diff --git a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.cpp b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.cpp index 096bbfa6b59..e68bec7a41e 100644 --- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.cpp +++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.cpp @@ -9,13 +9,16 @@ #include #include #include +#include namespace Web::TrustedTypes { GC_DEFINE_ALLOCATOR(TrustedTypePolicy); -TrustedTypePolicy::TrustedTypePolicy(JS::Realm& realm) +TrustedTypePolicy::TrustedTypePolicy(JS::Realm& realm, String const& name, TrustedTypePolicyOptions const& options) : PlatformObject(realm) + , m_name(name) + , m_options(options) { } diff --git a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.h b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.h index f33471ae801..3adc2058d80 100644 --- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.h +++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.h @@ -26,8 +26,11 @@ public: virtual ~TrustedTypePolicy() override = default; private: - explicit TrustedTypePolicy(JS::Realm&); + explicit TrustedTypePolicy(JS::Realm&, String const&, TrustedTypePolicyOptions const&); virtual void initialize(JS::Realm&) override; + + String const m_name; + TrustedTypePolicyOptions const m_options; }; } diff --git a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp index 44ca95ba0af..1e8047143be 100644 --- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp +++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp @@ -9,13 +9,19 @@ #include #include #include +#include +#include +#include #include #include +#include #include #include #include #include #include +#include +#include namespace Web::TrustedTypes { @@ -133,6 +139,23 @@ void TrustedTypePolicyFactory::initialize(JS::Realm& realm) Base::initialize(realm); } +void TrustedTypePolicyFactory::visit_edges(Visitor& visitor) +{ + Base::visit_edges(visitor); + visitor.visit(m_default_policy); +} + +// https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-createpolicy +WebIDL::ExceptionOr> TrustedTypePolicyFactory::create_policy(String const& policy_name, TrustedTypePolicyOptions const& policy_options) +{ + // 1. Returns the result of executing a Create a Trusted Type Policy algorithm, with the following arguments: + // factory: this value + // policyName: policyName + // options: policyOptions + // global: this value’s relevant global object + return create_a_trusted_type_policy(policy_name, policy_options, HTML::relevant_global_object(*this)); +} + // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-ishtml bool TrustedTypePolicyFactory::is_html(JS::Value value) { @@ -140,6 +163,39 @@ bool TrustedTypePolicyFactory::is_html(JS::Value value) return value.is_object() && is(value.as_object()); } +// https://w3c.github.io/trusted-types/dist/spec/#create-trusted-type-policy-algorithm +WebIDL::ExceptionOr> TrustedTypePolicyFactory::create_a_trusted_type_policy(String const& policy_name, TrustedTypePolicyOptions const& options, JS::Object&) +{ + auto& realm = this->realm(); + + // TODO + // 1. Let allowedByCSP be the result of executing Should Trusted Type policy creation be blocked by Content Security Policy? algorithm with global, policyName and factory’s created policy names value. + auto const allowed_by_csp = ContentSecurityPolicy::Directives::Directive::Result::Blocked; + + // 2. If allowedByCSP is "Blocked", throw a TypeError and abort further steps. + if (allowed_by_csp == ContentSecurityPolicy::Directives::Directive::Result::Blocked) + return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, MUST(String::formatted("Content Security Policy blocked the creation of the policy {}", policy_name)) }; + + // 3. If policyName is default and the factory’s default policy value is not null, throw a TypeError and abort further steps. + if (policy_name == "default"sv && m_default_policy) + return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Policy Factory already has a default value defined"_string }; + + // 4. Let policy be a new TrustedTypePolicy object. + // 5. Set policy’s name property value to policyName. + // 6. Set policy’s options value to «[ "createHTML" -> options["createHTML", "createScript" -> options["createScript", "createScriptURL" -> options["createScriptURL" ]». + auto const policy = realm.create(realm, policy_name, options); + + // 7. If the policyName is default, set the factory’s default policy value to policy. + if (policy_name == "default"sv) + m_default_policy = policy; + + // 8. Append policyName to factory’s created policy names. + m_created_policy_names.append(policy_name); + + // 9. Return policy. + return policy; +} + // https://w3c.github.io/trusted-types/dist/spec/#abstract-opdef-get-trusted-type-data-for-attribute Optional get_trusted_type_data_for_attribute(String const& element, String const& attribute, Optional const& attribute_ns) { diff --git a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h index d3f3bcca0d5..81fb07f6478 100644 --- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h +++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h @@ -9,6 +9,7 @@ #include #include #include +#include namespace Web::TrustedTypes { @@ -21,16 +22,31 @@ public: virtual ~TrustedTypePolicyFactory() override { } + WebIDL::ExceptionOr> create_policy(String const&, TrustedTypePolicyOptions const&); + bool is_html(JS::Value); Optional get_attribute_type(String const& tag_name, String& attribute, Optional element_ns, Optional attr_ns); Optional get_property_type(String const& tag_name, String const& property, Optional element_ns); + GC::Ptr default_policy() const + { + return m_default_policy; + } + private: explicit TrustedTypePolicyFactory(JS::Realm&); - virtual void initialize(JS::Realm&) override; + virtual void initialize(JS::Realm&) override; + virtual void visit_edges(Visitor&) override; + + WebIDL::ExceptionOr> create_a_trusted_type_policy(String const&, TrustedTypePolicyOptions const&, JS::Object&); + + // https://w3c.github.io/trusted-types/dist/spec/#trustedtypepolicyfactory-created-policy-names Vector m_created_policy_names; + + // https://w3c.github.io/trusted-types/dist/spec/#trustedtypepolicyfactory-default-policy + GC::Ptr m_default_policy; }; struct TrustedTypeData { diff --git a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.idl b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.idl index 9ea816b8d0a..74a93d2ab40 100644 --- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.idl +++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.idl @@ -1,7 +1,9 @@ +#import + // https://w3c.github.io/trusted-types/dist/spec/#trustedtypepolicyfactory [Exposed=(Window,Worker)] interface TrustedTypePolicyFactory { - [FIXME] TrustedTypePolicy createPolicy( + TrustedTypePolicy createPolicy( DOMString policyName, optional TrustedTypePolicyOptions policyOptions = {}); boolean isHTML(any value); [FIXME] boolean isScript(any value); @@ -17,5 +19,5 @@ interface TrustedTypePolicyFactory { DOMString tagName, DOMString property, optional DOMString? elementNs = ""); - [FIXME] readonly attribute TrustedTypePolicy? defaultPolicy; + readonly attribute TrustedTypePolicy? defaultPolicy; };