From 0a147aa9a19daa123e380ee21d3b679b90255f90 Mon Sep 17 00:00:00 2001 From: Tete17 Date: Thu, 31 Jul 2025 00:21:13 +0200 Subject: [PATCH] LibWeb: Implement TrustedHTML class MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The TrustedHTML interface represents a string that a developer can confidently insert into an injection sink that will render it as HTML. These objects are immutable wrappers around a string, constructed via a TrustedTypePolicy’s createHTML method. --- Libraries/LibWeb/CMakeLists.txt | 1 + Libraries/LibWeb/Forward.h | 1 + Libraries/LibWeb/TrustedTypes/TrustedHTML.cpp | 43 +++++++++++++++++++ Libraries/LibWeb/TrustedTypes/TrustedHTML.h | 32 ++++++++++++++ Libraries/LibWeb/TrustedTypes/TrustedHTML.idl | 6 +++ Libraries/LibWeb/idl_files.cmake | 1 + .../BindingsGenerator/IDLGenerators.cpp | 1 + .../Text/expected/all-window-properties.txt | 1 + 8 files changed, 86 insertions(+) create mode 100644 Libraries/LibWeb/TrustedTypes/TrustedHTML.cpp create mode 100644 Libraries/LibWeb/TrustedTypes/TrustedHTML.h create mode 100644 Libraries/LibWeb/TrustedTypes/TrustedHTML.idl diff --git a/Libraries/LibWeb/CMakeLists.txt b/Libraries/LibWeb/CMakeLists.txt index c7ee9ef83f9..7aca27c004c 100644 --- a/Libraries/LibWeb/CMakeLists.txt +++ b/Libraries/LibWeb/CMakeLists.txt @@ -896,6 +896,7 @@ set(SOURCES SVG/SVGViewElement.cpp SVG/TagNames.cpp SVG/ViewBox.cpp + TrustedTypes/TrustedHTML.cpp TrustedTypes/TrustedTypePolicyFactory.cpp UIEvents/CompositionEvent.cpp UIEvents/EventNames.cpp diff --git a/Libraries/LibWeb/Forward.h b/Libraries/LibWeb/Forward.h index e849e2574bf..8f3ff311e54 100644 --- a/Libraries/LibWeb/Forward.h +++ b/Libraries/LibWeb/Forward.h @@ -1220,6 +1220,7 @@ ErrorOr decode(Decoder&); namespace Web::TrustedTypes { +class TrustedHTML; class TrustedTypePolicyFactory; } diff --git a/Libraries/LibWeb/TrustedTypes/TrustedHTML.cpp b/Libraries/LibWeb/TrustedTypes/TrustedHTML.cpp new file mode 100644 index 00000000000..ec7c827b70c --- /dev/null +++ b/Libraries/LibWeb/TrustedTypes/TrustedHTML.cpp @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2025, Miguel Sacristán Izcue + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +#include +#include +#include + +namespace Web::TrustedTypes { + +GC_DEFINE_ALLOCATOR(TrustedHTML); + +TrustedHTML::TrustedHTML(JS::Realm& realm, Utf16String data) + : PlatformObject(realm) + , m_data(move(data)) +{ +} + +void TrustedHTML::initialize(JS::Realm& realm) +{ + WEB_SET_PROTOTYPE_FOR_INTERFACE(TrustedHTML); + Base::initialize(realm); +} + +// https://w3c.github.io/trusted-types/dist/spec/#trustedhtml-stringification-behavior +Utf16String const& TrustedHTML::to_string() const +{ + // 1. return the associated data value. + return m_data; +} + +// https://w3c.github.io/trusted-types/dist/spec/#dom-trustedhtml-tojson +Utf16String const& TrustedHTML::to_json() const +{ + // 1. return the associated data value. + return to_string(); +} + +} diff --git a/Libraries/LibWeb/TrustedTypes/TrustedHTML.h b/Libraries/LibWeb/TrustedTypes/TrustedHTML.h new file mode 100644 index 00000000000..11d2f762b56 --- /dev/null +++ b/Libraries/LibWeb/TrustedTypes/TrustedHTML.h @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2025, Miguel Sacristán Izcue + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include +#include +#include + +namespace Web::TrustedTypes { + +class TrustedHTML final : public Bindings::PlatformObject { + WEB_PLATFORM_OBJECT(TrustedHTML, Bindings::PlatformObject); + GC_DECLARE_ALLOCATOR(TrustedHTML); + +public: + virtual ~TrustedHTML() override = default; + + Utf16String const& to_string() const; + Utf16String const& to_json() const; + +private: + explicit TrustedHTML(JS::Realm&, Utf16String); + virtual void initialize(JS::Realm&) override; + + Utf16String const m_data; +}; + +} diff --git a/Libraries/LibWeb/TrustedTypes/TrustedHTML.idl b/Libraries/LibWeb/TrustedTypes/TrustedHTML.idl new file mode 100644 index 00000000000..b13a7562a7e --- /dev/null +++ b/Libraries/LibWeb/TrustedTypes/TrustedHTML.idl @@ -0,0 +1,6 @@ +// https://w3c.github.io/trusted-types/dist/spec/#trusted-html +[Exposed=(Window,Worker)] +interface TrustedHTML { + stringifier; + Utf16DOMString toJSON(); +}; diff --git a/Libraries/LibWeb/idl_files.cmake b/Libraries/LibWeb/idl_files.cmake index 994c837bb30..5dedd37a66d 100644 --- a/Libraries/LibWeb/idl_files.cmake +++ b/Libraries/LibWeb/idl_files.cmake @@ -328,6 +328,7 @@ libweb_js_bindings(Streams/TransformStreamDefaultController) libweb_js_bindings(Streams/WritableStream) libweb_js_bindings(Streams/WritableStreamDefaultController) libweb_js_bindings(Streams/WritableStreamDefaultWriter) +libweb_js_bindings(TrustedTypes/TrustedHTML) libweb_js_bindings(TrustedTypes/TrustedTypePolicyFactory) libweb_js_bindings(SVG/SVGAElement) libweb_js_bindings(SVG/SVGAnimatedEnumeration) diff --git a/Meta/Lagom/Tools/CodeGenerators/LibWeb/BindingsGenerator/IDLGenerators.cpp b/Meta/Lagom/Tools/CodeGenerators/LibWeb/BindingsGenerator/IDLGenerators.cpp index 6c9ab144878..444d0d0b123 100644 --- a/Meta/Lagom/Tools/CodeGenerators/LibWeb/BindingsGenerator/IDLGenerators.cpp +++ b/Meta/Lagom/Tools/CodeGenerators/LibWeb/BindingsGenerator/IDLGenerators.cpp @@ -116,6 +116,7 @@ static bool is_platform_object(Type const& type) "TextMetrics"sv, "TextTrack"sv, "TimeRanges"sv, + "TrustedHTML"sv, "TrustedTypePolicyFactory"sv, "URLSearchParams"sv, "VTTRegion"sv, diff --git a/Tests/LibWeb/Text/expected/all-window-properties.txt b/Tests/LibWeb/Text/expected/all-window-properties.txt index cce9e919f61..311cb31f739 100644 --- a/Tests/LibWeb/Text/expected/all-window-properties.txt +++ b/Tests/LibWeb/Text/expected/all-window-properties.txt @@ -432,6 +432,7 @@ TransformStream TransformStreamDefaultController TransitionEvent TreeWalker +TrustedHTML TrustedTypePolicyFactory TypeError UIEvent