LibWeb: Implement TrustedHTML class

The TrustedHTML interface represents a string that a developer can
confidently insert into an injection sink that will render it as HTML.

These objects are immutable wrappers around a string, constructed via a
TrustedTypePolicy’s createHTML method.

Libraries/LibWeb/CMakeLists.txt

@@ -896,6 +896,7 @@ set(SOURCES
     SVG/SVGViewElement.cpp
     SVG/TagNames.cpp
     SVG/ViewBox.cpp
+    TrustedTypes/TrustedHTML.cpp
     TrustedTypes/TrustedTypePolicyFactory.cpp
     UIEvents/CompositionEvent.cpp
     UIEvents/EventNames.cpp

Libraries/LibWeb/Forward.h

@@ -1220,6 +1220,7 @@ ErrorOr<Web::UniqueNodeID> decode(Decoder&);
 
 namespace Web::TrustedTypes {
 
+class TrustedHTML;
 class TrustedTypePolicyFactory;
 
 }

Libraries/LibWeb/TrustedTypes/TrustedHTML.cpp

@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2025, Miguel Sacristán Izcue <miguel_tete17@hotmail.com>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibWeb/TrustedTypes/TrustedHTML.h>
+
+#include <LibGC/Ptr.h>
+#include <LibJS/Runtime/Realm.h>
+#include <LibWeb/Bindings/Intrinsics.h>
+
+namespace Web::TrustedTypes {
+
+GC_DEFINE_ALLOCATOR(TrustedHTML);
+
+TrustedHTML::TrustedHTML(JS::Realm& realm, Utf16String data)
+    : PlatformObject(realm)
+    , m_data(move(data))
+{
+}
+
+void TrustedHTML::initialize(JS::Realm& realm)
+{
+    WEB_SET_PROTOTYPE_FOR_INTERFACE(TrustedHTML);
+    Base::initialize(realm);
+}
+
+// https://w3c.github.io/trusted-types/dist/spec/#trustedhtml-stringification-behavior
+Utf16String const& TrustedHTML::to_string() const
+{
+    // 1. return the associated data value.
+    return m_data;
+}
+
+// https://w3c.github.io/trusted-types/dist/spec/#dom-trustedhtml-tojson
+Utf16String const& TrustedHTML::to_json() const
+{
+    // 1. return the associated data value.
+    return to_string();
+}
+
+}

Libraries/LibWeb/TrustedTypes/TrustedHTML.h

@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2025, Miguel Sacristán Izcue <miguel_tete17@hotmail.com>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <LibJS/Forward.h>
+#include <LibWeb/Bindings/PlatformObject.h>
+#include <LibWeb/Bindings/TrustedHTMLPrototype.h>
+
+namespace Web::TrustedTypes {
+
+class TrustedHTML final : public Bindings::PlatformObject {
+    WEB_PLATFORM_OBJECT(TrustedHTML, Bindings::PlatformObject);
+    GC_DECLARE_ALLOCATOR(TrustedHTML);
+
+public:
+    virtual ~TrustedHTML() override = default;
+
+    Utf16String const& to_string() const;
+    Utf16String const& to_json() const;
+
+private:
+    explicit TrustedHTML(JS::Realm&, Utf16String);
+    virtual void initialize(JS::Realm&) override;
+
+    Utf16String const m_data;
+};
+
+}

Libraries/LibWeb/TrustedTypes/TrustedHTML.idl

@@ -0,0 +1,6 @@
+// https://w3c.github.io/trusted-types/dist/spec/#trusted-html
+[Exposed=(Window,Worker)]
+interface TrustedHTML {
+    stringifier;
+    Utf16DOMString toJSON();
+};

Libraries/LibWeb/idl_files.cmake

@@ -328,6 +328,7 @@ libweb_js_bindings(Streams/TransformStreamDefaultController)
 libweb_js_bindings(Streams/WritableStream)
 libweb_js_bindings(Streams/WritableStreamDefaultController)
 libweb_js_bindings(Streams/WritableStreamDefaultWriter)
+libweb_js_bindings(TrustedTypes/TrustedHTML)
 libweb_js_bindings(TrustedTypes/TrustedTypePolicyFactory)
 libweb_js_bindings(SVG/SVGAElement)
 libweb_js_bindings(SVG/SVGAnimatedEnumeration)

Meta/Lagom/Tools/CodeGenerators/LibWeb/BindingsGenerator/IDLGenerators.cpp

@@ -116,6 +116,7 @@ static bool is_platform_object(Type const& type)
         "TextMetrics"sv,
         "TextTrack"sv,
         "TimeRanges"sv,
+        "TrustedHTML"sv,
         "TrustedTypePolicyFactory"sv,
         "URLSearchParams"sv,
         "VTTRegion"sv,

Tests/LibWeb/Text/expected/all-window-properties.txt

@@ -432,6 +432,7 @@ TransformStream
 TransformStreamDefaultController
 TransitionEvent
 TreeWalker
+TrustedHTML
 TrustedTypePolicyFactory
 TypeError
 UIEvent