LibJS: Implement the Dynamic Code Brand Checks stage 3 proposal

This is an active proposal at stage 3 of the TC39 proposal process. See: https://tc39.es/proposal-dynamic-code-brand-checks/ See: https://github.com/tc39/proposal-dynamic-code-brand-checks This proposal essentially adds support for the TrustedScript type from the Trusted Types specification to eval and Function. This in turn pipes support for the type into the CSP hook to check if the CSP allows dynamic code compilation. However, it currently doesn't support ShadowRealms, so the implementation here is a close approximation, using PerformEval as the basis. See: https://github.com/tc39/proposal-dynamic-code-brand-checks/issues/19 This is required to support the new function signature for the CSP hook, and will allow us to slot in Trusted Types support in the future.
Author: https://github.com/Lubrsi Commit: 3d43462ccd Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/5328 Reviewed-by: https://github.com/ADKaster ✅
2025-07-28 19:59:17 +00:00 · 2024-12-03 10:56:21 +00:00 · 2024-12-03 10:56:21 +00:00 · 3d43462ccd · 2025-07-09 21:54:06 +00:00
commit 3d43462ccd
parent 2368641de5
12 changed files with 176 additions and 111 deletions
--- a/Libraries/LibJS/Runtime/VM.cpp
+++ b/Libraries/LibJS/Runtime/VM.cpp
@ -124,8 +124,20 @@ VM::VM(ErrorMessages error_messages)
        return Vector<String> { "type"_string };
    };

-    // 19.2.1.2 HostEnsureCanCompileStrings ( calleeRealm, parameterStrings, bodyString, direct ), https://tc39.es/ecma262/#sec-hostensurecancompilestrings
-    host_ensure_can_compile_strings = [](Realm&, ReadonlySpan<String>, StringView, EvalMode) -> ThrowCompletionOr<void> {
+    // 1 HostGetCodeForEval ( argument ), https://tc39.es/proposal-dynamic-code-brand-checks/#sec-hostgetcodeforeval
+    host_get_code_for_eval = [](Object const&) -> GC::Ptr<PrimitiveString> {
+        // The host-defined abstract operation HostGetCodeForEval takes argument argument (an Object) and returns a
+        // String or NO-CODE. It allows host environments to return a String of code from argument to be used by eval,
+        // rather than eval returning argument.
+        //
+        // argument represents the Object to be checked for code.
+        //
+        // The default implementation of HostGetCodeForEval is to return NO-CODE.
+        return {};
+    };
+
+    // 2 HostEnsureCanCompileStrings ( calleeRealm, parameterStrings, bodyString, codeString, compilationType, parameterArgs, bodyArg ), https://tc39.es/proposal-dynamic-code-brand-checks/#sec-hostensurecancompilestrings
+    host_ensure_can_compile_strings = [](Realm&, ReadonlySpan<String>, StringView, StringView, CompilationType, ReadonlySpan<Value>, Value) -> ThrowCompletionOr<void> {
        // The host-defined abstract operation HostEnsureCanCompileStrings takes arguments calleeRealm (a Realm Record),
        // parameterStrings (a List of Strings), bodyString (a String), and direct (a Boolean) and returns either a normal
        // completion containing unused or a throw completion.