[webkit-changes] [WebKit/WebKit] 6c98f5: Implement parsing for trusted-types and require-tr...

Luke Warlow noreply at github.com
Thu Feb 1 03:37:25 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 6c98f5233c675be7ea9333a0cbb7496894af968a
      https://github.com/WebKit/WebKit/commit/6c98f5233c675be7ea9333a0cbb7496894af968a
  Author: Luke Warlow <lwarlow at igalia.com>
  Date:   2024-02-01 (Thu, 01 Feb 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/DOMWindowTimers-setTimeout-setInterval-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/GlobalEventHandlers-onclick-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLElement-generic-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-in-xhtml-document.tentative.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicy-CSP-no-name-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-blocking-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-noNamesGiven-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-skip-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-nameTests-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-metadata-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-Document-execCommand-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-Node-multiple-arguments-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-DOMParser-parseFromString-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Element-insertAdjacentHTML-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Element-outerHTML-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Element-setAttribute-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Element-setAttributeNS-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-HTMLElement-generic-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Range-createContextualFragment-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-attribute-via-attribute-node-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-text-node-insertion-into-script-element-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/csp-block-eval-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/default-policy-callback-arguments-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/default-policy-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/default-policy-report-only-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/empty-default-policy-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/empty-default-policy-report-only-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/require-trusted-types-for-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/require-trusted-types-for-report-only-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-createHTMLDocument-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-report-only-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-no-unsafe-eval-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-report-only-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-from-literal-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-navigation-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-report-only-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-check-report-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-source-file-path-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-svg-script-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-tojson-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/tt-block-eval-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/worker-constructor.https-expected.txt
    M Source/WebCore/Sources.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicy.h
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h
    A Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp
    A Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.h

  Log Message:
  -----------
  Implement parsing for trusted-types and require-trusted-types-for CSP directives
https://bugs.webkit.org/show_bug.cgi?id=267587

Reviewed by Brent Fulgham.

Implements parsing for the directives from the trusted types API.
These directives aren't wired up to actually report violations yet.

Spec: https://w3c.github.io/trusted-types/dist/spec/#integration-with-content-security-policy

* LayoutTests/imported/w3c/web-platform-tests/trusted-types/DOMWindowTimers-setTimeout-setInterval-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/GlobalEventHandlers-onclick-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLElement-generic-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-in-xhtml-document.tentative.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicy-CSP-no-name-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-blocking-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-noNamesGiven-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-skip-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-nameTests-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-metadata-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-Document-execCommand-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-Node-multiple-arguments-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-DOMParser-parseFromString-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Element-insertAdjacentHTML-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Element-outerHTML-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Element-setAttribute-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Element-setAttributeNS-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-HTMLElement-generic-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Range-createContextualFragment-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-attribute-via-attribute-node-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-text-node-insertion-into-script-element-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/csp-block-eval-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/default-policy-callback-arguments-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/default-policy-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/empty-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/empty-default-policy-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/require-trusted-types-for-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/require-trusted-types-for-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-createHTMLDocument-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-no-unsafe-eval-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-from-literal-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-navigation-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-check-report-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-source-file-path-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-svg-script-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-tojson-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/tt-block-eval-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/worker-constructor.https-expected.txt:
* Source/WebCore/Sources.txt:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::reportInvalidTrustedTypesPolicy const):
(WebCore::ContentSecurityPolicy::reportInvalidTrustedTypesNoneKeyword const):
(WebCore::ContentSecurityPolicy::reportInvalidTrustedTypesSinkGroup const):
(WebCore::ContentSecurityPolicy::reportEmptyRequireTrustedTypesForDirective const):
* Source/WebCore/page/csp/ContentSecurityPolicy.h:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::parseRequireTrustedTypesFor):
(WebCore::ContentSecurityPolicyDirectiveList::addDirective):
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h:
* Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp: Added.
(WebCore::isTrustedTypesNone):
(WebCore::isTrustedTypeCharacter):
(WebCore::isPolicyNameCharacter):
(WebCore::ContentSecurityPolicyTrustedTypesDirective::ContentSecurityPolicyTrustedTypesDirective):
(WebCore::ContentSecurityPolicyTrustedTypesDirective::allows const):
(WebCore::ContentSecurityPolicyTrustedTypesDirective::parse):
* Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.h: Copied from Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h.

Canonical link: https://commits.webkit.org/273894@main




More information about the webkit-changes mailing list