corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1931288 - Implement HostGetCodeForEval() hook as per the HTML spec. r=smaug,dom-core,peterv

Browse Source 
See https://html.spec.whatwg.org/multipage/webappapis.html#hostgetcodeforeval(argument)

Differential Revision: https://phabricator.services.mozilla.com/D229478
This commit is contained in:
Frédéric Wang
2024-12-13 08:54:52 +00:00
parent 634f8a4954
commit 0f0df595a9
13 changed files with 28 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
caps/nsScriptSecurityManager.cpp
View File

@@ -67,6 +67,7 @@
#include "mozilla/ExtensionPolicyService.h"
#include "mozilla/ResultExtensions.h"
#include "mozilla/StaticPtr.h"
#include "mozilla/dom/TrustedTypeUtils.h"
#include "mozilla/dom/WorkerCommon.h"
#include "mozilla/dom/WorkerPrivate.h"
#include "nsContentUtils.h"
@@ -1564,7 +1565,7 @@ void nsScriptSecurityManager::InitJSCallbacks(JSContext* aCx) {
static const JSSecurityCallbacks securityCallbacks = {
ContentSecurityPolicyPermitsJSAction,
nullptr, // codeForEvalGets
TrustedTypeUtils::HostGetCodeForEval,
JSPrincipalsSubsume,
};

16
dom/security/trusted-types/TrustedTypeUtils.cpp
View File

@@ -597,4 +597,20 @@ MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue(
return nullptr;
}
bool HostGetCodeForEval(JSContext* aCx, JS::Handle<JSObject*> aCode,
JS::MutableHandle<JSString*> aOutCode) {
JS::Rooted<JSObject*> obj(aCx, aCode);
TrustedScript* trustedScript;
if (StaticPrefs::dom_security_trusted_types_enabled() &&
NS_SUCCEEDED(UNWRAP_OBJECT(TrustedScript, &obj, trustedScript))) {
if (JSString* copy = JS_NewUCStringCopyZ(aCx, trustedScript->mData.get())) {
aOutCode.set(copy);
return true;
}
return false;
}
aOutCode.set(nullptr);
return true;
}
} // namespace mozilla::dom::TrustedTypeUtils

5
dom/security/trusted-types/TrustedTypeUtils.h
View File

@@ -15,6 +15,7 @@
#include "nsCycleCollectionParticipant.h"
#include "nsISupportsImpl.h"
#include "nsString.h"
#include "js/TypeDecls.h"
class nsIContentSecurityPolicy;
@@ -126,6 +127,10 @@ MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue(
const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aNewValue,
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
// https://html.spec.whatwg.org/multipage/webappapis.html#hostgetcodeforeval(argument)
bool HostGetCodeForEval(JSContext* aCx, JS::Handle<JSObject*> aCode,
JS::MutableHandle<JSString*> aOutCode);
} // namespace TrustedTypeUtils
} // namespace dom

3
dom/workers/RuntimeService.cpp
View File

@@ -50,6 +50,7 @@
#include "mozilla/dom/WorkerBinding.h"
#include "mozilla/dom/ScriptSettings.h"
#include "mozilla/dom/ShadowRealmGlobalScope.h"
#include "mozilla/dom/TrustedTypeUtils.h"
#include "mozilla/dom/IndexedDatabaseManager.h"
#include "mozilla/DebugOnly.h"
#include "mozilla/Preferences.h"
@@ -696,7 +697,7 @@ bool InitJSContextForWorker(WorkerPrivate* aWorkerPrivate,
// Security policy:
static const JSSecurityCallbacks securityCallbacks = {
ContentSecurityPolicyAllows};
ContentSecurityPolicyAllows, TrustedTypeUtils::HostGetCodeForEval};
JS_SetSecurityCallbacks(aWorkerCx, &securityCallbacks);
// A WorkerPrivate lives strictly longer than its JSRuntime so we can safely

12
testing/web-platform/meta/trusted-types/WorkerGlobalScope-eval.html.ini
View File

@@ -5,12 +5,6 @@
[indirect eval(string) in dedicated worker]
expected: FAIL
[eval(TrustedScript) in dedicated worker]
expected: FAIL
[indirect eval(TrustedScript) in dedicated worker]
expected: FAIL
[eval(string) with default policy mutation in dedicated worker]
expected: FAIL
@@ -23,12 +17,6 @@
[indirect eval(string) in shared worker]
expected: FAIL
[eval(TrustedScript) in shared worker]
expected: FAIL
[indirect eval(TrustedScript) in shared worker]
expected: FAIL
[eval(string) with default policy mutation in shared worker]
expected: FAIL

3
testing/web-platform/meta/trusted-types/csp-block-eval.html.ini
View File

@@ -1,3 +0,0 @@
[csp-block-eval.html]
[eval with TrustedScript throws (script-src blocks).]
expected: FAIL

6
testing/web-platform/meta/trusted-types/eval-csp-no-tt.html.ini
View File

@@ -1,6 +0,0 @@
[eval-csp-no-tt.html]
[eval of TrustedScript works.]
expected: FAIL
[indirect eval of TrustedScript works.]
expected: FAIL

6
testing/web-platform/meta/trusted-types/eval-csp-tt-default-policy.html.ini
View File

@@ -1,6 +0,0 @@
[eval-csp-tt-default-policy.html]
[eval of TrustedScript works.]
expected: FAIL
[indirect eval of TrustedScript works.]
expected: FAIL

6
testing/web-platform/meta/trusted-types/eval-csp-tt-no-default-policy.html.ini
View File

@@ -1,10 +1,4 @@
[eval-csp-tt-no-default-policy.html]
[eval of TrustedScript works.]
expected: FAIL
[indirect eval of TrustedScript works.]
expected: FAIL
[eval of string fails.]
expected: FAIL

6
testing/web-platform/meta/trusted-types/eval-no-csp-no-tt-default-policy.html.ini
View File

@@ -1,6 +0,0 @@
[eval-no-csp-no-tt-default-policy.html]
[eval of TrustedScript works.]
expected: FAIL
[indirect eval of TrustedScript works.]
expected: FAIL

6
testing/web-platform/meta/trusted-types/eval-no-csp-no-tt.html.ini
View File

@@ -1,6 +0,0 @@
[eval-no-csp-no-tt.html]
[eval of TrustedScript works.]
expected: FAIL
[indirect eval of TrustedScript works.]
expected: FAIL

6
testing/web-platform/meta/trusted-types/eval-with-permissive-csp.html.ini
View File

@@ -7,9 +7,3 @@
[Function constructor with plain string with Trusted Types and permissive CSP throws (no type).]
expected: FAIL
[eval with TrustedScript and permissive CSP works.]
expected: FAIL
[indirect eval with TrustedScript and permissive CSP works.]
expected: FAIL

5
testing/web-platform/meta/trusted-types/trusted-types-eval-reporting.html.ini
View File

@@ -1,9 +1,10 @@
[trusted-types-eval-reporting.html]
expected: TIMEOUT
[Trusted Type violation report: evaluating a string.]
expected: FAIL
[Trusted Type violation report: evaluating a Trusted Script.]
expected: FAIL
expected: TIMEOUT
[Trusted Type violation report: default policy transforms the script before CSP checks runs.]
expected: FAIL
expected: NOTRUN