From 8487400e45c2a0dba79c92e8bf85ebc82d828eea Mon Sep 17 00:00:00 2001 From: Tom Schuster Date: Wed, 30 Apr 2025 11:09:08 +0000 Subject: [PATCH] Bug 1947732 - Provide nsIPrincipal to GetTrustedTypesCompliantAttributeValue. r=smaug Differential Revision: https://phabricator.services.mozilla.com/D246745 --- dom/base/Attr.cpp | 2 +- dom/base/Element.cpp | 20 +++++++++--------- dom/base/Element.h | 4 ++-- dom/base/nsDOMAttributeMap.cpp | 8 +++---- dom/base/nsDOMAttributeMap.h | 5 +++-- .../trusted-types/TrustedTypeUtils.cpp | 21 +++++++++++-------- dom/security/trusted-types/TrustedTypeUtils.h | 6 ++++-- dom/webidl/Element.webidl | 4 ++-- dom/webidl/NamedNodeMap.webidl | 4 ++-- 9 files changed, 40 insertions(+), 34 deletions(-) diff --git a/dom/base/Attr.cpp b/dom/base/Attr.cpp index c6439da7860b..950e35f5945f 100644 --- a/dom/base/Attr.cpp +++ b/dom/base/Attr.cpp @@ -160,7 +160,7 @@ void Attr::SetValue(const nsAString& aValue, nsIPrincipal* aTriggeringPrincipal, const nsAString* compliantString = TrustedTypeUtils::GetTrustedTypesCompliantAttributeValue( *element, nameAtom, mNodeInfo->NamespaceID(), aValue, - compliantStringHolder, aRv); + aTriggeringPrincipal, compliantStringHolder, aRv); if (aRv.Failed()) { return; } diff --git a/dom/base/Element.cpp b/dom/base/Element.cpp index dc410fa368b3..9d4491d7f37a 100644 --- a/dom/base/Element.cpp +++ b/dom/base/Element.cpp @@ -1636,10 +1636,10 @@ Attr* Element::GetAttributeNode(const nsAString& aName) { return Attributes()->GetNamedItem(aName); } -already_AddRefed Element::SetAttributeNode(Attr& aNewAttr, - ErrorResult& aError) { +already_AddRefed Element::SetAttributeNode( + Attr& aNewAttr, nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) { RefPtr attrMap = Attributes(); - return attrMap->SetNamedItemNS(aNewAttr, aError); + return attrMap->SetNamedItemNS(aNewAttr, aSubjectPrincipal, aError); } already_AddRefed Element::RemoveAttributeNode(Attr& aAttribute, @@ -1726,8 +1726,8 @@ void Element::SetAttribute( Maybe compliantStringHolder; const nsAString* compliantString = TrustedTypeUtils::GetTrustedTypesCompliantAttributeValue( - *this, nameAtom, kNameSpaceID_None, aValue, compliantStringHolder, - aError); + *this, nameAtom, kNameSpaceID_None, aValue, aTriggeringPrincipal, + compliantStringHolder, aError); if (aError.Failed()) { return; } @@ -1742,7 +1742,7 @@ void Element::SetAttribute( const nsAString* compliantString = TrustedTypeUtils::GetTrustedTypesCompliantAttributeValue( *this, attributeName, name->NamespaceID(), aValue, - compliantStringHolder, aError); + aTriggeringPrincipal, compliantStringHolder, aError); if (aError.Failed()) { return; } @@ -1775,7 +1775,7 @@ void Element::SetAttributeNS( RefPtr attributeName = ni->NameAtom(); const nsAString* compliantString = TrustedTypeUtils::GetTrustedTypesCompliantAttributeValue( - *this, attributeName, ni->NamespaceID(), aValue, + *this, attributeName, ni->NamespaceID(), aValue, aTriggeringPrincipal, compliantStringHolder, aError); if (aError.Failed()) { return; @@ -1828,10 +1828,10 @@ Attr* Element::GetAttributeNodeNSInternal(const nsAString& aNamespaceURI, return Attributes()->GetNamedItemNS(aNamespaceURI, aLocalName); } -already_AddRefed Element::SetAttributeNodeNS(Attr& aNewAttr, - ErrorResult& aError) { +already_AddRefed Element::SetAttributeNodeNS( + Attr& aNewAttr, nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) { RefPtr attrMap = Attributes(); - return attrMap->SetNamedItemNS(aNewAttr, aError); + return attrMap->SetNamedItemNS(aNewAttr, aSubjectPrincipal, aError); } already_AddRefed Element::GetElementsByTagNameNS( diff --git a/dom/base/Element.h b/dom/base/Element.h index 44060ab65881..2b2b6bd7a30d 100644 --- a/dom/base/Element.h +++ b/dom/base/Element.h @@ -1439,13 +1439,13 @@ class Element : public FragmentOrElement { void RequestPointerLock(CallerType aCallerType); Attr* GetAttributeNode(const nsAString& aName); MOZ_CAN_RUN_SCRIPT already_AddRefed SetAttributeNode( - Attr& aNewAttr, ErrorResult& aError); + Attr& aNewAttr, nsIPrincipal* aSubjectPrincipal, ErrorResult& aError); already_AddRefed RemoveAttributeNode(Attr& aOldAttr, ErrorResult& aError); Attr* GetAttributeNodeNS(const nsAString& aNamespaceURI, const nsAString& aLocalName); MOZ_CAN_RUN_SCRIPT already_AddRefed SetAttributeNodeNS( - Attr& aNewAttr, ErrorResult& aError); + Attr& aNewAttr, nsIPrincipal* aSubjectPrincipal, ErrorResult& aError); MOZ_CAN_RUN_SCRIPT already_AddRefed GetClientRects(); MOZ_CAN_RUN_SCRIPT already_AddRefed GetBoundingClientRect(); diff --git a/dom/base/nsDOMAttributeMap.cpp b/dom/base/nsDOMAttributeMap.cpp index 7d1601e96412..ea8ff6b6b97f 100644 --- a/dom/base/nsDOMAttributeMap.cpp +++ b/dom/base/nsDOMAttributeMap.cpp @@ -176,8 +176,8 @@ Attr* nsDOMAttributeMap::GetNamedItem(const nsAString& aAttrName) { return NamedGetter(aAttrName, dummy); } -already_AddRefed nsDOMAttributeMap::SetNamedItemNS(Attr& aAttr, - ErrorResult& aError) { +already_AddRefed nsDOMAttributeMap::SetNamedItemNS( + Attr& aAttr, nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) { NS_ENSURE_TRUE(mContent, nullptr); // XXX should check same-origin between mContent and aAttr however @@ -207,8 +207,8 @@ already_AddRefed nsDOMAttributeMap::SetNamedItemNS(Attr& aAttr, nsCOMPtr element = mContent; const nsAString* compliantString = TrustedTypeUtils::GetTrustedTypesCompliantAttributeValue( - *element, nameAtom, ni->NamespaceID(), value, compliantStringHolder, - aError); + *element, nameAtom, ni->NamespaceID(), value, aSubjectPrincipal, + compliantStringHolder, aError); if (aError.Failed()) { return nullptr; } diff --git a/dom/base/nsDOMAttributeMap.h b/dom/base/nsDOMAttributeMap.h index c14bcb9c0598..7aebf08e5b56 100644 --- a/dom/base/nsDOMAttributeMap.h +++ b/dom/base/nsDOMAttributeMap.h @@ -19,6 +19,7 @@ class nsAtom; class nsINode; +class nsIPrincipal; namespace mozilla { class ErrorResult; @@ -147,8 +148,8 @@ class nsDOMAttributeMap final : public nsISupports, public nsWrapperCache { Attr* GetNamedItemNS(const nsAString& aNamespaceURI, const nsAString& aLocalName); - MOZ_CAN_RUN_SCRIPT already_AddRefed SetNamedItemNS(Attr& aNode, - ErrorResult& aError); + MOZ_CAN_RUN_SCRIPT already_AddRefed SetNamedItemNS( + Attr& aNode, nsIPrincipal* aSubjectPrincipal, ErrorResult& aError); already_AddRefed RemoveNamedItemNS(const nsAString& aNamespaceURI, const nsAString& aLocalName, ErrorResult& aError); diff --git a/dom/security/trusted-types/TrustedTypeUtils.cpp b/dom/security/trusted-types/TrustedTypeUtils.cpp index 4ec8fcbe54f8..75614b4b2bb9 100644 --- a/dom/security/trusted-types/TrustedTypeUtils.cpp +++ b/dom/security/trusted-types/TrustedTypeUtils.cpp @@ -666,7 +666,8 @@ template MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue( const nsINode& aElement, nsAtom* aAttributeName, int32_t aAttributeNamespaceID, const TrustedTypeOrStringArg& aNewValue, - Maybe& aResultHolder, ErrorResult& aError) { + nsIPrincipal* aPrincipalOrNull, Maybe& aResultHolder, + ErrorResult& aError) { if (!StaticPrefs::dom_security_trusted_types_enabled()) { // A trusted type might've been created before the pref was set to `false`, // so we cannot assume aNewValue.IsString(). @@ -710,15 +711,15 @@ MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue( switch (expectedType) { case TrustedType::TrustedHTML: return GetTrustedTypesCompliantString( - input, sink, kTrustedTypesOnlySinkGroup, aElement, nullptr, + input, sink, kTrustedTypesOnlySinkGroup, aElement, aPrincipalOrNull, aResultHolder, aError); case TrustedType::TrustedScript: return GetTrustedTypesCompliantString( - input, sink, kTrustedTypesOnlySinkGroup, aElement, nullptr, + input, sink, kTrustedTypesOnlySinkGroup, aElement, aPrincipalOrNull, aResultHolder, aError); case TrustedType::TrustedScriptURL: return GetTrustedTypesCompliantString( - input, sink, kTrustedTypesOnlySinkGroup, aElement, nullptr, + input, sink, kTrustedTypesOnlySinkGroup, aElement, aPrincipalOrNull, aResultHolder, aError); } MOZ_ASSERT_UNREACHABLE(); @@ -729,20 +730,22 @@ MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue( const nsINode& aElement, nsAtom* aAttributeName, int32_t aAttributeNamespaceID, const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aNewValue, - Maybe& aResultHolder, ErrorResult& aError) { + nsIPrincipal* aPrincipalOrNull, Maybe& aResultHolder, + ErrorResult& aError) { return GetTrustedTypesCompliantAttributeValue< TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString>( - aElement, aAttributeName, aAttributeNamespaceID, aNewValue, aResultHolder, - aError); + aElement, aAttributeName, aAttributeNamespaceID, aNewValue, + aPrincipalOrNull, aResultHolder, aError); } MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue( const nsINode& aElement, nsAtom* aAttributeName, int32_t aAttributeNamespaceID, const nsAString& aNewValue, - Maybe& aResultHolder, ErrorResult& aError) { + nsIPrincipal* aPrincipalOrNull, Maybe& aResultHolder, + ErrorResult& aError) { return GetTrustedTypesCompliantAttributeValue( aElement, aAttributeName, aAttributeNamespaceID, &aNewValue, - aResultHolder, aError); + aPrincipalOrNull, aResultHolder, aError); } bool HostGetCodeForEval(JSContext* aCx, JS::Handle aCode, diff --git a/dom/security/trusted-types/TrustedTypeUtils.h b/dom/security/trusted-types/TrustedTypeUtils.h index c3a23509703c..8a47bcfbb031 100644 --- a/dom/security/trusted-types/TrustedTypeUtils.h +++ b/dom/security/trusted-types/TrustedTypeUtils.h @@ -145,11 +145,13 @@ MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue( const nsINode& aElement, nsAtom* aAttributeName, int32_t aAttributeNamespaceID, const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aNewValue, - Maybe& aResultHolder, ErrorResult& aError); + nsIPrincipal* aPrincipalOrNull, Maybe& aResultHolder, + ErrorResult& aError); MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue( const nsINode& aElement, nsAtom* aAttributeName, int32_t aAttributeNamespaceID, const nsAString& aNewValue, - Maybe& aResultHolder, ErrorResult& aError); + nsIPrincipal* aPrincipalOrNull, Maybe& aResultHolder, + ErrorResult& aError); // https://html.spec.whatwg.org/multipage/webappapis.html#hostgetcodeforeval(argument) bool HostGetCodeForEval(JSContext* aCx, JS::Handle aCode, diff --git a/dom/webidl/Element.webidl b/dom/webidl/Element.webidl index 3656a4ee926d..30d38af20cf3 100644 --- a/dom/webidl/Element.webidl +++ b/dom/webidl/Element.webidl @@ -151,12 +151,12 @@ interface Element : Node { // Obsolete methods. Attr? getAttributeNode(DOMString name); - [CEReactions, Throws] + [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws] Attr? setAttributeNode(Attr newAttr); [CEReactions, Throws] Attr? removeAttributeNode(Attr oldAttr); Attr? getAttributeNodeNS(DOMString? namespaceURI, DOMString localName); - [CEReactions, Throws] + [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws] Attr? setAttributeNodeNS(Attr newAttr); [Func="nsContentUtils::IsCallerChromeOrElementTransformGettersEnabled"] diff --git a/dom/webidl/NamedNodeMap.webidl b/dom/webidl/NamedNodeMap.webidl index 2f0b649f5910..bd00385190b3 100644 --- a/dom/webidl/NamedNodeMap.webidl +++ b/dom/webidl/NamedNodeMap.webidl @@ -7,7 +7,7 @@ Exposed=Window] interface NamedNodeMap { getter Attr? getNamedItem(DOMString name); - [CEReactions, Throws, BinaryName="setNamedItemNS"] + [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws, BinaryName="setNamedItemNS"] Attr? setNamedItem(Attr arg); [CEReactions, Throws] Attr removeNamedItem(DOMString name); @@ -16,7 +16,7 @@ interface NamedNodeMap { readonly attribute unsigned long length; Attr? getNamedItemNS(DOMString? namespaceURI, DOMString localName); - [CEReactions, Throws] + [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws] Attr? setNamedItemNS(Attr arg); [CEReactions, Throws] Attr removeNamedItemNS(DOMString? namespaceURI, DOMString localName);