Bug 1931288 - Implement HostGetCodeForEval() hook as per the HTML spec. r=smaug,dom-core,peterv

See https://html.spec.whatwg.org/multipage/webappapis.html#hostgetcodeforeval(argument)

Differential Revision: https://phabricator.services.mozilla.com/D229478

caps/nsScriptSecurityManager.cpp

@@ -67,6 +67,7 @@
 #include "mozilla/ExtensionPolicyService.h"
 #include "mozilla/ResultExtensions.h"
 #include "mozilla/StaticPtr.h"
+#include "mozilla/dom/TrustedTypeUtils.h"
 #include "mozilla/dom/WorkerCommon.h"
 #include "mozilla/dom/WorkerPrivate.h"
 #include "nsContentUtils.h"
@@ -1564,7 +1565,7 @@ void nsScriptSecurityManager::InitJSCallbacks(JSContext* aCx) {
 
   static const JSSecurityCallbacks securityCallbacks = {
       ContentSecurityPolicyPermitsJSAction,
-      nullptr,  // codeForEvalGets
+      TrustedTypeUtils::HostGetCodeForEval,
       JSPrincipalsSubsume,
   };
 

dom/security/trusted-types/TrustedTypeUtils.cpp

@@ -597,4 +597,20 @@ MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue(
   return nullptr;
 }
 
+bool HostGetCodeForEval(JSContext* aCx, JS::Handle<JSObject*> aCode,
+                        JS::MutableHandle<JSString*> aOutCode) {
+  JS::Rooted<JSObject*> obj(aCx, aCode);
+  TrustedScript* trustedScript;
+  if (StaticPrefs::dom_security_trusted_types_enabled() &&
+      NS_SUCCEEDED(UNWRAP_OBJECT(TrustedScript, &obj, trustedScript))) {
+    if (JSString* copy = JS_NewUCStringCopyZ(aCx, trustedScript->mData.get())) {
+      aOutCode.set(copy);
+      return true;
+    }
+    return false;
+  }
+  aOutCode.set(nullptr);
+  return true;
+}
+
 }  // namespace mozilla::dom::TrustedTypeUtils

dom/security/trusted-types/TrustedTypeUtils.h

@@ -15,6 +15,7 @@
 #include "nsCycleCollectionParticipant.h"
 #include "nsISupportsImpl.h"
 #include "nsString.h"
+#include "js/TypeDecls.h"
 
 class nsIContentSecurityPolicy;
 
@@ -126,6 +127,10 @@ MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue(
     const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aNewValue,
     Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
 
+// https://html.spec.whatwg.org/multipage/webappapis.html#hostgetcodeforeval(argument)
+bool HostGetCodeForEval(JSContext* aCx, JS::Handle<JSObject*> aCode,
+                        JS::MutableHandle<JSString*> aOutCode);
+
 }  // namespace TrustedTypeUtils
 
 }  // namespace dom

dom/workers/RuntimeService.cpp

@@ -50,6 +50,7 @@
 #include "mozilla/dom/WorkerBinding.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/dom/ShadowRealmGlobalScope.h"
+#include "mozilla/dom/TrustedTypeUtils.h"
 #include "mozilla/dom/IndexedDatabaseManager.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/Preferences.h"
@@ -696,7 +697,7 @@ bool InitJSContextForWorker(WorkerPrivate* aWorkerPrivate,
 
   // Security policy:
   static const JSSecurityCallbacks securityCallbacks = {
-      ContentSecurityPolicyAllows};
+      ContentSecurityPolicyAllows, TrustedTypeUtils::HostGetCodeForEval};
   JS_SetSecurityCallbacks(aWorkerCx, &securityCallbacks);
 
   // A WorkerPrivate lives strictly longer than its JSRuntime so we can safely

testing/web-platform/meta/trusted-types/WorkerGlobalScope-eval.html.ini

@@ -5,12 +5,6 @@
   [indirect eval(string) in dedicated worker]
     expected: FAIL
 
-  [eval(TrustedScript) in dedicated worker]
-    expected: FAIL
-
-  [indirect eval(TrustedScript) in dedicated worker]
-    expected: FAIL
-
   [eval(string) with default policy mutation in dedicated worker]
     expected: FAIL
 
@@ -23,12 +17,6 @@
   [indirect eval(string) in shared worker]
     expected: FAIL
 
-  [eval(TrustedScript) in shared worker]
-    expected: FAIL
-
-  [indirect eval(TrustedScript) in shared worker]
-    expected: FAIL
-
   [eval(string) with default policy mutation in shared worker]
     expected: FAIL
 

testing/web-platform/meta/trusted-types/csp-block-eval.html.ini

@@ -1,3 +0,0 @@
-[csp-block-eval.html]
-  [eval with TrustedScript throws (script-src blocks).]
-    expected: FAIL

testing/web-platform/meta/trusted-types/eval-csp-no-tt.html.ini

@@ -1,6 +0,0 @@
-[eval-csp-no-tt.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL

testing/web-platform/meta/trusted-types/eval-csp-tt-default-policy.html.ini

@@ -1,6 +0,0 @@
-[eval-csp-tt-default-policy.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL

testing/web-platform/meta/trusted-types/eval-csp-tt-no-default-policy.html.ini

@@ -1,10 +1,4 @@
 [eval-csp-tt-no-default-policy.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL
-
   [eval of string fails.]
     expected: FAIL
 

testing/web-platform/meta/trusted-types/eval-no-csp-no-tt-default-policy.html.ini

@@ -1,6 +0,0 @@
-[eval-no-csp-no-tt-default-policy.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL

testing/web-platform/meta/trusted-types/eval-no-csp-no-tt.html.ini

@@ -1,6 +0,0 @@
-[eval-no-csp-no-tt.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL

testing/web-platform/meta/trusted-types/eval-with-permissive-csp.html.ini

@@ -7,9 +7,3 @@
 
   [Function constructor with plain string with Trusted Types and permissive CSP throws (no type).]
     expected: FAIL
-
-  [eval with TrustedScript and permissive CSP works.]
-    expected: FAIL
-
-  [indirect eval with TrustedScript and permissive CSP works.]
-    expected: FAIL

testing/web-platform/meta/trusted-types/trusted-types-eval-reporting.html.ini

@@ -1,9 +1,10 @@
 [trusted-types-eval-reporting.html]
+  expected: TIMEOUT
   [Trusted Type violation report: evaluating a string.]
     expected: FAIL
 
   [Trusted Type violation report: evaluating a Trusted Script.]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Trusted Type violation report: default policy transforms the script before CSP checks runs.]
-    expected: FAIL
+    expected: NOTRUN