[webkit-changes] [WebKit/WebKit] f33204: Implement trusted types enforcement for script ele...

Wed May 22 04:01:07 PDT 2024

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: f33204d52243ae13948a2dee417d69e25442c2d8
      https://github.com/WebKit/WebKit/commit/f33204d52243ae13948a2dee417d69e25442c2d8
  Author: Luke Warlow <lwarlow at igalia.com>
  Date:   2024-05-22 (Wed, 22 May 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-Node-multiple-arguments-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-text-node-insertion-into-script-element-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-report-only-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-svg-script-expected.txt
    M Source/WebCore/dom/ScriptElement.cpp
    M Source/WebCore/dom/ScriptElement.h
    M Source/WebCore/html/HTMLScriptElement.cpp
    M Source/WebCore/html/HTMLScriptElement.h
    M Source/WebCore/svg/SVGScriptElement.cpp
    M Source/WebCore/svg/SVGScriptElement.h

  Log Message:
  -----------
  Implement trusted types enforcement for script elements
https://bugs.webkit.org/show_bug.cgi?id=269365

Reviewed by Darin Adler and Ryosuke Niwa.

Add script text string to script element. This is used to ensure that script elements can't be manipulated in untrusted ways.

See https://w3c.github.io/trusted-types/dist/spec/#htmlscriptelement-script-text and https://w3c.github.io/trusted-types/dist/spec/#slot-value-verification

* LayoutTests/TestExpectations:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-Node-multiple-arguments-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-text-node-insertion-into-script-element-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-svg-script-expected.txt:
* Source/WebCore/dom/ScriptElement.cpp:
(WebCore::ScriptElement::finishParsingChildren):
(WebCore::ScriptElement::prepareScript):
(WebCore::ScriptElement::setTrustedScriptText):
* Source/WebCore/dom/ScriptElement.h:
* Source/WebCore/html/HTMLScriptElement.cpp:
(WebCore::HTMLScriptElement::finishParsingChildren):
(WebCore::HTMLScriptElement::setTextContent):
(WebCore::HTMLScriptElement::setInnerText):
* Source/WebCore/html/HTMLScriptElement.h:
* Source/WebCore/svg/SVGScriptElement.cpp:
(WebCore::SVGScriptElement::finishParsingChildren):
* Source/WebCore/svg/SVGScriptElement.h:

Canonical link: https://commits.webkit.org/279117@main

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications