[webkit-changes] [WebKit/WebKit] 5e0f9b: Implement eval support for TrustedScript objects

Luke Warlow noreply at github.com
Thu May 23 07:51:17 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 5e0f9b3cfb2b1ec21b3481b9c09ba763aa32a119
      https://github.com/WebKit/WebKit/commit/5e0f9b3cfb2b1ec21b3481b9c09ba763aa32a119
  Author: Luke Warlow <lwarlow at igalia.com>
  Date:   2024-05-23 (Thu, 23 May 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/WorkerGlobalScope-eval-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/WorkerGlobalScope-eval.html
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/csp-block-eval-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/csp-block-eval.html
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-no-tt-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-no-tt.html
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy.html
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy.html
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-no-csp-no-tt-default-policy-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-no-csp-no-tt-default-policy.html
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-no-csp-no-tt-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-no-csp-no-tt.html
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp.html
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/support/WorkerGlobalScope-eval.https.js
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting.html
    M LayoutTests/platform/wincairo/TestExpectations
    M Source/JavaScriptCore/API/JSAPIGlobalObject.cpp
    M Source/JavaScriptCore/API/JSAPIGlobalObject.mm
    M Source/JavaScriptCore/interpreter/Interpreter.cpp
    M Source/JavaScriptCore/jsc.cpp
    M Source/JavaScriptCore/runtime/GlobalObjectMethodTable.h
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h
    M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
    M Source/JavaScriptCore/runtime/OptionsList.h
    M Source/WebCore/bindings/js/JSDOMWindowBase.cpp
    M Source/WebCore/bindings/js/JSDOMWindowBase.h
    M Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.cpp
    M Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.h
    M Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp
    M Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h
    M Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp
    M Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h

  Log Message:
  -----------
  Implement eval support for TrustedScript objects
https://bugs.webkit.org/show_bug.cgi?id=273184

Reviewed by Ryosuke Niwa and Justin Michaud.

This patch introduces a new codeForEval function to the global object method table.
The eval code is updated to check if an object has associated code instead of always returning the object.
Add test coverage for indirect evals.

See https://tc39.es/proposal-dynamic-code-brand-checks/

* LayoutTests/TestExpectations:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/WorkerGlobalScope-eval-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/WorkerGlobalScope-eval.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/csp-block-eval-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/csp-block-eval.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-no-tt-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-no-tt.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-no-csp-no-tt-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-no-csp-no-tt-default-policy.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-no-csp-no-tt-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-no-csp-no-tt.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/support/WorkerGlobalScope-eval.https.js:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting.html:
* Source/JavaScriptCore/API/JSAPIGlobalObject.cpp:
(JSC::JSAPIGlobalObject::globalObjectMethodTable):
* Source/JavaScriptCore/API/JSAPIGlobalObject.mm:
(JSC::JSAPIGlobalObject::globalObjectMethodTable):
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::eval):
* Source/JavaScriptCore/jsc.cpp:
* Source/JavaScriptCore/runtime/GlobalObjectMethodTable.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::baseGlobalObjectMethodTable):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::codeForEval):
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/OptionsList.h:
* Source/WebCore/bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::globalObjectMethodTable):
(WebCore::JSDOMWindowBase::codeForEval):
* Source/WebCore/bindings/js/JSDOMWindowBase.h:
* Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.cpp:
(WebCore::JSShadowRealmGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSShadowRealmGlobalScopeBase::codeForEval):
* Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.h:
* Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::JSWorkerGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSWorkerGlobalScopeBase::codeForEval):
* Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h:
* Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp:
(WebCore::JSWorkletGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSWorkletGlobalScopeBase::codeForEval):
* Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h:
* LayoutTests/platform/wincairo/TestExpectations:

Canonical link: https://commits.webkit.org/279194@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list