aboutsummaryrefslogtreecommitdiffstats
path: root/components/script/security_manager.rs
Commit message (Collapse)AuthorAgeFilesLines
* Implement trusted types url setter (#36596)Tim van der Lippe24 hours1-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | We now check the sink of script.src for trusted types. This is the first attribute that we check, other sinks will be implemented in follow-up changes. The algorithms currently hardcode various parts. That's because I need to refactor a couple of algorithms already present in TrustedTypePolicy. They use callbacks at the moment, which made sense for their initial use. However, for these new algorithms they don't work. Therefore, I will align them with the specification by taking in an enum. However, since that's a bigger refactoring, I left that out of this PR (which is already quite big). The other trusted types support (createScript and createHTML) will also be implemented separately. Part of #36258 --------- Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com> Co-authored-by: Josh Matthews <josh@joshmatthews.net>
* script: Clean up CSP management code (#36493)chocolate-pie9 days1-63/+101
| | | | | | | | | | | Current implementation takes arguments for specifying values of violation report, but is difficult to understand which value should be passed. These changes create new builder for violation report to address the issue. Testing: These changes do not require tests because they just refactor current code Signed-off-by: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com>
* Cleanups for future script crate split (#35987)Josh Matthews2025-03-161-6/+8
| | | | | | | | | | | | | | | | | * script: Avoid direct impl blocks on generated dicts and unions. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * script: Remove references to codegen-specific import module. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * Fix tidy. Signed-off-by: Josh Matthews <josh@joshmatthews.net> --------- Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* Use new stylo crate renames (#35898)Nico Burns2025-03-121-1/+1
| | | Signed-off-by: Nico Burns <nico@nicoburns.com>
* Move various reflector types and traits to script_bindings (#35279)Josh Matthews2025-02-041-1/+1
| | | | | | | | | | | | | * script: Move Reflector to script_bindings. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * script: Extract global() helper from DomObject into new trait. Move DomObject and related traits to script_bindings. Signed-off-by: Josh Matthews <josh@joshmatthews.net> --------- Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* script: Limit public exports. (#34915)Josh Matthews2025-01-101-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * script: Restrict reexport visibility of DOM types. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * script: Mass pub->pub(crate) conversion. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * script: Hide existing dead code warnings. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * Formatting. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * Fix clippy warnings. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * Formatting. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * Fix unit tests. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * Fix clippy. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * More formatting. Signed-off-by: Josh Matthews <josh@joshmatthews.net> --------- Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* Rewrite From/TryFrom conversions on generated types to avoid future orphan ↵Josh Matthews2024-12-111-15/+16
| | | | | | | | | | | | | | | rule violations (#34554) * script: Add traits to allow converting between types that are not defined in the script crate. Signed-off-by: Josh Matthews <josh@joshmatthews.net> * script: Rewrite all From/TryFrom implementations on generated WebIDL types to use new Convert/TryConvert traits. Signed-off-by: Josh Matthews <josh@joshmatthews.net> --------- Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* cangc fixes in several files + event.rs + rtcpeerconnection.rs (#34002)chickenleaf2024-10-251-1/+1
| | | Signed-off-by: L Ashwin B <lashwinib@gmail.com>
* CanGc fixes in several files (#33958)chickenleaf2024-10-211-2/+4
| | | | | | | | | | | | | * few cangc fixes Signed-off-by: L Ashwin B <lashwinib@gmail.com> * few cangc fixes Signed-off-by: L Ashwin B <lashwinib@gmail.com> --------- Signed-off-by: L Ashwin B <lashwinib@gmail.com>
* clippy: Fix suggestions in `script`, `libservo`, and `servoshell` (#33453)Ali2024-09-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | * fix clone on copy warning in servoshell Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com> * Remove unecessary borrow in libservo Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com> * Ignore too many arguments warning on create_constellation() Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com> * fix explicit auto-deref warning Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com> * Autofix multiple clippy warnings in components/script Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com> --------- Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com>
* enhance: Add support for `unsafe-eval` and `wasm-unsafe-eval` (#32893)Chocolate Pie2024-08-011-0/+177
Signed-off-by: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-22 07:21:39 +0000