[webkit-changes] [WebKit/WebKit] 7a4725: Implement trusted types enforcement on eval
Luke Warlow
noreply at github.com
Wed May 29 16:50:57 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7a4725b0e7299c17437ca3c94836d430bd741aac
https://github.com/WebKit/WebKit/commit/7a4725b0e7299c17437ca3c94836d430bd741aac
Author: Luke Warlow <lwarlow at igalia.com>
Date: 2024-05-29 (Wed, 29 May 2024)
Changed paths:
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/WorkerGlobalScope-eval-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/WorkerGlobalScope-importScripts-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/csp-block-eval-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-mutate-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-mutate.html
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy.html
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp.html
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/support/WorkerGlobalScope-eval.https.js
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-expected.txt
A LayoutTests/platform/ios/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-expected.txt
M Source/JavaScriptCore/API/JSAPIGlobalObject.cpp
M Source/JavaScriptCore/API/JSAPIGlobalObject.mm
M Source/JavaScriptCore/interpreter/Interpreter.cpp
M Source/JavaScriptCore/jsc.cpp
M Source/JavaScriptCore/runtime/GlobalObjectMethodTable.h
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/JavaScriptCore/runtime/JSGlobalObject.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
M Source/WebCore/bindings/js/JSDOMGlobalObject.h
M Source/WebCore/bindings/js/JSDOMWindowBase.cpp
M Source/WebCore/bindings/js/JSDOMWindowBase.h
M Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.cpp
M Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.h
M Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp
M Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h
M Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp
M Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h
M Source/WebCore/bindings/js/ScriptController.cpp
M Source/WebCore/bindings/js/ScriptController.h
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/Document.h
M Source/WebCore/dom/EmptyScriptExecutionContext.h
M Source/WebCore/dom/ScriptExecutionContext.h
M Source/WebCore/dom/TrustedType.cpp
M Source/WebCore/dom/TrustedType.h
M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
M Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp
M Source/WebCore/workers/WorkerOrWorkletGlobalScope.h
M Source/WebCore/workers/WorkerOrWorkletScriptController.cpp
M Source/WebCore/workers/WorkerOrWorkletScriptController.h
Log Message:
-----------
Implement trusted types enforcement on eval
https://bugs.webkit.org/show_bug.cgi?id=273185
Reviewed by Darin Adler and Justin Michaud.
This patch introduces a new canCompileStrings function to the global object method table.
This function is used in eval for enforcement of trusted types.
It also updates the associated tests to match the latest spec.
A follow up patch will update the Function constructor to use this.
See https://tc39.es/proposal-dynamic-code-brand-checks
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/WorkerGlobalScope-eval-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/WorkerGlobalScope-importScripts-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/csp-block-eval-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-mutate-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-mutate.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/support/WorkerGlobalScope-eval.https.js:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-expected.txt:
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/trusted-types/trusted-types-eval-reporting-expected.txt: Added.
* Source/JavaScriptCore/API/JSAPIGlobalObject.cpp:
(JSC::JSAPIGlobalObject::globalObjectMethodTable):
* Source/JavaScriptCore/API/JSAPIGlobalObject.mm:
(JSC::JSAPIGlobalObject::globalObjectMethodTable):
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::eval):
* Source/JavaScriptCore/jsc.cpp:
* Source/JavaScriptCore/runtime/GlobalObjectMethodTable.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::baseGlobalObjectMethodTable):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::canCompileStrings):
(JSC::JSGlobalObject::requiresTrustedTypes const):
(JSC::JSGlobalObject::setRequiresTrustedTypes):
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/WebCore/bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::canCompileStrings):
* Source/WebCore/bindings/js/JSDOMGlobalObject.h:
* Source/WebCore/bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::globalObjectMethodTable):
(WebCore::JSDOMWindowBase::canCompileStrings):
* Source/WebCore/bindings/js/JSDOMWindowBase.h:
* Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.cpp:
(WebCore::JSShadowRealmGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSShadowRealmGlobalScopeBase::canCompileStrings):
* Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.h:
* Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::JSWorkerGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSWorkerGlobalScopeBase::canCompileStrings):
* Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h:
* Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp:
(WebCore::JSWorkletGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSWorkletGlobalScopeBase::canCompileStrings):
* Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h:
* Source/WebCore/bindings/js/ScriptController.cpp:
(WebCore::ScriptController::setRequiresTrustedTypes):
* Source/WebCore/bindings/js/ScriptController.h:
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::setRequiresTrustedTypes):
* Source/WebCore/dom/Document.h:
* Source/WebCore/dom/EmptyScriptExecutionContext.h:
* Source/WebCore/dom/ScriptExecutionContext.h:
* Source/WebCore/dom/TrustedType.cpp:
(WebCore::canCompile):
* Source/WebCore/dom/TrustedType.h:
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::didCreateWindowProxy const):
(WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext):
* Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp:
(WebCore::WorkerOrWorkletGlobalScope::setRequiresTrustedTypes):
* Source/WebCore/workers/WorkerOrWorkletGlobalScope.h:
* Source/WebCore/workers/WorkerOrWorkletScriptController.cpp:
(WebCore::WorkerOrWorkletScriptController::setRequiresTrustedTypes):
* Source/WebCore/workers/WorkerOrWorkletScriptController.h:
Canonical link: https://commits.webkit.org/279473@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list