorithm threw an error, rethrow the error and abort the following steps. @@ -196,14 +184,15 @@ impl TrustedTypePolicyFactory { // Step 4: If policyValue is null or undefined, return policyValue. None => return Ok(None), // Step 5: Let dataString be the result of stringifying policyValue. - Some(policy_value) => policy_value.as_ref().into(), + Some(policy_value) => policy_value, }, }; - Ok(Some(TrustedScriptURL::new(data_string, global, can_gc))) + Ok(Some(data_string)) } /// Step 1 is implemented by the caller /// <https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-compliant-string-algorithm> pub(crate) fn get_trusted_type_compliant_string( + expected_type: TrustedType, global: &GlobalScope, input: String, sink: &str, @@ -224,6 +213,7 @@ impl TrustedTypePolicyFactory { // Step 4: Let convertedInput be the result of executing Process value with a default policy // with the same arguments as this algorithm. let converted_input = TrustedTypePolicyFactory::process_value_with_default_policy( + expected_type, global, input.clone(), sink, @@ -252,7 +242,7 @@ impl TrustedTypePolicyFactory { } }, // Step 8: Return stringified convertedInput. - Some(converted_input) => Ok((*converted_input).to_string()), + Some(converted_input) => Ok(converted_input), } // Step 7: Assert: convertedInput is an instance of expectedType. // TODO(https://github.com/w3c/trusted-types/issues/566): Implement when spec is resolved diff --git a/components/script/script_thread.rs b/components/script/script_thread.rs index 382ab94d893..7241c115a2a 100644 --- a/components/script/script_thread.rs +++ b/components/script/script_thread.rs @@ -598,7 +598,7 @@ impl ScriptThread { with_script_thread(|script_thread| { let is_javascript = load_data.url.scheme() == "javascript"; // If resource is a request whose url's scheme is "javascript" - // https://html.spec.whatwg.org/multipage/#javascript-protocol + // https://html.spec.whatwg.org/multipage/#navigate-to-a-javascript:-url if is_javascript { let window = match script_thread.documents.borrow().find_window(pipeline_id) { None => return, @@ -612,8 +612,12 @@ impl ScriptThread { .clone(); let task = task!(navigate_javascript: move || { // Important re security. See https://github.com/servo/servo/issues/23373 - // TODO: check according to https://w3c.github.io/webappsec-csp/#should-block-navigation-request if let Some(window) = trusted_global.root().downcast::<Window>() { + // Step 5: If the result of should navigation request of type be blocked by + // Content Security Policy? given request and cspNavigationType is "Blocked", then return. [CSP] + if trusted_global.root().should_navigation_request_be_blocked(&load_data) { + return; + } if ScriptThread::check_load_origin(&load_data.load_origin, &window.get_url().origin()) { ScriptThread::eval_js_url(&trusted_global.root(), &mut load_data, CanGc::note()); sender @@ -622,6 +626,7 @@ impl ScriptThread { } } }); + // Step 19 of <https://html.spec.whatwg.org/multipage/#navigate> global .task_manager() .dom_manipulation_task_source() @@ -3669,10 +3674,12 @@ impl ScriptThread { None => vec![], }; + let policy_container = incomplete.load_data.policy_container.clone(); self.incomplete_loads.borrow_mut().push(incomplete); let dummy_request_id = RequestId::default(); context.process_response(dummy_request_id, Ok(FetchMetadata::Unfiltered(meta))); + context.append_parent_to_csp_list(policy_container.as_ref()); context.process_response_chunk(dummy_request_id, chunk); context.process_response_eof( dummy_request_id, @@ -3692,12 +3699,14 @@ impl ScriptThread { let srcdoc = std::mem::take(&mut incomplete.load_data.srcdoc); let chunk = srcdoc.into_bytes(); + let policy_container = incomplete.load_data.policy_container.clone(); self.incomplete_loads.borrow_mut().push(incomplete); let mut context = ParserContext::new(id, url); let dummy_request_id = RequestId::default(); context.process_response(dummy_request_id, Ok(FetchMetadata::Unfiltered(meta))); + context.append_parent_to_csp_list(policy_container.as_ref()); context.process_response_chunk(dummy_request_id, chunk); context.process_response_eof( dummy_request_id, diff --git a/components/script_bindings/codegen/Bindings.conf b/components/script_bindings/codegen/Bindings.conf index 6396e3ced0c..36bb0c1b9f4 100644 --- a/components/script_bindings/codegen/Bindings.conf +++ b/components/script_bindings/codegen/Bindings.conf @@ -416,7 +416,7 @@ DOMInterfaces = { }, 'HTMLScriptElement': { - 'canGc': ['SetAsync', 'SetCrossOrigin', 'SetSrc', 'SetText'] + 'canGc': ['InnerText', 'SetAsync', 'SetCrossOrigin', 'SetInnerText', 'SetSrc', 'SetText', 'SetTextContent'] }, 'HTMLSelectElement': { diff --git a/components/script_bindings/webidls/HTMLScriptElement.webidl b/components/script_bindings/webidls/HTMLScriptElement.webidl index 6f02bb3cf47..2c7b398b7e3 100644 --- a/components/script_bindings/webidls/HTMLScriptElement.webidl +++ b/components/script_bindings/webidls/HTMLScriptElement.webidl @@ -21,8 +21,12 @@ interface HTMLScriptElement : HTMLElement { attribute boolean defer; [CEReactions] attribute DOMString? crossOrigin; - [CEReactions, Pure] - attribute DOMString text; + [CEReactions, SetterThrows] + attribute (TrustedScript or DOMString) innerText; + [CEReactions, Pure, SetterThrows] + attribute (TrustedScript or DOMString) text; + [CEReactions, SetterThrows] + attribute (TrustedScript or DOMString)? textContent; [CEReactions] attribute DOMString integrity; [CEReactions] diff --git a/components/shared/constellation/from_script_message.rs b/components/shared/constellation/from_script_message.rs index ddc9f788617..21665c24e57 100644 --- a/components/shared/constellation/from_script_message.rs +++ b/components/shared/constellation/from_script_message.rs @@ -22,6 +22,7 @@ use euclid::default::Size2D as UntypedSize2D; use http::{HeaderMap, Method}; use ipc_channel::Error as IpcError; use ipc_channel::ipc::{IpcReceiver, IpcSender}; +use net_traits::policy_container::PolicyContainer; use net_traits::request::{InsecureRequestsPolicy, Referrer, RequestBody}; use net_traits::storage_thread::StorageType; use net_traits::{CoreResourceMsg, ReferrerPolicy, ResourceThreads}; @@ -97,6 +98,8 @@ pub struct LoadData { pub referrer: Referrer, /// The referrer policy. pub referrer_policy: ReferrerPolicy, + /// The policy container. + pub policy_container: Option<PolicyContainer>, /// The source to use instead of a network response for a srcdoc document. pub srcdoc: String, @@ -143,6 +146,7 @@ impl LoadData { js_eval_result: None, referrer, referrer_policy, + policy_container: None, srcdoc: "".to_string(), inherited_secure_context, crash: None, diff --git a/tests/wpt/meta/MANIFEST.json b/tests/wpt/meta/MANIFEST.json index c74943bb031..e786bb85e80 100644 --- a/tests/wpt/meta/MANIFEST.json +++ b/tests/wpt/meta/MANIFEST.json @@ -571755,7 +571755,7 @@ ] ], "eval-blocked-in-about-blank-iframe.html": [ - "054e75b52749b37530a02bc5ee0119ca5e76a474", + "b2286f56a234a515cddec0e02439f9768e3a2905", [ null, {} diff --git a/tests/wpt/meta/content-security-policy/inheritance/document-write-iframe.html.ini b/tests/wpt/meta/content-security-policy/inheritance/document-write-iframe.html.ini deleted file mode 100644 index d93be0d40ea..00000000000 --- a/tests/wpt/meta/content-security-policy/inheritance/document-write-iframe.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[document-write-iframe.html] - [document.open() keeps inherited CSPs on empty iframe.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/inheritance/iframe-all-local-schemes.sub.html.ini b/tests/wpt/meta/content-security-policy/inheritance/iframe-all-local-schemes.sub.html.ini index 781468a1f16..af308a4588e 100644 --- a/tests/wpt/meta/content-security-policy/inheritance/iframe-all-local-schemes.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/inheritance/iframe-all-local-schemes.sub.html.ini @@ -1,30 +1,6 @@ [iframe-all-local-schemes.sub.html] - [<iframe>'s about:blank inherits policy.] - expected: FAIL - - [window about:blank inherits policy.] - expected: FAIL - - [<iframe srcdoc>'s inherits policy.] - expected: FAIL - - [<iframe src='blob:...'>'s inherits policy.] - expected: FAIL - - [window url='blob:...' inherits policy.] - expected: FAIL - [<iframe src='data:...'>'s inherits policy.] expected: FAIL - [<iframe src='javascript:...'>'s inherits policy (static <img> is blocked)] - expected: FAIL - - [window url='javascript:...'>'s inherits policy (static <img> is blocked)] - expected: FAIL - - [<iframe src='javascript:...'>'s inherits policy (dynamically inserted <img> is blocked)] - expected: FAIL - [<iframe sandbox src='blob:...'>'s inherits policy. (opaque origin sandbox)] expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/inheritance/iframe-srcdoc-inheritance.html.ini b/tests/wpt/meta/content-security-policy/inheritance/iframe-srcdoc-inheritance.html.ini index 61468867d57..b37ad96bcc3 100644 --- a/tests/wpt/meta/content-security-policy/inheritance/iframe-srcdoc-inheritance.html.ini +++ b/tests/wpt/meta/content-security-policy/inheritance/iframe-srcdoc-inheritance.html.ini @@ -1,7 +1,4 @@ [iframe-srcdoc-inheritance.html] expected: TIMEOUT - [First image should be blocked] - expected: FAIL - [Second image should be blocked] expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/inheritance/location-reload.html.ini b/tests/wpt/meta/content-security-policy/inheritance/location-reload.html.ini index 4b0c78cb0d8..6a4ec8e2baa 100644 --- a/tests/wpt/meta/content-security-policy/inheritance/location-reload.html.ini +++ b/tests/wpt/meta/content-security-policy/inheritance/location-reload.html.ini @@ -1,9 +1,4 @@ [location-reload.html] - [location.reload() of empty iframe.] - expected: FAIL - - [location.reload() of blob URL iframe.] - expected: FAIL - + expected: TIMEOUT [location.reload() of srcdoc iframe.] - expected: FAIL + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini b/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini index e09851b2685..3eb78514061 100644 --- a/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini +++ b/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini @@ -1,10 +1,7 @@ [to-javascript-parent-initiated-child-csp.html] expected: TIMEOUT - [Should not have executed the javascript URL for\n iframe.contentWindow.location.href with child's CSP "script-src 'none'"] - expected: TIMEOUT - [Should not have executed the javascript URL for\n iframe.src with child's CSP "script-src 'none'"] - expected: NOTRUN + expected: TIMEOUT [Should not have executed the javascript URL for\n otherTabWithScriptSrcNone.location.href with child's CSP "script-src 'none'"] expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini b/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini index bf7d79650ae..45056666dd3 100644 --- a/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini +++ b/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini @@ -1,13 +1,10 @@ [to-javascript-parent-initiated-parent-csp.html] expected: TIMEOUT [Should not have executed the javascript url for\n iframe.contentWindow.location.href] - expected: FAIL - - [Should not have executed the javascript url for\n iframe.src] - expected: FAIL + expected: TIMEOUT [Should not have executed the javascript url for\n otherTab.location.href] - expected: TIMEOUT + expected: NOTRUN [Should not have executed the javascript url for\n area[target=iframe\].href] expected: NOTRUN @@ -20,3 +17,6 @@ [Should not have executed the javascript url for\n a[target=iframe\].href] expected: NOTRUN + + [Should not have executed the javascript url for\n iframe.src] + expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini deleted file mode 100644 index b16c3876c44..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[script-src-strict_dynamic_javascript_uri.html] - expected: TIMEOUT - [Script injected via `javascript:` URIs are not allowed with `strict-dynamic`.] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-trusted_types_eval_with_require_trusted_types_eval.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-trusted_types_eval_with_require_trusted_types_eval.html.ini deleted file mode 100644 index 63f89f3c8fd..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-trusted_types_eval_with_require_trusted_types_eval.html.ini +++ /dev/null @@ -1,13 +0,0 @@ -[script-src-trusted_types_eval_with_require_trusted_types_eval.html] - expected: ERROR - [Script injected via direct `eval` is allowed with `trusted-types-eval` and `require-trusted-types-for 'script'`.] - expected: FAIL - - [Script injected via indirect `eval` is allowed with `trusted-types-eval` and `require-trusted-types-for 'script'`.] - expected: FAIL - - [Script injected via `new Function` is allowed with `trusted-types-eval` and `require-trusted-types-for 'script'`.] - expected: FAIL - - [Script injected via `setTimeout` is allowed with `trusted-types-eval` and `require-trusted-types-for 'script'`.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini deleted file mode 100644 index d7dfbd73af7..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[srcdoc-doesnt-bypass-script-src.sub.html] - [Expecting logs: ["violated-directive=script-src-elem"\]] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini index e8114229ab9..fed78a0aa49 100644 --- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini @@ -1,3 +1,4 @@ [linenumber.tentative.html] + expected: TIMEOUT [linenumber] - expected: FAIL + expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html.ini b/tests/wpt/meta/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html.ini deleted file mode 100644 index d47972783e3..00000000000 --- a/tests/wpt/meta/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[eval-blocked-in-about-blank-iframe.html] - expected: ERROR - [eval-blocked-in-about-blank-iframe] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href.html.ini b/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href.html.ini deleted file mode 100644 index 4496339f476..00000000000 --- a/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[javascript_src_denied_missing_unsafe_hashes-href.html] - [javascript: navigation using <a href> should be refused due to missing unsafe-hashes] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_location.html.ini b/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_location.html.ini deleted file mode 100644 index 5d8a7e6683b..00000000000 --- a/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_location.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[javascript_src_denied_missing_unsafe_hashes-window_location.html] - [Test that the javascript: src is not allowed to run] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href.html.ini b/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href.html.ini deleted file mode 100644 index 6f785e1732f..00000000000 --- a/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[javascript_src_denied_wrong_hash-href.html] - [javascript: navigation using <a href> should be refused due to wrong hash] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_location.html.ini b/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_location.html.ini deleted file mode 100644 index 413b1198c61..00000000000 --- a/tests/wpt/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_location.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[javascript_src_denied_wrong_hash-window_location.html] - [Test that the javascript: src is not allowed to run] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/HTMLElement-generic.html.ini b/tests/wpt/meta/trusted-types/HTMLElement-generic.html.ini index 13fbd908f76..8ed1a875db3 100644 --- a/tests/wpt/meta/trusted-types/HTMLElement-generic.html.ini +++ b/tests/wpt/meta/trusted-types/HTMLElement-generic.html.ini @@ -1,10 +1,4 @@ [HTMLElement-generic.html] - [TT enabled: script.src\n = String on a\n connected element\n ] - expected: FAIL - - [TT enabled: script.src\n = String on a\n non-connected element\n ] - expected: FAIL - [TT enabled: div.innerHTML\n = String on a\n connected element\n ] expected: FAIL @@ -17,30 +11,6 @@ [TT enabled: iframe.srcdoc\n = String on a\n non-connected element\n ] expected: FAIL - [TT enabled: script.text\n = String on a\n connected element\n ] - expected: FAIL - - [TT enabled: script.text\n = String on a\n non-connected element\n ] - expected: FAIL - - [TT enabled: script.innerText\n = String on a\n connected element\n ] - expected: FAIL - - [TT enabled: script.innerText\n = String on a\n non-connected element\n ] - expected: FAIL - - [TT enabled: script.textContent\n = String on a\n connected element\n ] - expected: FAIL - - [TT enabled: script.textContent\n = String on a\n non-connected element\n ] - expected: FAIL - - [TT enabled: script.src\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - - [TT enabled: script.src\n = String on a\n non-connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - [TT enabled: div.innerHTML\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive] expected: FAIL @@ -52,33 +22,3 @@ [TT enabled: iframe.srcdoc\n = String on a\n non-connected element\n after removing the "require-trusted-types-for 'script' directive] expected: FAIL - - [TT enabled: script.text\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - - [TT enabled: script.text\n = String on a\n non-connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - - [TT enabled: script.innerText\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - - [TT enabled: script.innerText\n = String on a\n non-connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - - [TT enabled: script.textContent\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - - [TT enabled: script.textContent\n = String on a\n non-connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - - [TT enabled: script.src\n = TrustedScript on a\n connected element\n ] - expected: FAIL - - [TT enabled: script.src\n = TrustedScript on a\n non-connected element\n ] - expected: FAIL - - [TT enabled: script.src\n = TrustedScript on a\n connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - - [TT enabled: script.src\n = TrustedScript on a\n non-connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLElement-generic.html.ini b/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLElement-generic.html.ini index deb942557bf..ed3a70b31ab 100644 --- a/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLElement-generic.html.ini +++ b/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLElement-generic.html.ini @@ -1,7 +1,4 @@ [block-string-assignment-to-HTMLElement-generic.html] - [script.src accepts only TrustedScriptURL] - expected: FAIL - [div.innerHTML accepts only TrustedHTML] expected: FAIL @@ -13,12 +10,3 @@ [iframe.srcdoc accepts string and null after default policy was created] expected: FAIL - - [script.text accepts only TrustedScript] - expected: FAIL - - [script.innerText accepts only TrustedScript] - expected: FAIL - - [script.textContent accepts only TrustedScript] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/block-string-assignment-to-text-and-url-sinks.html.ini b/tests/wpt/meta/trusted-types/block-string-assignment-to-text-and-url-sinks.html.ini index 01b68adab9e..1e9f6e44f44 100644 --- a/tests/wpt/meta/trusted-types/block-string-assignment-to-text-and-url-sinks.html.ini +++ b/tests/wpt/meta/trusted-types/block-string-assignment-to-text-and-url-sinks.html.ini @@ -7,12 +7,3 @@ [Setting SVGScriptElement.innerHTML to a plain string] expected: FAIL - - [Setting HTMLScriptElement.innerText to a plain string] - expected: FAIL - - [Setting HTMLScriptElement.textContent to a plain string] - expected: FAIL - - [Setting HTMLScriptElement.text to a plain string] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/default-policy.html.ini b/tests/wpt/meta/trusted-types/default-policy.html.ini index ae7c1cae260..15588646951 100644 --- a/tests/wpt/meta/trusted-types/default-policy.html.ini +++ b/tests/wpt/meta/trusted-types/default-policy.html.ini @@ -3,15 +3,9 @@ [Count SecurityPolicyViolation events.] expected: TIMEOUT - [script.src no default policy] - expected: FAIL - [div.innerHTML no default policy] expected: FAIL - [script.text no default policy] - expected: FAIL - [div.innerHTML default] expected: FAIL @@ -26,18 +20,3 @@ [div.innerHTML typeerror] expected: FAIL - - [script.text default] - expected: FAIL - - [script.text null] - expected: FAIL - - [script.text throw] - expected: FAIL - - [script.text undefined] - expected: FAIL - - [script.text typeerror] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/empty-default-policy.html.ini b/tests/wpt/meta/trusted-types/empty-default-policy.html.ini index 123f9ae5aab..4f06e4c971f 100644 --- a/tests/wpt/meta/trusted-types/empty-default-policy.html.ini +++ b/tests/wpt/meta/trusted-types/empty-default-policy.html.ini @@ -5,6 +5,3 @@ [div.innerHTML default] expected: FAIL - - [script.text default] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/require-trusted-types-for-report-only.html.ini b/tests/wpt/meta/trusted-types/require-trusted-types-for-report-only.html.ini index 33b34fe9928..39ec281d5f2 100644 --- a/tests/wpt/meta/trusted-types/require-trusted-types-for-report-only.html.ini +++ b/tests/wpt/meta/trusted-types/require-trusted-types-for-report-only.html.ini @@ -1,9 +1,3 @@ [require-trusted-types-for-report-only.html] [Require trusted types for 'script' block create HTML.] expected: FAIL - - [Require trusted types for 'script' block create script.] - expected: FAIL - - [Require trusted types for 'script' block create script URL.] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/require-trusted-types-for.html.ini b/tests/wpt/meta/trusted-types/require-trusted-types-for.html.ini index 9299429a74c..38d5f9eb35a 100644 --- a/tests/wpt/meta/trusted-types/require-trusted-types-for.html.ini +++ b/tests/wpt/meta/trusted-types/require-trusted-types-for.html.ini @@ -1,9 +1,3 @@ [require-trusted-types-for.html] [Require trusted types for 'script' block create HTML.] expected: FAIL - - [Require trusted types for 'script' block create script.] - expected: FAIL - - [Require trusted types for 'script' block create script URL.] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-createHTMLDocument.html.ini b/tests/wpt/meta/trusted-types/trusted-types-createHTMLDocument.html.ini index 242959acbb3..cca7dc42f2b 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-createHTMLDocument.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-createHTMLDocument.html.ini @@ -1,25 +1,13 @@ [trusted-types-createHTMLDocument.html] - [Trusted Type assignment is blocked. (document)] - expected: FAIL - [Trusted Type instances created in the main doc can be used. (document)] expected: FAIL - [Trusted Type assignment is blocked. (createHTMLDocument)] - expected: FAIL - [Trusted Type instances created in the main doc can be used. (createHTMLDocument)] expected: FAIL - [Trusted Type assignment is blocked. (DOMParser)] - expected: FAIL - [Trusted Type instances created in the main doc can be used. (DOMParser)] expected: FAIL - [Trusted Type assignment is blocked. (XHR)] - expected: FAIL - [Trusted Type instances created in the main doc can be used. (XHR)] expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-report-only.html.ini b/tests/wpt/meta/trusted-types/trusted-types-report-only.html.ini index 89c8c2d46d3..253b126c18f 100644 --- a/tests/wpt/meta/trusted-types/trusted-types-report-only.html.ini +++ b/tests/wpt/meta/trusted-types/trusted-types-report-only.html.ini @@ -1,15 +1,6 @@ [trusted-types-report-only.html] - [Trusted Type violation report-only: assign string to script url] - expected: FAIL - [Trusted Type violation report-only: assign string to html] expected: FAIL - [Trusted Type violation report-only: assign string to script.src] - expected: FAIL - [Trusted Type violation report-only: assign string to script content] expected: FAIL - - [Trusted Type violation report: check report contents] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-HTMLScriptElement.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-HTMLScriptElement.html.ini deleted file mode 100644 index d374cd0978e..00000000000 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-HTMLScriptElement.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[trusted-types-reporting-for-HTMLScriptElement.html] - [Violation report for plain string (innerText)] - expected: FAIL - - [Violation report for plain string (textContent)] - expected: FAIL - - [Violation report for plain string (src)] - expected: FAIL - - [Violation report for plain string (text)] - expected: FAIL diff --git a/tests/wpt/tests/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html b/tests/wpt/tests/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html index 054e75b5274..b2286f56a23 100644 --- a/tests/wpt/tests/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html +++ b/tests/wpt/tests/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html @@ -19,18 +19,27 @@ const document_loaded = new Promise(resolve => window.onload = resolve); await document_loaded; - const eval_error = new Promise(resolve => { - window.addEventListener('message', function(e) { - assert_not_equals(e.data, 'FAIL', 'eval was executed in the frame'); - if (e.data === 'PASS') - resolve(); + const eval_error = new Promise((resolve, reject) => { + window.addEventListener('message', function(event) { + try { + assert_not_equals(event.data, 'FAIL', 'eval was executed in the frame'); + if (event.data === 'PASS') { + resolve(); + } + } catch (e) { + reject(e); + } }); }); - const csp_violation_report = new Promise(resolve => { - window.addEventListener('message', function(e) { - if (e.data["violated-directive"]) { - assert_equals(e.data["violated-directive"], "script-src"); - resolve(); + const csp_violation_report = new Promise((resolve, reject) => { + window.addEventListener('message', function(event) { + try { + if (event.data["violated-directive"]) { + assert_equals(event.data["violated-directive"], "script-src"); + resolve(); + } + } catch (e) { + reject(e); } }); }); |