diff --git a/Libraries/LibWeb/CMakeLists.txt b/Libraries/LibWeb/CMakeLists.txt index 21247544e10..b0a12497724 100644 --- a/Libraries/LibWeb/CMakeLists.txt +++ b/Libraries/LibWeb/CMakeLists.txt @@ -921,6 +921,7 @@ set(SOURCES SVG/SVGUseElement.cpp SVG/SVGViewElement.cpp SVG/TagNames.cpp + TrustedTypes/InjectionSink.cpp TrustedTypes/TrustedHTML.cpp TrustedTypes/TrustedScript.cpp TrustedTypes/TrustedScriptURL.cpp diff --git a/Libraries/LibWeb/DOM/Document.cpp b/Libraries/LibWeb/DOM/Document.cpp index fdbe3b592d7..6d7f68d0ca8 100644 --- a/Libraries/LibWeb/DOM/Document.cpp +++ b/Libraries/LibWeb/DOM/Document.cpp @@ -637,14 +637,14 @@ GC::Ptr Document::get_selection() const WebIDL::ExceptionOr Document::write(Vector const& text) { // The document.write(...text) method steps are to run the document write steps with this, text, false, and "Document write". - return run_the_document_write_steps(text, AddLineFeed::No, TrustedTypes::InjectionSink::DocumentWrite); + return run_the_document_write_steps(text, AddLineFeed::No, TrustedTypes::InjectionSink::Documentwrite); } // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-document-writeln WebIDL::ExceptionOr Document::writeln(Vector const& text) { // The document.writeln(...text) method steps are to run the document write steps with this, text, true, and "Document writeln". - return run_the_document_write_steps(text, AddLineFeed::Yes, TrustedTypes::InjectionSink::DocumentWriteln); + return run_the_document_write_steps(text, AddLineFeed::Yes, TrustedTypes::InjectionSink::Documentwriteln); } // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-write-steps diff --git a/Libraries/LibWeb/HTML/GlobalEventHandlers.h b/Libraries/LibWeb/HTML/GlobalEventHandlers.h index 64a3cc4332c..c75c59e67da 100644 --- a/Libraries/LibWeb/HTML/GlobalEventHandlers.h +++ b/Libraries/LibWeb/HTML/GlobalEventHandlers.h @@ -7,6 +7,7 @@ #pragma once #include +#include #include #include diff --git a/Libraries/LibWeb/TrustedTypes/InjectionSink.cpp b/Libraries/LibWeb/TrustedTypes/InjectionSink.cpp new file mode 100644 index 00000000000..330bda64c72 --- /dev/null +++ b/Libraries/LibWeb/TrustedTypes/InjectionSink.cpp @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2025, Miguel Sacristán Izcue + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +#include + +namespace Web::TrustedTypes { + +Utf16String to_string(InjectionSink sink) +{ + switch (sink) { +#define __ENUMERATE_INJECTION_SINKS(name, value) \ + case InjectionSink::name: \ + return value##_utf16; + ENUMERATE_INJECTION_SINKS +#undef __ENUMERATE_INJECTION_SINKS + default: + VERIFY_NOT_REACHED(); + } +} + +} diff --git a/Libraries/LibWeb/TrustedTypes/InjectionSink.h b/Libraries/LibWeb/TrustedTypes/InjectionSink.h index ac05299dc36..35f8127cfbe 100644 --- a/Libraries/LibWeb/TrustedTypes/InjectionSink.h +++ b/Libraries/LibWeb/TrustedTypes/InjectionSink.h @@ -6,13 +6,32 @@ #pragma once +#include +#include +#include + namespace Web::TrustedTypes { +#define EVENT_HANDLERS_INJECTION_SINKS(attribute_name, event_name) \ + __ENUMERATE_INJECTION_SINKS(Element##attribute_name, "Element " #attribute_name) + // https://w3c.github.io/trusted-types/dist/spec/#injection-sink +#define ENUMERATE_INJECTION_SINKS \ + __ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write") \ + __ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln") \ + __ENUMERATE_INJECTION_SINKS(Function, "Function") \ + __ENUMERATE_INJECTION_SINKS(HTMLIFrameElementsrcdoc, "HTMLIFrameElement srcdoc") \ + __ENUMERATE_INJECTION_SINKS(HTMLScriptElementsrc, "HTMLScriptElement src") \ + __ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href") \ + ENUMERATE_GLOBAL_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS) \ + ENUMERATE_WINDOW_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS) + enum class InjectionSink { - DocumentWrite, - DocumentWriteln, - Function, +#define __ENUMERATE_INJECTION_SINKS(name, value) name, + ENUMERATE_INJECTION_SINKS +#undef __ENUMERATE_INJECTION_SINKS }; +Utf16String to_string(InjectionSink sink); + } diff --git a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp index 28d8259369f..38b29a12fab 100644 --- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp +++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp @@ -319,7 +319,7 @@ Optional get_trusted_type_data_for_attribute(Utf16String const& #define __ENUMERATE(attribute_name, event_name) \ if (attribute == HTML::AttributeNames::attribute_name) { \ /* 1. Return (Element, null, attribute, TrustedScript, "Element " + attribute). */ \ - return TrustedTypeData { "Element"_utf16, {}, attribute, TrustedTypeName::TrustedScript, "Element " #attribute_name ""_utf16 }; \ + return TrustedTypeData { "Element"_utf16, {}, attribute.to_utf8(), TrustedTypeName::TrustedScript, InjectionSink::Element##attribute_name }; \ } ENUMERATE_GLOBAL_EVENT_HANDLERS(__ENUMERATE) ENUMERATE_WINDOW_EVENT_HANDLERS(__ENUMERATE) @@ -327,10 +327,10 @@ Optional get_trusted_type_data_for_attribute(Utf16String const& } static Vector const table { - { "HTMLIFrameElement"_utf16, {}, "srcdoc"_utf16, TrustedTypeName::TrustedHTML, "HTMLIFrameElement srcdoc"_utf16 }, - { "HTMLScriptElement"_utf16, {}, "src"_utf16, TrustedTypeName::TrustedScriptURL, "HTMLScriptElement src"_utf16 }, - { "SVGScriptElement"_utf16, {}, "href"_utf16, TrustedTypeName::TrustedScriptURL, "SVGScriptElement href"_utf16 }, - { "SVGScriptElement"_utf16, Utf16String::from_utf8(Namespace::XLink), "href"_utf16, TrustedTypeName::TrustedScriptURL, "SVGScriptElement href"_utf16 }, + { "HTMLIFrameElement"_utf16, {}, HTML::AttributeNames::srcdoc, TrustedTypeName::TrustedHTML, InjectionSink::HTMLIFrameElementsrcdoc }, + { "HTMLScriptElement"_utf16, {}, HTML::AttributeNames::src, TrustedTypeName::TrustedScriptURL, InjectionSink::HTMLScriptElementsrc }, + { "SVGScriptElement"_utf16, {}, HTML::AttributeNames::href, TrustedTypeName::TrustedScriptURL, InjectionSink::SVGScriptElementhref }, + { "SVGScriptElement"_utf16, Utf16String::from_utf8(Namespace::XLink), HTML::AttributeNames::href, TrustedTypeName::TrustedScriptURL, InjectionSink::SVGScriptElementhref }, }; // 3. Find the row in the following table, where element is in the first column, attributeNs is in the second column, diff --git a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h index 571e8119d0c..ae4627c84fa 100644 --- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h +++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h @@ -10,6 +10,7 @@ #include #include #include +#include #include namespace Web::TrustedTypes { @@ -63,9 +64,9 @@ private: struct TrustedTypeData { Utf16String element; Optional attribute_ns; - Utf16String attribute_local_name; + FlyString attribute_local_name; TrustedTypeName trusted_type; - Utf16String sink; + InjectionSink sink; }; Optional get_trusted_type_data_for_attribute(Utf16String const&, Utf16String const&, Optional const&);