Bug 1947732 - Provide nsIPrincipal to GetTrustedTypesCompliantString. r=smaug
Differential Revision: https://phabricator.services.mozilla.com/D246424
This commit is contained in:
Tom Schuster
@@ -101,7 +101,8 @@ already_AddRefed<Document> DOMParser::ParseFromStringInternal(
|
||||
}
|
||||
|
||||
already_AddRefed<Document> DOMParser::ParseFromString(
|
||||
const TrustedHTMLOrString& aStr, SupportedType aType, ErrorResult& aRv) {
|
||||
const TrustedHTMLOrString& aStr, SupportedType aType,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv) {
|
||||
constexpr nsLiteralString sink = u"DOMParser parseFromString"_ns;
|
||||
|
||||
MOZ_ASSERT(mOwner);
|
||||
@@ -110,7 +111,7 @@ already_AddRefed<Document> DOMParser::ParseFromString(
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aStr, sink, kTrustedTypesOnlySinkGroup, *pinnedOwner,
|
||||
compliantStringHolder, aRv);
|
||||
aSubjectPrincipal, compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
#include "mozilla/dom/TypedArray.h"
|
||||
|
||||
class nsIGlobalObject;
|
||||
class nsIPrincipal;
|
||||
|
||||
namespace mozilla {
|
||||
class ErrorResult;
|
||||
@@ -41,7 +42,8 @@ class DOMParser final : public nsISupports, public nsWrapperCache {
|
||||
ErrorResult& aRv);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT already_AddRefed<Document> ParseFromString(
|
||||
const TrustedHTMLOrString& aStr, SupportedType aType, ErrorResult& aRv);
|
||||
const TrustedHTMLOrString& aStr, SupportedType aType,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv);
|
||||
|
||||
// Chrome and UI Widgets API
|
||||
already_AddRefed<Document> ParseFromSafeString(const nsAString& aStr,
|
||||
|
||||
@@ -5206,6 +5206,7 @@ void Document::EnsureInitializeInternalCommandDataHashtable() {
|
||||
Document::InternalCommandData Document::ConvertToInternalCommand(
|
||||
const nsAString& aHTMLCommandName,
|
||||
const TrustedHTMLOrString* aValue /* = nullptr */,
|
||||
nsIPrincipal* aSubjectPrincipal /* = nullptr */,
|
||||
ErrorResult* aRv /* = nullptr */,
|
||||
nsAString* aAdjustedValue /* = nullptr */) {
|
||||
MOZ_ASSERT(!aAdjustedValue || aAdjustedValue->IsEmpty());
|
||||
@@ -5244,8 +5245,8 @@ Document::InternalCommandData Document::ConvertToInternalCommand(
|
||||
if (commandData.mCommand == Command::InsertHTML) {
|
||||
constexpr nsLiteralString sink = u"Document execCommand"_ns;
|
||||
compliantString = TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
*aValue, sink, kTrustedTypesOnlySinkGroup, *this, compliantStringHolder,
|
||||
*aRv);
|
||||
*aValue, sink, kTrustedTypesOnlySinkGroup, *this, aSubjectPrincipal,
|
||||
compliantStringHolder, *aRv);
|
||||
if (aRv->Failed()) {
|
||||
return InternalCommandData();
|
||||
}
|
||||
@@ -5586,8 +5587,8 @@ bool Document::ExecCommand(const nsAString& aHTMLCommandName, bool aShowUI,
|
||||
// this might add some ugly JS dependencies?
|
||||
|
||||
nsAutoString adjustedValue;
|
||||
InternalCommandData commandData =
|
||||
ConvertToInternalCommand(aHTMLCommandName, &aValue, &aRv, &adjustedValue);
|
||||
InternalCommandData commandData = ConvertToInternalCommand(
|
||||
aHTMLCommandName, &aValue, &aSubjectPrincipal, &aRv, &adjustedValue);
|
||||
switch (commandData.mCommand) {
|
||||
case Command::DoNothing:
|
||||
return false;
|
||||
@@ -20202,13 +20203,13 @@ static already_AddRefed<Document> CreateHTMLDocument(GlobalObject& aGlobal,
|
||||
/* static */
|
||||
already_AddRefed<Document> Document::ParseHTMLUnsafe(
|
||||
GlobalObject& aGlobal, const TrustedHTMLOrString& aHTML,
|
||||
ErrorResult& aError) {
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) {
|
||||
nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
|
||||
constexpr nsLiteralString sink = u"Document parseHTMLUnsafe"_ns;
|
||||
Maybe<nsAutoString> compliantStringHolder;
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aHTML, sink, kTrustedTypesOnlySinkGroup, *global,
|
||||
aHTML, sink, kTrustedTypesOnlySinkGroup, *global, aSubjectPrincipal,
|
||||
compliantStringHolder, aError);
|
||||
if (aError.Failed()) {
|
||||
return nullptr;
|
||||
|
||||
@@ -4499,6 +4499,7 @@ class Document : public nsINode,
|
||||
* execCommand().
|
||||
* @param aValue The value which is set to the 3rd parameter
|
||||
* of execCommand().
|
||||
* @param aSubjectPrincipal Principal used for execCommand().
|
||||
* @param aRv ErrorResult used for Trusted Type conversion.
|
||||
* @param aAdjustedValue [out] Must be empty string if set non-nullptr.
|
||||
* Will be set to adjusted value for executing
|
||||
@@ -4514,7 +4515,8 @@ class Document : public nsINode,
|
||||
*/
|
||||
MOZ_CAN_RUN_SCRIPT InternalCommandData ConvertToInternalCommand(
|
||||
const nsAString& aHTMLCommandName,
|
||||
const TrustedHTMLOrString* aValue = nullptr, ErrorResult* aRv = nullptr,
|
||||
const TrustedHTMLOrString* aValue = nullptr,
|
||||
nsIPrincipal* aSubjectPrincipal = nullptr, ErrorResult* aRv = nullptr,
|
||||
nsAString* aAdjustedValue = nullptr);
|
||||
|
||||
/**
|
||||
@@ -5583,7 +5585,7 @@ class Document : public nsINode,
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT static already_AddRefed<Document> ParseHTMLUnsafe(
|
||||
GlobalObject& aGlobal, const TrustedHTMLOrString& aHTML,
|
||||
ErrorResult& aError);
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
|
||||
|
||||
static already_AddRefed<Document> ParseHTML(GlobalObject& aGlobal,
|
||||
const nsAString& aHTML,
|
||||
|
||||
@@ -4327,7 +4327,7 @@ void Element::SetInnerHTML(const TrustedHTMLOrNullIsEmptyString& aInnerHTML,
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aInnerHTML, sink, kTrustedTypesOnlySinkGroup, *this,
|
||||
compliantStringHolder, aError);
|
||||
aSubjectPrincipal, compliantStringHolder, aError);
|
||||
|
||||
if (aError.Failed()) {
|
||||
return;
|
||||
@@ -4347,6 +4347,7 @@ void Element::GetOuterHTML(OwningTrustedHTMLOrNullIsEmptyString& aOuterHTML) {
|
||||
}
|
||||
|
||||
void Element::SetOuterHTML(const TrustedHTMLOrNullIsEmptyString& aOuterHTML,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError) {
|
||||
constexpr nsLiteralString sink = u"Element outerHTML"_ns;
|
||||
|
||||
@@ -4354,7 +4355,7 @@ void Element::SetOuterHTML(const TrustedHTMLOrNullIsEmptyString& aOuterHTML,
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aOuterHTML, sink, kTrustedTypesOnlySinkGroup, *this,
|
||||
compliantStringHolder, aError);
|
||||
aSubjectPrincipal, compliantStringHolder, aError);
|
||||
if (aError.Failed()) {
|
||||
return;
|
||||
}
|
||||
@@ -4416,14 +4417,14 @@ enum nsAdjacentPosition { eBeforeBegin, eAfterBegin, eBeforeEnd, eAfterEnd };
|
||||
|
||||
void Element::InsertAdjacentHTML(
|
||||
const nsAString& aPosition, const TrustedHTMLOrString& aTrustedHTMLOrString,
|
||||
ErrorResult& aError) {
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) {
|
||||
constexpr nsLiteralString kSink = u"Element insertAdjacentHTML"_ns;
|
||||
|
||||
Maybe<nsAutoString> compliantStringHolder;
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aTrustedHTMLOrString, kSink, kTrustedTypesOnlySinkGroup, *this,
|
||||
compliantStringHolder, aError);
|
||||
aSubjectPrincipal, compliantStringHolder, aError);
|
||||
|
||||
if (aError.Failed()) {
|
||||
return;
|
||||
@@ -5485,9 +5486,10 @@ EditorBase* Element::GetExtantEditor() const {
|
||||
}
|
||||
|
||||
void Element::SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError) {
|
||||
nsContentUtils::SetHTMLUnsafe(this, this, aHTML, false /*aIsShadowRoot*/,
|
||||
aError);
|
||||
aSubjectPrincipal, aError);
|
||||
}
|
||||
|
||||
// https://html.spec.whatwg.org/#event-beforematch
|
||||
|
||||
@@ -1668,11 +1668,13 @@ class Element : public FragmentOrElement {
|
||||
void GetOuterHTML(OwningTrustedHTMLOrNullIsEmptyString& aOuterHTML);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT void SetOuterHTML(
|
||||
const TrustedHTMLOrNullIsEmptyString& aOuterHTML, ErrorResult& aError);
|
||||
const TrustedHTMLOrNullIsEmptyString& aOuterHTML,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT void InsertAdjacentHTML(
|
||||
const nsAString& aPosition,
|
||||
const TrustedHTMLOrString& aTrustedHTMLOrString, ErrorResult& aError);
|
||||
const TrustedHTMLOrString& aTrustedHTMLOrString,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
|
||||
|
||||
void SetHTML(const nsAString& aInnerHTML, const SetHTMLOptions& aOptions,
|
||||
ErrorResult& aError);
|
||||
@@ -2268,6 +2270,7 @@ class Element : public FragmentOrElement {
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
virtual void SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
|
||||
@@ -885,10 +885,11 @@ nsresult ShadowRoot::Clone(dom::NodeInfo* aNodeInfo, nsINode** aResult) const {
|
||||
}
|
||||
|
||||
void ShadowRoot::SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError) {
|
||||
RefPtr<Element> host = GetHost();
|
||||
nsContentUtils::SetHTMLUnsafe(this, host, aHTML, true /*aIsShadowRoot*/,
|
||||
aError);
|
||||
aSubjectPrincipal, aError);
|
||||
}
|
||||
|
||||
void ShadowRoot::GetInnerHTML(
|
||||
@@ -897,14 +898,15 @@ void ShadowRoot::GetInnerHTML(
|
||||
}
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT void ShadowRoot::SetInnerHTML(
|
||||
const TrustedHTMLOrNullIsEmptyString& aInnerHTML, ErrorResult& aError) {
|
||||
const TrustedHTMLOrNullIsEmptyString& aInnerHTML,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) {
|
||||
constexpr nsLiteralString sink = u"ShadowRoot innerHTML"_ns;
|
||||
|
||||
Maybe<nsAutoString> compliantStringHolder;
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aInnerHTML, sink, kTrustedTypesOnlySinkGroup, *this,
|
||||
compliantStringHolder, aError);
|
||||
aSubjectPrincipal, compliantStringHolder, aError);
|
||||
if (aError.Failed()) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -21,6 +21,7 @@
|
||||
|
||||
class nsAtom;
|
||||
class nsIContent;
|
||||
class nsIPrincipal;
|
||||
|
||||
namespace mozilla {
|
||||
|
||||
@@ -250,13 +251,15 @@ class ShadowRoot final : public DocumentFragment, public DocumentOrShadowRoot {
|
||||
}
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
void SetHTMLUnsafe(const TrustedHTMLOrString& aHTML, ErrorResult& aError);
|
||||
void SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
|
||||
|
||||
// @param aInnerHTML will always be of type `NullIsEmptyString`.
|
||||
void GetInnerHTML(OwningTrustedHTMLOrNullIsEmptyString& aInnerHTML);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT void SetInnerHTML(
|
||||
const TrustedHTMLOrNullIsEmptyString& aInnerHTML, ErrorResult& aError);
|
||||
const TrustedHTMLOrNullIsEmptyString& aInnerHTML,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
|
||||
|
||||
void GetHTML(const GetHTMLOptions& aOptions, nsAString& aResult);
|
||||
|
||||
|
||||
@@ -5867,14 +5867,17 @@ uint32_t computeSanitizationFlags(nsIPrincipal* aPrincipal, int32_t aFlags) {
|
||||
void nsContentUtils::SetHTMLUnsafe(FragmentOrElement* aTarget,
|
||||
Element* aContext,
|
||||
const TrustedHTMLOrString& aSource,
|
||||
bool aIsShadowRoot, ErrorResult& aError) {
|
||||
bool aIsShadowRoot,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError) {
|
||||
constexpr nsLiteralString elementSink = u"Element setHTMLUnsafe"_ns;
|
||||
constexpr nsLiteralString shadowRootSink = u"ShadowRoot setHTMLUnsafe"_ns;
|
||||
Maybe<nsAutoString> compliantStringHolder;
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aSource, aIsShadowRoot ? shadowRootSink : elementSink,
|
||||
kTrustedTypesOnlySinkGroup, *aContext, compliantStringHolder, aError);
|
||||
kTrustedTypesOnlySinkGroup, *aContext, aSubjectPrincipal,
|
||||
compliantStringHolder, aError);
|
||||
if (aError.Failed()) {
|
||||
return;
|
||||
}
|
||||
@@ -9826,7 +9829,8 @@ static CheckedInt<uint32_t> ExtraSpaceNeededForAttrEncoding(
|
||||
// & in it. We subtract 1 for the null terminator, then 1 more for the
|
||||
// existing character that will be replaced.
|
||||
constexpr uint32_t maxCharExtraSpace =
|
||||
std::max({std::size("""), std::size("&"), std::size(" "), std::size("<"), std::size(">")}) -
|
||||
std::max({std::size("""), std::size("&"), std::size(" "),
|
||||
std::size("<"), std::size(">")}) -
|
||||
2;
|
||||
static_assert(maxCharExtraSpace < 100, "Possible underflow");
|
||||
return CheckedInt<uint32_t>(numEncodedChars) * maxCharExtraSpace;
|
||||
|
||||
@@ -1895,7 +1895,8 @@ class nsContentUtils {
|
||||
static void SetHTMLUnsafe(mozilla::dom::FragmentOrElement* aTarget,
|
||||
Element* aContext,
|
||||
const mozilla::dom::TrustedHTMLOrString& aSource,
|
||||
bool aIsShadowRoot, mozilla::ErrorResult& aError);
|
||||
bool aIsShadowRoot, nsIPrincipal* aSubjectPrincipal,
|
||||
mozilla::ErrorResult& aError);
|
||||
/**
|
||||
* Invoke the fragment parsing algorithm (innerHTML) using the HTML parser.
|
||||
*
|
||||
|
||||
@@ -6166,23 +6166,23 @@ nsGlobalWindowInner* nsGlobalWindowInner::InnerForSetTimeoutOrInterval(
|
||||
int32_t nsGlobalWindowInner::SetTimeout(
|
||||
JSContext* aCx, const FunctionOrTrustedScriptOrString& aHandler,
|
||||
int32_t aTimeout, const Sequence<JS::Value>& aArguments,
|
||||
ErrorResult& aError) {
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) {
|
||||
return SetTimeoutOrInterval(aCx, aHandler, aTimeout, aArguments, false,
|
||||
aError);
|
||||
aSubjectPrincipal, aError);
|
||||
}
|
||||
|
||||
int32_t nsGlobalWindowInner::SetInterval(
|
||||
JSContext* aCx, const FunctionOrTrustedScriptOrString& aHandler,
|
||||
const int32_t aTimeout, const Sequence<JS::Value>& aArguments,
|
||||
ErrorResult& aError) {
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) {
|
||||
return SetTimeoutOrInterval(aCx, aHandler, aTimeout, aArguments, true,
|
||||
aError);
|
||||
aSubjectPrincipal, aError);
|
||||
}
|
||||
|
||||
int32_t nsGlobalWindowInner::SetTimeoutOrInterval(
|
||||
JSContext* aCx, const FunctionOrTrustedScriptOrString& aHandler,
|
||||
int32_t aTimeout, const Sequence<JS::Value>& aArguments, bool aIsInterval,
|
||||
ErrorResult& aError) {
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) {
|
||||
nsGlobalWindowInner* inner = InnerForSetTimeoutOrInterval(aError);
|
||||
if (!inner) {
|
||||
return -1;
|
||||
@@ -6191,7 +6191,8 @@ int32_t nsGlobalWindowInner::SetTimeoutOrInterval(
|
||||
if (inner != this) {
|
||||
RefPtr<nsGlobalWindowInner> innerRef(inner);
|
||||
return innerRef->SetTimeoutOrInterval(aCx, aHandler, aTimeout, aArguments,
|
||||
aIsInterval, aError);
|
||||
aIsInterval, aSubjectPrincipal,
|
||||
aError);
|
||||
}
|
||||
|
||||
DebuggerNotificationDispatch(
|
||||
@@ -6229,8 +6230,8 @@ int32_t nsGlobalWindowInner::SetTimeoutOrInterval(
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aHandler, aIsInterval ? sinkSetInterval : sinkSetTimeout,
|
||||
kTrustedTypesOnlySinkGroup, *pinnedGlobal, compliantStringHolder,
|
||||
aError);
|
||||
kTrustedTypesOnlySinkGroup, *pinnedGlobal, aSubjectPrincipal,
|
||||
compliantStringHolder, aError);
|
||||
if (aError.Failed()) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -721,7 +721,7 @@ class nsGlobalWindowInner final : public mozilla::dom::EventTarget,
|
||||
JSContext* aCx,
|
||||
const mozilla::dom::FunctionOrTrustedScriptOrString& aHandler,
|
||||
int32_t aTimeout, const mozilla::dom::Sequence<JS::Value>& /* unused */,
|
||||
mozilla::ErrorResult& aError);
|
||||
nsIPrincipal* aSubjectPrincipal, mozilla::ErrorResult& aError);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
void ClearTimeout(int32_t aHandle);
|
||||
@@ -732,7 +732,7 @@ class nsGlobalWindowInner final : public mozilla::dom::EventTarget,
|
||||
const mozilla::dom::FunctionOrTrustedScriptOrString& aHandler,
|
||||
const int32_t aTimeout,
|
||||
const mozilla::dom::Sequence<JS::Value>& /* unused */,
|
||||
mozilla::ErrorResult& aError);
|
||||
nsIPrincipal* aSubjectPrincipal, mozilla::ErrorResult& aError);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
void ClearInterval(int32_t aHandle);
|
||||
@@ -1081,7 +1081,8 @@ class nsGlobalWindowInner final : public mozilla::dom::EventTarget,
|
||||
JSContext* aCx,
|
||||
const mozilla::dom::FunctionOrTrustedScriptOrString& aHandler,
|
||||
int32_t aTimeout, const mozilla::dom::Sequence<JS::Value>& aArguments,
|
||||
bool aIsInterval, mozilla::ErrorResult& aError);
|
||||
bool aIsInterval, nsIPrincipal* aSubjectPrincipal,
|
||||
mozilla::ErrorResult& aError);
|
||||
|
||||
// Return true if |aTimeout| was cleared while its handler ran.
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
|
||||
@@ -2729,7 +2729,8 @@ already_AddRefed<DocumentFragment> nsRange::CreateContextualFragment(
|
||||
}
|
||||
|
||||
already_AddRefed<DocumentFragment> nsRange::CreateContextualFragment(
|
||||
const TrustedHTMLOrString& aFragment, ErrorResult& aRv) const {
|
||||
const TrustedHTMLOrString& aFragment, nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv) const {
|
||||
if (!mIsPositioned) {
|
||||
aRv.Throw(NS_ERROR_FAILURE);
|
||||
return nullptr;
|
||||
@@ -2741,7 +2742,7 @@ already_AddRefed<DocumentFragment> nsRange::CreateContextualFragment(
|
||||
nsCOMPtr<nsINode> node = mStart.GetContainer();
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aFragment, sink, kTrustedTypesOnlySinkGroup, *node,
|
||||
aFragment, sink, kTrustedTypesOnlySinkGroup, *node, aSubjectPrincipal,
|
||||
compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return nullptr;
|
||||
|
||||
@@ -23,6 +23,8 @@
|
||||
#include "mozilla/RangeBoundary.h"
|
||||
#include "mozilla/RefPtr.h"
|
||||
|
||||
class nsIPrincipal;
|
||||
|
||||
namespace mozilla {
|
||||
class RectCallback;
|
||||
namespace dom {
|
||||
@@ -216,6 +218,7 @@ class nsRange final : public mozilla::dom::AbstractRange,
|
||||
const nsAString& aString, ErrorResult& aError) const;
|
||||
MOZ_CAN_RUN_SCRIPT already_AddRefed<mozilla::dom::DocumentFragment>
|
||||
CreateContextualFragment(const mozilla::dom::TrustedHTMLOrString&,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError) const;
|
||||
already_AddRefed<mozilla::dom::DocumentFragment> CloneContents(
|
||||
ErrorResult& aErr);
|
||||
|
||||
@@ -392,13 +392,14 @@ void HTMLIFrameElement::GetSrcdoc(OwningTrustedHTMLOrString& aSrcdoc) {
|
||||
}
|
||||
|
||||
void HTMLIFrameElement::SetSrcdoc(const TrustedHTMLOrString& aSrcdoc,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError) {
|
||||
constexpr nsLiteralString sink = u"HTMLIFrameElement srcdoc"_ns;
|
||||
|
||||
Maybe<nsAutoString> compliantStringHolder;
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aSrcdoc, sink, kTrustedTypesOnlySinkGroup, *this,
|
||||
aSrcdoc, sink, kTrustedTypesOnlySinkGroup, *this, aSubjectPrincipal,
|
||||
compliantStringHolder, aError);
|
||||
if (aError.Failed()) {
|
||||
return;
|
||||
|
||||
@@ -65,6 +65,7 @@ class HTMLIFrameElement final : public nsGenericHTMLFrameElement {
|
||||
void GetSrcdoc(OwningTrustedHTMLOrString& aSrcdoc);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT void SetSrcdoc(const TrustedHTMLOrString& aSrcdoc,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError);
|
||||
|
||||
void GetName(DOMString& aName) { GetHTMLAttr(nsGkAtoms::name, aName); }
|
||||
|
||||
@@ -165,13 +165,14 @@ void HTMLScriptElement::GetText(OwningTrustedScriptOrString& aValue,
|
||||
}
|
||||
|
||||
void HTMLScriptElement::SetText(const TrustedScriptOrString& aValue,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv) {
|
||||
constexpr nsLiteralString sink = u"HTMLScriptElement text"_ns;
|
||||
|
||||
Maybe<nsAutoString> compliantStringHolder;
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aValue, sink, kTrustedTypesOnlySinkGroup, *this,
|
||||
aValue, sink, kTrustedTypesOnlySinkGroup, *this, aSubjectPrincipal,
|
||||
compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return;
|
||||
@@ -191,13 +192,14 @@ void HTMLScriptElement::GetInnerText(
|
||||
}
|
||||
|
||||
void HTMLScriptElement::SetInnerText(
|
||||
const TrustedScriptOrNullIsEmptyString& aValue, ErrorResult& aError) {
|
||||
const TrustedScriptOrNullIsEmptyString& aValue,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError) {
|
||||
constexpr nsLiteralString sink = u"HTMLScriptElement innerText"_ns;
|
||||
|
||||
Maybe<nsAutoString> compliantStringHolder;
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aValue, sink, kTrustedTypesOnlySinkGroup, *this,
|
||||
aValue, sink, kTrustedTypesOnlySinkGroup, *this, aSubjectPrincipal,
|
||||
compliantStringHolder, aError);
|
||||
if (aError.Failed()) {
|
||||
return;
|
||||
@@ -226,7 +228,7 @@ void HTMLScriptElement::SetTrustedScriptOrStringTextContent(
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aTextContent.Value(), sink, kTrustedTypesOnlySinkGroup, *this,
|
||||
compliantStringHolder, aError);
|
||||
aSubjectPrincipal, compliantStringHolder, aError);
|
||||
if (aError.Failed()) {
|
||||
return;
|
||||
}
|
||||
@@ -238,20 +240,20 @@ void HTMLScriptElement::GetSrc(OwningTrustedScriptURLOrString& aSrc) {
|
||||
}
|
||||
|
||||
void HTMLScriptElement::SetSrc(const TrustedScriptURLOrString& aSrc,
|
||||
nsIPrincipal* aTriggeringPrincipal,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv) {
|
||||
constexpr nsLiteralString sink = u"HTMLScriptElement src"_ns;
|
||||
|
||||
Maybe<nsAutoString> compliantStringHolder;
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aSrc, sink, kTrustedTypesOnlySinkGroup, *this, compliantStringHolder,
|
||||
aRv);
|
||||
aSrc, sink, kTrustedTypesOnlySinkGroup, *this, aSubjectPrincipal,
|
||||
compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return;
|
||||
}
|
||||
|
||||
SetHTMLAttr(nsGkAtoms::src, *compliantString, aTriggeringPrincipal, aRv);
|
||||
SetHTMLAttr(nsGkAtoms::src, *compliantString, aSubjectPrincipal, aRv);
|
||||
}
|
||||
|
||||
// variation of this code in SVGScriptElement - check if changes
|
||||
|
||||
@@ -78,6 +78,7 @@ class HTMLScriptElement final : public nsGenericHTMLElement,
|
||||
ErrorResult& aRv) const;
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT void SetText(const TrustedScriptOrString& aValue,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv);
|
||||
|
||||
// @param aValue will always be of type `NullIsEmptyString`.
|
||||
@@ -85,7 +86,8 @@ class HTMLScriptElement final : public nsGenericHTMLElement,
|
||||
OwningTrustedScriptOrNullIsEmptyString& aValue, ErrorResult& aError);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT void SetInnerText(
|
||||
const TrustedScriptOrNullIsEmptyString& aValue, ErrorResult& aError);
|
||||
const TrustedScriptOrNullIsEmptyString& aValue,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
|
||||
|
||||
// @param aTextContent will always be of type `String`.
|
||||
MOZ_CAN_RUN_SCRIPT void GetTrustedScriptOrStringTextContent(
|
||||
@@ -112,7 +114,7 @@ class HTMLScriptElement final : public nsGenericHTMLElement,
|
||||
void GetSrc(OwningTrustedScriptURLOrString& aSrc);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT void SetSrc(const TrustedScriptURLOrString& aSrc,
|
||||
nsIPrincipal* aTriggeringPrincipal,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv);
|
||||
|
||||
void GetType(nsAString& aType) { GetHTMLAttr(nsGkAtoms::type, aType); }
|
||||
|
||||
@@ -103,10 +103,11 @@ bool HTMLTemplateElement::ParseAttribute(int32_t aNamespaceID,
|
||||
}
|
||||
|
||||
void HTMLTemplateElement::SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError) {
|
||||
RefPtr<DocumentFragment> content = mContent;
|
||||
nsContentUtils::SetHTMLUnsafe(content, this, aHTML, false /*aIsShadowRoot*/,
|
||||
aError);
|
||||
aSubjectPrincipal, aError);
|
||||
}
|
||||
|
||||
} // namespace mozilla::dom
|
||||
|
||||
@@ -74,6 +74,7 @@ class HTMLTemplateElement final : public nsGenericHTMLElement {
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
void SetHTMLUnsafe(const TrustedHTMLOrString& aHTML,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aError) final;
|
||||
|
||||
protected:
|
||||
|
||||
@@ -412,7 +412,8 @@ template <typename ExpectedType, typename TrustedTypeOrString,
|
||||
MOZ_CAN_RUN_SCRIPT inline const nsAString* GetTrustedTypesCompliantString(
|
||||
const TrustedTypeOrString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, NodeOrGlobalObject& aNodeOrGlobalObject,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError) {
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError) {
|
||||
MOZ_ASSERT(aSinkGroup == kTrustedTypesOnlySinkGroup);
|
||||
if (!StaticPrefs::dom_security_trusted_types_enabled()) {
|
||||
// A trusted type might've been created before the pref was set to `false`,
|
||||
@@ -557,9 +558,11 @@ MOZ_CAN_RUN_SCRIPT inline const nsAString* GetTrustedTypesCompliantString(
|
||||
const nsAString* GetTrustedTypesCompliantString( \
|
||||
const _trustedTypeOrString& aInput, const nsAString& aSink, \
|
||||
const nsAString& aSinkGroup, _nodeOrGlobalObject& aNodeOrGlobal, \
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError) { \
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder, \
|
||||
ErrorResult& aError) { \
|
||||
return GetTrustedTypesCompliantString<_expectedType>( \
|
||||
aInput, aSink, aSinkGroup, aNodeOrGlobal, aResultHolder, aError); \
|
||||
aInput, aSink, aSinkGroup, aNodeOrGlobal, aPrincipalOrNull, \
|
||||
aResultHolder, aError); \
|
||||
}
|
||||
|
||||
IMPL_GET_TRUSTED_TYPES_COMPLIANT_STRING(TrustedHTMLOrString, TrustedHTML,
|
||||
@@ -589,7 +592,7 @@ GetTrustedTypesCompliantStringForTrustedHTML(const nsAString& aInput,
|
||||
Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError) {
|
||||
return GetTrustedTypesCompliantString<TrustedHTML>(
|
||||
&aInput, aSink, aSinkGroup, aNode, aResultHolder, aError);
|
||||
&aInput, aSink, aSinkGroup, aNode, nullptr, aResultHolder, aError);
|
||||
}
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString*
|
||||
@@ -598,7 +601,8 @@ GetTrustedTypesCompliantStringForTrustedScript(
|
||||
const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError) {
|
||||
return GetTrustedTypesCompliantString<TrustedScript>(
|
||||
&aInput, aSink, aSinkGroup, aGlobalObject, aResultHolder, aError);
|
||||
&aInput, aSink, aSinkGroup, aGlobalObject, nullptr, aResultHolder,
|
||||
aError);
|
||||
}
|
||||
|
||||
bool GetTrustedTypeDataForAttribute(const nsAtom* aElementName,
|
||||
@@ -706,16 +710,16 @@ MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue(
|
||||
switch (expectedType) {
|
||||
case TrustedType::TrustedHTML:
|
||||
return GetTrustedTypesCompliantString<TrustedHTML>(
|
||||
input, sink, kTrustedTypesOnlySinkGroup, aElement, aResultHolder,
|
||||
aError);
|
||||
input, sink, kTrustedTypesOnlySinkGroup, aElement, nullptr,
|
||||
aResultHolder, aError);
|
||||
case TrustedType::TrustedScript:
|
||||
return GetTrustedTypesCompliantString<TrustedScript>(
|
||||
input, sink, kTrustedTypesOnlySinkGroup, aElement, aResultHolder,
|
||||
aError);
|
||||
input, sink, kTrustedTypesOnlySinkGroup, aElement, nullptr,
|
||||
aResultHolder, aError);
|
||||
case TrustedType::TrustedScriptURL:
|
||||
return GetTrustedTypesCompliantString<TrustedScriptURL>(
|
||||
input, sink, kTrustedTypesOnlySinkGroup, aElement, aResultHolder,
|
||||
aError);
|
||||
input, sink, kTrustedTypesOnlySinkGroup, aElement, nullptr,
|
||||
aResultHolder, aError);
|
||||
}
|
||||
MOZ_ASSERT_UNREACHABLE();
|
||||
return nullptr;
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
#include "js/TypeDecls.h"
|
||||
|
||||
class nsIContentSecurityPolicy;
|
||||
class nsIPrincipal;
|
||||
|
||||
namespace mozilla {
|
||||
|
||||
@@ -70,39 +71,48 @@ nsString GetTrustedTypeName(TrustedType aTrustedType);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
|
||||
const TrustedHTMLOrString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, const nsINode& aNode,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
|
||||
const TrustedHTMLOrNullIsEmptyString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, const nsINode& aNode,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
|
||||
const TrustedHTMLOrString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
|
||||
const TrustedScriptOrString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, const nsINode& aNode,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
|
||||
const TrustedScriptOrNullIsEmptyString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, const nsINode& aNode,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
|
||||
const FunctionOrTrustedScriptOrString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
|
||||
const TrustedScriptURLOrString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, const nsINode& aNode,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
|
||||
const TrustedScriptURLOrUSVString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
|
||||
const OwningTrustedScriptURLOrString& aInput, const nsAString& aSink,
|
||||
const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
|
||||
Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
|
||||
nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
|
||||
ErrorResult& aError);
|
||||
MOZ_CAN_RUN_SCRIPT const nsAString*
|
||||
GetTrustedTypesCompliantStringForTrustedHTML(const nsAString& aInput,
|
||||
const nsAString& aSink,
|
||||
|
||||
@@ -166,7 +166,7 @@ JSObject* ServiceWorkerContainer::WrapObject(
|
||||
|
||||
already_AddRefed<Promise> ServiceWorkerContainer::Register(
|
||||
const TrustedScriptURLOrUSVString& aScriptURL,
|
||||
const RegistrationOptions& aOptions, const CallerType aCallerType,
|
||||
const RegistrationOptions& aOptions, nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv) {
|
||||
AUTO_PROFILER_MARKER_UNTYPED("SWC Register", DOM, {});
|
||||
|
||||
@@ -196,7 +196,7 @@ already_AddRefed<Promise> ServiceWorkerContainer::Register(
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aScriptURL, sink, kTrustedTypesOnlySinkGroup, *global,
|
||||
compliantStringHolder, aRv);
|
||||
aSubjectPrincipal, compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
#include "mozilla/dom/ServiceWorkerUtils.h"
|
||||
|
||||
class nsIGlobalWindow;
|
||||
class nsIPrincipal;
|
||||
|
||||
namespace mozilla::dom {
|
||||
|
||||
@@ -54,7 +55,7 @@ class ServiceWorkerContainer final : public DOMEventTargetHelper {
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT already_AddRefed<Promise> Register(
|
||||
const TrustedScriptURLOrUSVString& aScriptURL,
|
||||
const RegistrationOptions& aOptions, const CallerType aCallerType,
|
||||
const RegistrationOptions& aOptions, nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv);
|
||||
|
||||
already_AddRefed<ServiceWorker> GetController();
|
||||
|
||||
@@ -10,6 +10,8 @@
|
||||
#include "mozilla/SVGAnimatedClassOrString.h"
|
||||
#include "mozilla/dom/SVGElement.h"
|
||||
|
||||
class nsIPrincipal;
|
||||
|
||||
namespace mozilla::dom {
|
||||
|
||||
class OwningTrustedScriptURLOrString;
|
||||
@@ -33,9 +35,10 @@ class DOMSVGAnimatedString final : public nsWrapperCache {
|
||||
mVal->GetBaseValue(aResult, mSVGElement);
|
||||
}
|
||||
MOZ_CAN_RUN_SCRIPT void SetBaseVal(const TrustedScriptURLOrString& aValue,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv) {
|
||||
RefPtr<SVGElement> svgElement = mSVGElement;
|
||||
mVal->SetBaseValue(aValue, svgElement, true, aRv);
|
||||
mVal->SetBaseValue(aValue, svgElement, true, aSubjectPrincipal, aRv);
|
||||
}
|
||||
void GetAnimVal(nsAString& aResult) {
|
||||
mSVGElement->FlushAnimations();
|
||||
|
||||
@@ -35,7 +35,7 @@ void SVGAnimatedClassOrString::RemoveTearoff() {
|
||||
|
||||
void SVGAnimatedClassOrString::SetBaseValue(
|
||||
const TrustedScriptURLOrString& aValue, SVGElement* aSVGElement,
|
||||
bool aDoSetAttr, ErrorResult&) {
|
||||
bool aDoSetAttr, nsIPrincipal*, ErrorResult&) {
|
||||
// The spec is not super explicit, but it makes sense to default to the
|
||||
// associated data value for TrustedScriptURL values.
|
||||
// https://github.com/w3c/svgwg/issues/961
|
||||
|
||||
@@ -10,6 +10,8 @@
|
||||
#include "nsStringFwd.h"
|
||||
#include "mozilla/AlreadyAddRefed.h"
|
||||
|
||||
class nsIPrincipal;
|
||||
|
||||
namespace mozilla {
|
||||
|
||||
class ErrorResult;
|
||||
@@ -31,7 +33,7 @@ class SVGAnimatedClassOrString {
|
||||
bool aDoSetAttr) = 0;
|
||||
MOZ_CAN_RUN_SCRIPT virtual void SetBaseValue(
|
||||
const TrustedScriptURLOrString& aValue, SVGElement* aSVGElement,
|
||||
bool aDoSetAttr, ErrorResult& aRv);
|
||||
bool aDoSetAttr, nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv);
|
||||
virtual void GetBaseValue(nsAString& aValue,
|
||||
const SVGElement* aSVGElement) const = 0;
|
||||
virtual void GetBaseValue(OwningTrustedScriptURLOrString& aValue,
|
||||
|
||||
@@ -98,7 +98,7 @@ nsresult SVGAnimatedString::SMILString::SetAnimValue(const SMILValue& aValue) {
|
||||
|
||||
void SVGAnimatedScriptHrefString::SetBaseValue(
|
||||
const TrustedScriptURLOrString& aValue, SVGElement* aSVGElement,
|
||||
bool aDoSetAttr, ErrorResult& aRv) {
|
||||
bool aDoSetAttr, nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv) {
|
||||
// https://svgwg.org/svg2-draft/single-page.html#types-InterfaceSVGAnimatedString
|
||||
// See https://github.com/w3c/svgwg/pull/934
|
||||
MOZ_ASSERT(aSVGElement->IsSVGElement(nsGkAtoms::script));
|
||||
@@ -108,7 +108,7 @@ void SVGAnimatedScriptHrefString::SetBaseValue(
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aValue, sink, kTrustedTypesOnlySinkGroup, *svgElement,
|
||||
compliantStringHolder, aRv);
|
||||
aSubjectPrincipal, compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -41,9 +41,10 @@ class SVGAnimatedString : public SVGAnimatedClassOrString {
|
||||
bool aDoSetAttr) override;
|
||||
MOZ_CAN_RUN_SCRIPT void SetBaseValue(const TrustedScriptURLOrString& aValue,
|
||||
SVGElement* aSVGElement, bool aDoSetAttr,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv) override {
|
||||
SVGAnimatedClassOrString::SetBaseValue(aValue, aSVGElement, aDoSetAttr,
|
||||
aRv);
|
||||
aSubjectPrincipal, aRv);
|
||||
}
|
||||
void GetBaseValue(nsAString& aValue,
|
||||
const SVGElement* aSVGElement) const override {
|
||||
@@ -114,6 +115,7 @@ class SVGAnimatedScriptHrefString final : public SVGAnimatedString {
|
||||
using TrustedScriptURLOrString = dom::TrustedScriptURLOrString;
|
||||
MOZ_CAN_RUN_SCRIPT void SetBaseValue(const TrustedScriptURLOrString& aValue,
|
||||
SVGElement* aSVGElement, bool aDoSetAttr,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
ErrorResult& aRv) override;
|
||||
SVGAnimatedScriptHrefString() = default;
|
||||
};
|
||||
|
||||
@@ -23,7 +23,7 @@ interface DOMParser {
|
||||
[Throws]
|
||||
constructor();
|
||||
|
||||
[NewObject, Throws, UseCounter]
|
||||
[NewObject, NeedsSubjectPrincipal=NonSystem, Throws, UseCounter]
|
||||
Document parseFromString((TrustedHTML or DOMString) str, SupportedType type);
|
||||
|
||||
// Mozilla-specific stuff
|
||||
|
||||
@@ -122,7 +122,7 @@ interface Document : Node {
|
||||
|
||||
// https://html.spec.whatwg.org/multipage/dom.html#the-document-object
|
||||
partial interface Document {
|
||||
[Throws]
|
||||
[Throws, NeedsSubjectPrincipal=NonSystem]
|
||||
static Document parseHTMLUnsafe((TrustedHTML or DOMString) html);
|
||||
|
||||
[PutForwards=href, LegacyUnforgeable] readonly attribute Location? location;
|
||||
|
||||
@@ -262,9 +262,9 @@ partial interface Element {
|
||||
partial interface Element {
|
||||
[CEReactions, SetterNeedsSubjectPrincipal=NonSystem, Pure, SetterThrows, GetterCanOOM]
|
||||
attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
|
||||
[CEReactions, Pure, SetterThrows]
|
||||
[CEReactions, SetterNeedsSubjectPrincipal=NonSystem, Pure, SetterThrows]
|
||||
attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) outerHTML;
|
||||
[CEReactions, Throws]
|
||||
[CEReactions, NeedsSubjectPrincipal=NonSystem, Throws]
|
||||
undefined insertAdjacentHTML(DOMString position, (TrustedHTML or DOMString) text);
|
||||
};
|
||||
|
||||
@@ -406,7 +406,7 @@ dictionary GetHTMLOptions {
|
||||
partial interface Element {
|
||||
// https://html.spec.whatwg.org/#dom-element-sethtmlunsafe
|
||||
/* TODO: optional SetHTMLUnsafeOptions options = {} */
|
||||
[Throws]
|
||||
[NeedsSubjectPrincipal=NonSystem, Throws]
|
||||
undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
|
||||
DOMString getHTML(optional GetHTMLOptions options = {});
|
||||
};
|
||||
|
||||
@@ -19,7 +19,7 @@ interface HTMLIFrameElement : HTMLElement {
|
||||
|
||||
[CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows, Pure]
|
||||
attribute DOMString src;
|
||||
[CEReactions, SetterThrows, Pure]
|
||||
[CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows, Pure]
|
||||
attribute (TrustedHTML or DOMString) srcdoc;
|
||||
[CEReactions, SetterThrows, Pure]
|
||||
attribute DOMString name;
|
||||
|
||||
@@ -28,7 +28,7 @@ interface HTMLScriptElement : HTMLElement {
|
||||
attribute DOMString? crossOrigin;
|
||||
[CEReactions, SetterThrows]
|
||||
attribute DOMString referrerPolicy;
|
||||
[CEReactions, Throws]
|
||||
[CEReactions, SetterNeedsSubjectPrincipal=NonSystem, Throws]
|
||||
attribute (TrustedScript or DOMString) text;
|
||||
[Pref="dom.element.blocking.enabled", SameObject, PutForwards=value]
|
||||
readonly attribute DOMTokenList blocking;
|
||||
@@ -54,7 +54,7 @@ partial interface HTMLScriptElement {
|
||||
|
||||
// https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts
|
||||
partial interface HTMLScriptElement {
|
||||
[CEReactions, Throws] attribute (TrustedScript or [LegacyNullToEmptyString] DOMString) innerText;
|
||||
[CEReactions, SetterNeedsSubjectPrincipal=NonSystem, Throws] attribute (TrustedScript or [LegacyNullToEmptyString] DOMString) innerText;
|
||||
[CEReactions, SetterThrows, GetterCanOOM,
|
||||
SetterNeedsSubjectPrincipal=NonSystem, BinaryName="trustedScriptOrStringTextContent"] attribute (TrustedScript or DOMString)? textContent;
|
||||
};
|
||||
|
||||
@@ -75,7 +75,7 @@ interface Range : AbstractRange {
|
||||
|
||||
// http://domparsing.spec.whatwg.org/#dom-range-createcontextualfragment
|
||||
partial interface Range {
|
||||
[CEReactions, Throws, UseCounter]
|
||||
[CEReactions, NeedsSubjectPrincipal=NonSystem, Throws, UseCounter]
|
||||
DocumentFragment createContextualFragment((TrustedHTML or DOMString) fragment);
|
||||
};
|
||||
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
|
||||
[Exposed=Window]
|
||||
interface SVGAnimatedString {
|
||||
[SetterThrows] attribute (TrustedScriptURL or DOMString) baseVal;
|
||||
[SetterThrows, SetterNeedsSubjectPrincipal=NonSystem]
|
||||
attribute (TrustedScriptURL or DOMString) baseVal;
|
||||
|
||||
readonly attribute DOMString animVal;
|
||||
};
|
||||
|
||||
@@ -18,7 +18,7 @@ interface ServiceWorkerContainer : EventTarget {
|
||||
[Throws]
|
||||
readonly attribute Promise<ServiceWorkerRegistration> ready;
|
||||
|
||||
[NewObject, NeedsCallerType, Throws]
|
||||
[NewObject, NeedsSubjectPrincipal=NonSystem, Throws]
|
||||
Promise<ServiceWorkerRegistration> register((TrustedScriptURL or USVString) scriptURL,
|
||||
optional RegistrationOptions options = {});
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ interface ShadowRoot : DocumentFragment
|
||||
Element? getElementById(DOMString elementId);
|
||||
|
||||
// https://w3c.github.io/DOM-Parsing/#the-innerhtml-mixin
|
||||
[CEReactions, SetterThrows]
|
||||
[CEReactions, SetterThrows, SetterNeedsSubjectPrincipal=NonSystem]
|
||||
attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
|
||||
|
||||
// When JS invokes importNode or createElement, the binding code needs to
|
||||
@@ -59,7 +59,7 @@ interface ShadowRoot : DocumentFragment
|
||||
|
||||
partial interface ShadowRoot {
|
||||
// https://html.spec.whatwg.org/#dom-shadowroot-sethtmlunsafe
|
||||
[Throws]
|
||||
[NeedsSubjectPrincipal=NonSystem, Throws]
|
||||
undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
|
||||
DOMString getHTML(optional GetHTMLOptions options = {});
|
||||
};
|
||||
|
||||
@@ -28,10 +28,10 @@ interface mixin WindowOrWorkerGlobalScope {
|
||||
DOMString atob(DOMString atob);
|
||||
|
||||
// timers
|
||||
[Throws]
|
||||
[Throws, NeedsSubjectPrincipal=NonSystem]
|
||||
long setTimeout(TimerHandler handler, optional long timeout = 0, any... arguments);
|
||||
undefined clearTimeout(optional long handle = 0);
|
||||
[Throws]
|
||||
[Throws, NeedsSubjectPrincipal=NonSystem]
|
||||
long setInterval(TimerHandler handler, optional long timeout = 0, any... unused);
|
||||
undefined clearInterval(optional long handle = 0);
|
||||
|
||||
|
||||
@@ -47,6 +47,9 @@ already_AddRefed<Worker> Worker::Constructor(
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// TODO(Bug 1963277) This doen't work for content scripts.
|
||||
nsCOMPtr<nsIPrincipal> principal = aGlobal.GetSubjectPrincipal();
|
||||
|
||||
// The spec only mentions Window and WorkerGlobalScope global objects, but
|
||||
// Gecko can actually call the constructor with other ones, so we just skip
|
||||
// trusted types handling in that case.
|
||||
@@ -62,7 +65,7 @@ already_AddRefed<Worker> Worker::Constructor(
|
||||
if (performTrustedTypeConversion) {
|
||||
constexpr nsLiteralString sink = u"Worker constructor"_ns;
|
||||
compliantString = TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aScriptURL, sink, kTrustedTypesOnlySinkGroup, *globalObject,
|
||||
aScriptURL, sink, kTrustedTypesOnlySinkGroup, *globalObject, principal,
|
||||
compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return nullptr;
|
||||
|
||||
@@ -668,7 +668,7 @@ void WorkerGlobalScope::ImportScripts(
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
scriptURL, sink, kTrustedTypesOnlySinkGroup, *pinnedGlobal,
|
||||
compliantStringHolder, aRv);
|
||||
nullptr, compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return;
|
||||
}
|
||||
@@ -694,8 +694,9 @@ void WorkerGlobalScope::ImportScripts(
|
||||
int32_t WorkerGlobalScope::SetTimeout(
|
||||
JSContext* aCx, const FunctionOrTrustedScriptOrString& aHandler,
|
||||
const int32_t aTimeout, const Sequence<JS::Value>& aArguments,
|
||||
ErrorResult& aRv) {
|
||||
return SetTimeoutOrInterval(aCx, aHandler, aTimeout, aArguments, false, aRv);
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv) {
|
||||
return SetTimeoutOrInterval(aCx, aHandler, aTimeout, aArguments, false,
|
||||
aSubjectPrincipal, aRv);
|
||||
}
|
||||
|
||||
void WorkerGlobalScope::ClearTimeout(int32_t aHandle) {
|
||||
@@ -709,8 +710,9 @@ void WorkerGlobalScope::ClearTimeout(int32_t aHandle) {
|
||||
int32_t WorkerGlobalScope::SetInterval(
|
||||
JSContext* aCx, const FunctionOrTrustedScriptOrString& aHandler,
|
||||
const int32_t aTimeout, const Sequence<JS::Value>& aArguments,
|
||||
ErrorResult& aRv) {
|
||||
return SetTimeoutOrInterval(aCx, aHandler, aTimeout, aArguments, true, aRv);
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv) {
|
||||
return SetTimeoutOrInterval(aCx, aHandler, aTimeout, aArguments, true,
|
||||
aSubjectPrincipal, aRv);
|
||||
}
|
||||
|
||||
void WorkerGlobalScope::ClearInterval(int32_t aHandle) {
|
||||
@@ -724,7 +726,7 @@ void WorkerGlobalScope::ClearInterval(int32_t aHandle) {
|
||||
int32_t WorkerGlobalScope::SetTimeoutOrInterval(
|
||||
JSContext* aCx, const FunctionOrTrustedScriptOrString& aHandler,
|
||||
const int32_t aTimeout, const Sequence<JS::Value>& aArguments,
|
||||
bool aIsInterval, ErrorResult& aRv) {
|
||||
bool aIsInterval, nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv) {
|
||||
AssertIsOnWorkerThread();
|
||||
|
||||
DebuggerNotificationDispatch(
|
||||
@@ -751,8 +753,8 @@ int32_t WorkerGlobalScope::SetTimeoutOrInterval(
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aHandler, aIsInterval ? sinkSetInterval : sinkSetTimeout,
|
||||
kTrustedTypesOnlySinkGroup, *pinnedGlobal, compliantStringHolder,
|
||||
aRv);
|
||||
kTrustedTypesOnlySinkGroup, *pinnedGlobal, aSubjectPrincipal,
|
||||
compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -369,7 +369,7 @@ class WorkerGlobalScope : public WorkerGlobalScopeBase {
|
||||
int32_t SetTimeout(JSContext* aCx,
|
||||
const FunctionOrTrustedScriptOrString& aHandler,
|
||||
int32_t aTimeout, const Sequence<JS::Value>& aArguments,
|
||||
ErrorResult& aRv);
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
void ClearTimeout(int32_t aHandle);
|
||||
@@ -378,7 +378,7 @@ class WorkerGlobalScope : public WorkerGlobalScopeBase {
|
||||
int32_t SetInterval(JSContext* aCx,
|
||||
const FunctionOrTrustedScriptOrString& aHandler,
|
||||
int32_t aTimeout, const Sequence<JS::Value>& aArguments,
|
||||
ErrorResult& aRv);
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv);
|
||||
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
void ClearInterval(int32_t aHandle);
|
||||
@@ -436,11 +436,10 @@ class WorkerGlobalScope : public WorkerGlobalScopeBase {
|
||||
|
||||
private:
|
||||
MOZ_CAN_RUN_SCRIPT
|
||||
int32_t SetTimeoutOrInterval(JSContext* aCx,
|
||||
const FunctionOrTrustedScriptOrString& aHandler,
|
||||
int32_t aTimeout,
|
||||
const Sequence<JS::Value>& aArguments,
|
||||
bool aIsInterval, ErrorResult& aRv);
|
||||
int32_t SetTimeoutOrInterval(
|
||||
JSContext* aCx, const FunctionOrTrustedScriptOrString& aHandler,
|
||||
int32_t aTimeout, const Sequence<JS::Value>& aArguments, bool aIsInterval,
|
||||
nsIPrincipal* aSubjectPrincipal, ErrorResult& aRv);
|
||||
|
||||
RefPtr<Crypto> mCrypto;
|
||||
RefPtr<WorkerLocation> mLocation;
|
||||
|
||||
@@ -137,7 +137,7 @@ already_AddRefed<SharedWorker> SharedWorker::Constructor(
|
||||
nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(window);
|
||||
const nsAString* compliantString =
|
||||
TrustedTypeUtils::GetTrustedTypesCompliantString(
|
||||
aScriptURL, sink, kTrustedTypesOnlySinkGroup, *global,
|
||||
aScriptURL, sink, kTrustedTypesOnlySinkGroup, *global, principal,
|
||||
compliantStringHolder, aRv);
|
||||
if (aRv.Failed()) {
|
||||
return nullptr;
|
||||
|
||||
Reference in New Issue
Block a user