[webkit-changes] [WebKit/WebKit] 142d2a: Implement enforcement of `trusted-types` CSP direc...

Luke Warlow noreply at github.com
Wed Feb 7 18:56:34 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 142d2a80207e10069b36196a19a83cda6b96223d
      https://github.com/WebKit/WebKit/commit/142d2a80207e10069b36196a19a83cda6b96223d
  Author: Luke Warlow <lwarlow at igalia.com>
  Date:   2024-02-07 (Wed, 07 Feb 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicy-CSP-no-name-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-noNamesGiven-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-nameTests-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-report-only-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-check-report-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-expected.txt
    M Source/WebCore/dom/TrustedTypePolicyFactory.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicy.h
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h
    M Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.h

  Log Message:
  -----------
  Implement enforcement of `trusted-types` CSP directive
https://bugs.webkit.org/show_bug.cgi?id=267632

Reviewed by Youenn Fablet.

This updates the trusted types policy creation code to validate that it's allowed by CSP.

* LayoutTests/TestExpectations:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicy-CSP-no-name-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-noNamesGiven-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-nameTests-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-check-report-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-expected.txt:
* Source/WebCore/dom/TrustedTypePolicyFactory.cpp:
(WebCore::TrustedTypePolicyFactory::createPolicy):
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowTrustedTypesPolicy const):
(WebCore::ContentSecurityPolicy::reportViolation const):
* Source/WebCore/page/csp/ContentSecurityPolicy.h:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForTrustedTypesPolicy const):
(WebCore::ContentSecurityPolicyDirectiveList::shouldReportSample const):
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h:
* Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp:
(WebCore::ContentSecurityPolicyTrustedTypesDirective::allows const):
* Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.h:

Canonical link: https://commits.webkit.org/274263@main

More information about the webkit-changes mailing list