[webkit-changes] [WebKit/WebKit] 152e92: Implement trusted types enforcement on Function co...
Luke Warlow
noreply at github.com
Mon Dec 16 13:01:13 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 152e920a5ac26047b9103bd750367343205e7752
https://github.com/WebKit/WebKit/commit/152e920a5ac26047b9103bd750367343205e7752
Author: Luke Warlow <lwarlow at igalia.com>
Date: 2024-12-16 (Mon, 16 Dec 2024)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-clips-sample.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-mutate-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor.html
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt
M Source/JavaScriptCore/API/JSAPIGlobalObject.cpp
M Source/JavaScriptCore/API/JSAPIGlobalObject.mm
M Source/JavaScriptCore/debugger/DebuggerEvalEnabler.h
M Source/JavaScriptCore/interpreter/Interpreter.cpp
M Source/JavaScriptCore/jsc.cpp
M Source/JavaScriptCore/runtime/DirectEvalExecutable.cpp
M Source/JavaScriptCore/runtime/FunctionConstructor.cpp
M Source/JavaScriptCore/runtime/GlobalObjectMethodTable.h
M Source/JavaScriptCore/runtime/IndirectEvalExecutable.cpp
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/JavaScriptCore/runtime/JSGlobalObject.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
M Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
M Source/WebCore/bindings/js/JSDOMGlobalObject.h
M Source/WebCore/bindings/js/JSDOMWindowBase.cpp
M Source/WebCore/bindings/js/JSDOMWindowBase.h
M Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.cpp
M Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.h
M Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp
M Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h
M Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp
M Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h
M Source/WebCore/dom/TrustedType.cpp
M Source/WebCore/dom/TrustedType.h
Log Message:
-----------
Implement trusted types enforcement on Function constructor
https://bugs.webkit.org/show_bug.cgi?id=273187
Reviewed by Yusuke Suzuki.
This patch adds trusted types enforcement to the Function constructor as well as updating the eval implementation.
The canCompileStrings global method table function no longer takes a JSValue argument,
this is because it is now only called for untrusted input from eval.
The implementation of TT enforcement for both direct and indirect eval is updated to do more work in JSC.
The structure of the TrustedScript type is used by JSC to determine if an object should be evaluated,
rather than always calling codeForEval. Only if the structures don't match is codeForEval called, this can happen
if someone changes the instance properties such as for polyfills.
The canCompileStrings call is now only done if the input is known
to be untrusted (raw string rather than TrustedScript argument).
The Function constructor is now also updated such that when TT enforcement is enabled through CSP, similar logic
comparing the arguments to the TrustedScript structure is used.
If not all of the arguments match the structure then they're not trusted so we fallback to calling canCompileStrings,
with a new ArgList atgument.
The ArgList is used to check if the arguments are modified trusted script objects, which are accepted providing the
stringifier isn't modified.
DebuggerEvalEnabler is also updated to disable trusted types and re-enable it, so that
web inspector can continue working on sites with TT enforced.
* LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-clips-sample.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-mutate-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt:
* Source/JavaScriptCore/API/JSAPIGlobalObject.cpp:
(JSC::JSAPIGlobalObject::globalObjectMethodTable):
* Source/JavaScriptCore/API/JSAPIGlobalObject.mm:
(JSC::JSAPIGlobalObject::globalObjectMethodTable):
* Source/JavaScriptCore/debugger/DebuggerEvalEnabler.h:
(JSC::DebuggerEvalEnabler::DebuggerEvalEnabler):
(JSC::DebuggerEvalEnabler::~DebuggerEvalEnabler):
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::eval):
* Source/JavaScriptCore/jsc.cpp:
* Source/JavaScriptCore/runtime/DirectEvalExecutable.cpp:
(JSC::DirectEvalExecutable::create):
* Source/JavaScriptCore/runtime/FunctionConstructor.cpp:
(JSC::constructFunction):
* Source/JavaScriptCore/runtime/GlobalObjectMethodTable.h:
* Source/JavaScriptCore/runtime/IndirectEvalExecutable.cpp:
(JSC::IndirectEvalExecutable::createImpl):
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::baseGlobalObjectMethodTable):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildrenImpl):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::arrayIteratorStructure const):
(JSC::JSGlobalObject::trustedScriptStructure):
(JSC::JSGlobalObject::reportViolationForUnsafeEval):
(JSC::JSGlobalObject::canCompileStrings):
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/WebCore/bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::codeForEval):
(WebCore::JSDOMGlobalObject::canCompileStrings):
(WebCore::JSDOMGlobalObject::trustedScriptStructure):
* Source/WebCore/bindings/js/JSDOMGlobalObject.h:
* Source/WebCore/bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::globalObjectMethodTable):
(WebCore::JSDOMWindowBase::reportViolationForUnsafeEval):
(WebCore::JSDOMWindowBase::codeForEval): Deleted.
(WebCore::JSDOMWindowBase::canCompileStrings): Deleted.
* Source/WebCore/bindings/js/JSDOMWindowBase.h:
* Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.cpp:
(WebCore::JSShadowRealmGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSShadowRealmGlobalScopeBase::reportViolationForUnsafeEval):
(WebCore::JSShadowRealmGlobalScopeBase::codeForEval): Deleted.
(WebCore::JSShadowRealmGlobalScopeBase::canCompileStrings): Deleted.
* Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.h:
* Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::JSWorkerGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSWorkerGlobalScopeBase::reportViolationForUnsafeEval):
(WebCore::JSWorkerGlobalScopeBase::codeForEval): Deleted.
(WebCore::JSWorkerGlobalScopeBase::canCompileStrings): Deleted.
* Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h:
* Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp:
(WebCore::JSWorkletGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSWorkletGlobalScopeBase::reportViolationForUnsafeEval):
(WebCore::JSWorkletGlobalScopeBase::codeForEval): Deleted.
(WebCore::JSWorkletGlobalScopeBase::canCompileStrings): Deleted.
* Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h:
* Source/WebCore/dom/TrustedType.cpp:
(WebCore::canCompile):
* Source/WebCore/dom/TrustedType.h:
* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations: Remove TrustedType.cpp because the file has been fixed.
Canonical link: https://commits.webkit.org/287909@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list