From 18199f8f2ac64a4fa9c7c0edf78aba23fc56f76a Mon Sep 17 00:00:00 2001 From: Tete17 Date: Mon, 6 Oct 2025 18:21:57 +0200 Subject: [PATCH] LibWeb: Hook TrustedTypes to the ServiceWorkers api --- .../ServiceWorker/ServiceWorkerContainer.cpp | 15 +++++++-- .../ServiceWorker/ServiceWorkerContainer.h | 4 ++- .../ServiceWorker/ServiceWorkerContainer.idl | 4 +-- Libraries/LibWeb/TrustedTypes/InjectionSink.h | 33 ++++++++++--------- 4 files changed, 34 insertions(+), 22 deletions(-) diff --git a/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.cpp b/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.cpp index bf92d8aed5d..29c16af8bed 100644 --- a/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.cpp +++ b/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.cpp @@ -18,6 +18,9 @@ #include #include #include +#include +#include +#include namespace Web::ServiceWorker { @@ -49,7 +52,7 @@ GC::Ref ServiceWorkerContainer::create(JS::Realm& realm) } // https://w3c.github.io/ServiceWorker/#navigator-service-worker-register -GC::Ref ServiceWorkerContainer::register_(String script_url, RegistrationOptions const& options) +GC::Ref ServiceWorkerContainer::register_(TrustedTypes::TrustedScriptURLOrString script_url, RegistrationOptions const& options) { auto& realm = this->realm(); // Note: The register(scriptURL, options) method creates or updates a service worker registration for the given scope url. @@ -59,15 +62,21 @@ GC::Ref ServiceWorkerContainer::register_(String script_url, Re // 1. Let p be a promise. auto p = WebIDL::create_promise(realm); - // FIXME: 2. Set scriptURL to the result of invoking Get Trusted Type compliant string with TrustedScriptURL, + // 2. Set scriptURL to the result of invoking Get Trusted Type compliant string with TrustedScriptURL, // this's relevant global object, scriptURL, "ServiceWorkerContainer register", and "script". + auto const compliant_script_url = MUST(TrustedTypes::get_trusted_type_compliant_string( + TrustedTypes::TrustedTypeName::TrustedScriptURL, + HTML::relevant_global_object(*this), + script_url, + TrustedTypes::InjectionSink::ServiceWorkerContainerregister, + TrustedTypes::Script.to_string())); // 3 Let client be this's service worker client. auto client = m_service_worker_client; // 4. Let scriptURL be the result of parsing scriptURL with this's relevant settings object’s API base URL. auto base_url = HTML::relevant_settings_object(*this).api_base_url(); - auto parsed_script_url = DOMURL::parse(script_url, base_url); + auto parsed_script_url = DOMURL::parse(compliant_script_url.to_utf8_but_should_be_ported_to_utf16(), base_url); // 5. Let scopeURL be null. Optional scope_url; diff --git a/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.h b/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.h index ff204b2bee9..18212a7fab2 100644 --- a/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.h +++ b/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.h @@ -10,6 +10,8 @@ #include #include #include +#include +#include #include #include @@ -34,7 +36,7 @@ public: [[nodiscard]] static GC::Ref create(JS::Realm& realm); virtual ~ServiceWorkerContainer() override; - GC::Ref register_(String script_url, RegistrationOptions const& options); + GC::Ref register_(TrustedTypes::TrustedScriptURLOrString script_url, RegistrationOptions const& options); GC::Ref get_registration(String const& client_url); diff --git a/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.idl b/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.idl index cb14114aa01..5835df2db63 100644 --- a/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.idl +++ b/Libraries/LibWeb/ServiceWorker/ServiceWorkerContainer.idl @@ -2,6 +2,7 @@ #import #import #import +#import // https://w3c.github.io/ServiceWorker/#serviceworkercontainer-interface [SecureContext, Exposed=(Window,Worker)] @@ -9,8 +10,7 @@ interface ServiceWorkerContainer : EventTarget { [FIXME] readonly attribute ServiceWorker? controller; [FIXME] readonly attribute Promise ready; - // FIXME: [NewObject] Promise register((TrustedScriptURL or USVString) scriptURL, optional RegistrationOptions options = {}); - [NewObject, ImplementedAs=register_] Promise register(USVString scriptURL, optional RegistrationOptions options = {}); + [NewObject, ImplementedAs=register_] Promise register((TrustedScriptURL or Utf16USVString) scriptURL, optional RegistrationOptions options = {}); [NewObject] Promise<(ServiceWorkerRegistration or undefined)> getRegistration(optional USVString clientURL = ""); [FIXME, NewObject] Promise> getRegistrations(); diff --git a/Libraries/LibWeb/TrustedTypes/InjectionSink.h b/Libraries/LibWeb/TrustedTypes/InjectionSink.h index 73cfd4af004..75441b115cb 100644 --- a/Libraries/LibWeb/TrustedTypes/InjectionSink.h +++ b/Libraries/LibWeb/TrustedTypes/InjectionSink.h @@ -16,22 +16,23 @@ namespace Web::TrustedTypes { __ENUMERATE_INJECTION_SINKS(Element##attribute_name, "Element " #attribute_name) // https://w3c.github.io/trusted-types/dist/spec/#injection-sink -#define ENUMERATE_INJECTION_SINKS \ - __ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write") \ - __ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln") \ - __ENUMERATE_INJECTION_SINKS(DocumentexecCommand, "Document execCommand") \ - __ENUMERATE_INJECTION_SINKS(Function, "Function") \ - __ENUMERATE_INJECTION_SINKS(HTMLIFrameElementsrcdoc, "HTMLIFrameElement srcdoc") \ - __ENUMERATE_INJECTION_SINKS(HTMLScriptElementinnerText, "HTMLScriptElement innerText") \ - __ENUMERATE_INJECTION_SINKS(HTMLScriptElementsrc, "HTMLScriptElement src") \ - __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtext, "HTMLScriptElement text") \ - __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtextContent, "HTMLScriptElement textContent") \ - __ENUMERATE_INJECTION_SINKS(Locationhref, "Location href") \ - __ENUMERATE_INJECTION_SINKS(RangecreateContextualFragment, "Range createContextualFragment") \ - __ENUMERATE_INJECTION_SINKS(SharedWorkerconstructor, "SharedWorker constructor") \ - __ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href") \ - __ENUMERATE_INJECTION_SINKS(Workerconstructor, "Worker constructor") \ - ENUMERATE_GLOBAL_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS) \ +#define ENUMERATE_INJECTION_SINKS \ + __ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write") \ + __ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln") \ + __ENUMERATE_INJECTION_SINKS(DocumentexecCommand, "Document execCommand") \ + __ENUMERATE_INJECTION_SINKS(Function, "Function") \ + __ENUMERATE_INJECTION_SINKS(HTMLIFrameElementsrcdoc, "HTMLIFrameElement srcdoc") \ + __ENUMERATE_INJECTION_SINKS(HTMLScriptElementinnerText, "HTMLScriptElement innerText") \ + __ENUMERATE_INJECTION_SINKS(HTMLScriptElementsrc, "HTMLScriptElement src") \ + __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtext, "HTMLScriptElement text") \ + __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtextContent, "HTMLScriptElement textContent") \ + __ENUMERATE_INJECTION_SINKS(Locationhref, "Location href") \ + __ENUMERATE_INJECTION_SINKS(RangecreateContextualFragment, "Range createContextualFragment") \ + __ENUMERATE_INJECTION_SINKS(ServiceWorkerContainerregister, "ServiceWorkerContainer register") \ + __ENUMERATE_INJECTION_SINKS(SharedWorkerconstructor, "SharedWorker constructor") \ + __ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href") \ + __ENUMERATE_INJECTION_SINKS(Workerconstructor, "Worker constructor") \ + ENUMERATE_GLOBAL_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS) \ ENUMERATE_WINDOW_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS) enum class InjectionSink {