LibWeb: Hook TrustedTypes to the ServiceWorkers api

Author: https://github.com/tete17 Commit: 18199f8f2a Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/6424 Reviewed-by: https://github.com/Lubrsi ✅ Reviewed-by: https://github.com/tcl3
2025-10-19 07:33:20 +00:00 · 2025-10-06 18:21:57 +02:00 · 2025-10-06 18:21:57 +02:00 · 18199f8f2a · 2025-10-13 12:23:16 +00:00
commit 18199f8f2a
parent 74aa7e8a82
4 changed files with 34 additions and 22 deletions
--- a/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.cpp
+++ b/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.cpp
@ -18,6 +18,9 @@
 #include <LibWeb/ServiceWorker/ServiceWorkerContainer.h>
 #include <LibWeb/ServiceWorker/ServiceWorkerRegistration.h>
 #include <LibWeb/StorageAPI/StorageKey.h>
+#include <LibWeb/TrustedTypes/RequireTrustedTypesForDirective.h>
+#include <LibWeb/TrustedTypes/TrustedScriptURL.h>
+#include <LibWeb/TrustedTypes/TrustedTypePolicy.h>

 namespace Web::ServiceWorker {

@ -49,7 +52,7 @@ GC::Ref<ServiceWorkerContainer> ServiceWorkerContainer::create(JS::Realm& realm)
 }

 // https://w3c.github.io/ServiceWorker/#navigator-service-worker-register
-GC::Ref<WebIDL::Promise> ServiceWorkerContainer::register_(String script_url, RegistrationOptions const& options)
+GC::Ref<WebIDL::Promise> ServiceWorkerContainer::register_(TrustedTypes::TrustedScriptURLOrString script_url, RegistrationOptions const& options)
 {
    auto& realm = this->realm();
    // Note: The register(scriptURL, options) method creates or updates a service worker registration for the given scope url.
@ -59,15 +62,21 @@ GC::Ref<WebIDL::Promise> ServiceWorkerContainer::register_(String script_url, Re
    // 1. Let p be a promise.
    auto p = WebIDL::create_promise(realm);

-    // FIXME: 2. Set scriptURL to the result of invoking Get Trusted Type compliant string with TrustedScriptURL,
+    // 2. Set scriptURL to the result of invoking Get Trusted Type compliant string with TrustedScriptURL,
    //    this's relevant global object, scriptURL, "ServiceWorkerContainer register", and "script".
+    auto const compliant_script_url = MUST(TrustedTypes::get_trusted_type_compliant_string(
+        TrustedTypes::TrustedTypeName::TrustedScriptURL,
+        HTML::relevant_global_object(*this),
+        script_url,
+        TrustedTypes::InjectionSink::ServiceWorkerContainerregister,
+        TrustedTypes::Script.to_string()));

    // 3 Let client be this's service worker client.
    auto client = m_service_worker_client;

    // 4. Let scriptURL be the result of parsing scriptURL with this's relevant settings object’s API base URL.
    auto base_url = HTML::relevant_settings_object(*this).api_base_url();
-    auto parsed_script_url = DOMURL::parse(script_url, base_url);
+    auto parsed_script_url = DOMURL::parse(compliant_script_url.to_utf8_but_should_be_ported_to_utf16(), base_url);

    // 5. Let scopeURL be null.
    Optional<URL::URL> scope_url;
--- a/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.h
+++ b/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.h
@ -10,6 +10,8 @@
 #include <LibWeb/Bindings/ServiceWorkerRegistrationPrototype.h>
 #include <LibWeb/Bindings/WorkerPrototype.h>
 #include <LibWeb/DOM/EventTarget.h>
+#include <LibWeb/TrustedTypes/TrustedScript.h>
+#include <LibWeb/TrustedTypes/TrustedScriptURL.h>
 #include <LibWeb/WebIDL/ExceptionOr.h>
 #include <LibWeb/WebIDL/Promise.h>

@ -34,7 +36,7 @@ public:
    [[nodiscard]] static GC::Ref<ServiceWorkerContainer> create(JS::Realm& realm);
    virtual ~ServiceWorkerContainer() override;

-    GC::Ref<WebIDL::Promise> register_(String script_url, RegistrationOptions const& options);
+    GC::Ref<WebIDL::Promise> register_(TrustedTypes::TrustedScriptURLOrString script_url, RegistrationOptions const& options);

    GC::Ref<WebIDL::Promise> get_registration(String const& client_url);

--- a/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.idl
+++ b/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.idl
@ -2,6 +2,7 @@
 #import <DOM/EventHandler.idl>
 #import <HTML/Worker.idl>
 #import <ServiceWorker/ServiceWorkerRegistration.idl>
+#import <TrustedTypes/TrustedScriptURL.idl>

 // https://w3c.github.io/ServiceWorker/#serviceworkercontainer-interface
 [SecureContext, Exposed=(Window,Worker)]
@ -9,8 +10,7 @@ interface ServiceWorkerContainer : EventTarget {
    [FIXME] readonly attribute ServiceWorker? controller;
    [FIXME] readonly attribute Promise<ServiceWorkerRegistration> ready;

-    // FIXME: [NewObject] Promise<ServiceWorkerRegistration> register((TrustedScriptURL or USVString) scriptURL, optional RegistrationOptions options = {});
-    [NewObject, ImplementedAs=register_] Promise<ServiceWorkerRegistration> register(USVString scriptURL, optional RegistrationOptions options = {});
+    [NewObject, ImplementedAs=register_] Promise<ServiceWorkerRegistration> register((TrustedScriptURL or Utf16USVString) scriptURL, optional RegistrationOptions options = {});

    [NewObject] Promise<(ServiceWorkerRegistration or undefined)> getRegistration(optional USVString clientURL = "");
    [FIXME, NewObject] Promise<FrozenArray<ServiceWorkerRegistration>> getRegistrations();
--- a/Libraries/LibWeb/TrustedTypes/InjectionSink.h
+++ b/Libraries/LibWeb/TrustedTypes/InjectionSink.h
@ -16,22 +16,23 @@ namespace Web::TrustedTypes {
    __ENUMERATE_INJECTION_SINKS(Element##attribute_name, "Element " #attribute_name)

 // https://w3c.github.io/trusted-types/dist/spec/#injection-sink
-#define ENUMERATE_INJECTION_SINKS                                                                \
-    __ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write")                                 \
-    __ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln")                             \
-    __ENUMERATE_INJECTION_SINKS(DocumentexecCommand, "Document execCommand")                     \
-    __ENUMERATE_INJECTION_SINKS(Function, "Function")                                            \
-    __ENUMERATE_INJECTION_SINKS(HTMLIFrameElementsrcdoc, "HTMLIFrameElement srcdoc")             \
-    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementinnerText, "HTMLScriptElement innerText")       \
-    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementsrc, "HTMLScriptElement src")                   \
-    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtext, "HTMLScriptElement text")                 \
-    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtextContent, "HTMLScriptElement textContent")   \
-    __ENUMERATE_INJECTION_SINKS(Locationhref, "Location href")                                   \
-    __ENUMERATE_INJECTION_SINKS(RangecreateContextualFragment, "Range createContextualFragment") \
-    __ENUMERATE_INJECTION_SINKS(SharedWorkerconstructor, "SharedWorker constructor")             \
-    __ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href")                   \
-    __ENUMERATE_INJECTION_SINKS(Workerconstructor, "Worker constructor")                         \
-    ENUMERATE_GLOBAL_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS)                              \
+#define ENUMERATE_INJECTION_SINKS                                                                  \
+    __ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write")                                   \
+    __ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln")                               \
+    __ENUMERATE_INJECTION_SINKS(DocumentexecCommand, "Document execCommand")                       \
+    __ENUMERATE_INJECTION_SINKS(Function, "Function")                                              \
+    __ENUMERATE_INJECTION_SINKS(HTMLIFrameElementsrcdoc, "HTMLIFrameElement srcdoc")               \
+    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementinnerText, "HTMLScriptElement innerText")         \
+    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementsrc, "HTMLScriptElement src")                     \
+    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtext, "HTMLScriptElement text")                   \
+    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtextContent, "HTMLScriptElement textContent")     \
+    __ENUMERATE_INJECTION_SINKS(Locationhref, "Location href")                                     \
+    __ENUMERATE_INJECTION_SINKS(RangecreateContextualFragment, "Range createContextualFragment")   \
+    __ENUMERATE_INJECTION_SINKS(ServiceWorkerContainerregister, "ServiceWorkerContainer register") \
+    __ENUMERATE_INJECTION_SINKS(SharedWorkerconstructor, "SharedWorker constructor")               \
+    __ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href")                     \
+    __ENUMERATE_INJECTION_SINKS(Workerconstructor, "Worker constructor")                           \
+    ENUMERATE_GLOBAL_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS)                                \
    ENUMERATE_WINDOW_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS)

 enum class InjectionSink {