LibWeb: Update get_trusted_type_data_for_attribute according to the spec

It now takes into consideration the namespace of the element to decide if it needs a TrustedType or not. We also win a few WPT subtests :)
Author: https://github.com/tete17 Commit: 1d1182cad8 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/6630 Reviewed-by: https://github.com/gmta ✅
2025-12-07 21:59:54 +00:00 · 2025-10-29 13:08:28 +01:00 · 2025-10-29 13:08:28 +01:00 · 1d1182cad8 · 2025-12-01 08:55:54 +00:00
commit 1d1182cad8
parent d601badd6c
15 changed files with 1778 additions and 14 deletions
--- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.cpp
+++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.cpp
@ -355,7 +355,9 @@ WebIDL::ExceptionOr<Utf16String> get_trusted_types_compliant_attribute_value(Fly
    //    attributeName
    //    attributeNs
    auto const attribute_data = get_trusted_type_data_for_attribute(
-        element_interface_name(Utf16String::from_utf8(element.local_name()), attribute_ns.has_value() ? attribute_ns.value() : Utf16String::from_utf8(Namespace::HTML)),
+        element_interface(
+            Utf16String::from_utf8(element.local_name()),
+            element.namespace_uri().value_or(Namespace::HTML)),
        Utf16String::from_utf8(attribute_name),
        attribute_ns);

@ -393,18 +395,18 @@ WebIDL::ExceptionOr<Utf16String> get_trusted_types_compliant_attribute_value(Fly
        Script.to_string());
 }

-Utf16String element_interface_name(Utf16String const& local_name, Utf16String const& element_ns)
+ElementInterface element_interface(Utf16String const& local_name, FlyString const& element_ns)
 {
    // FIXME: We don't have a method in ElementFactory that can give us the interface name but these are all the cases
    // we care about in the table in get_trusted_type_data_for_attribute function
    if (local_name == HTML::TagNames::iframe && element_ns == Namespace::HTML)
-        return "HTMLIFrameElement"_utf16;
+        return { "HTMLIFrameElement"_utf16, element_ns };
    if (local_name == HTML::TagNames::script && element_ns == Namespace::HTML)
-        return "HTMLScriptElement"_utf16;
+        return { "HTMLScriptElement"_utf16, element_ns };
    if (local_name == SVG::TagNames::script && element_ns == Namespace::SVG)
-        return "SVGScriptElement"_utf16;
+        return { "SVGScriptElement"_utf16, element_ns };

-    return "Element"_utf16;
+    return { "Element"_utf16, element_ns };
 }

 }
--- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.h
+++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicy.h
@ -6,6 +6,7 @@

 #pragma once

+#include <AK/FlyString.h>
 #include <LibJS/Forward.h>
 #include <LibWeb/Bindings/PlatformObject.h>
 #include <LibWeb/Bindings/TrustedTypePolicyPrototype.h>
@ -71,6 +72,12 @@ WebIDL::ExceptionOr<Utf16String> get_trusted_type_compliant_string(TrustedTypeNa

 WebIDL::ExceptionOr<Utf16String> get_trusted_types_compliant_attribute_value(FlyString const& attribute_name, Optional<Utf16String> attribute_ns, DOM::Element const& element, Variant<GC::Root<TrustedHTML>, GC::Root<TrustedScript>, GC::Root<TrustedScriptURL>, Utf16String> const& new_value);

-Utf16String element_interface_name(Utf16String const& local_name, Utf16String const& element_ns);
+// FIXME: Add-hoc definition of an element interface
+struct ElementInterface {
+    Utf16String element_name;
+    FlyString element_ns;
+};
+
+ElementInterface element_interface(Utf16String const& local_name, FlyString const& element_ns);

 }
--- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp
+++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.cpp
@ -49,7 +49,7 @@ Optional<Utf16String> TrustedTypePolicyFactory::get_attribute_type(Utf16String c
        attr_ns.clear();

    // 5. Let interface be the element interface for localName and elementNs.
-    Utf16String const interface = element_interface_name(local_name, element_ns.value());
+    auto const interface = element_interface(local_name, element_ns.value().to_utf8());

    // 6. Let expectedType be null.
    Optional<Utf16String> expected_type {};
@ -297,13 +297,16 @@ ContentSecurityPolicy::Directives::Directive::Result TrustedTypePolicyFactory::s
 }

 // https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute
-Optional<TrustedTypeData> get_trusted_type_data_for_attribute(Utf16String const& element, Utf16String const& attribute, Optional<Utf16String> const& attribute_ns)
+Optional<TrustedTypeData> get_trusted_type_data_for_attribute(ElementInterface const& element, Utf16String const& attribute, Optional<Utf16String> const& attribute_ns)
 {
    // 1. Let data be null.
    Optional<TrustedTypeData const&> data {};

-    // 2. If attributeNs is null, and attribute is the name of an event handler content attribute, then:
-    if (!attribute_ns.has_value()) {
+    auto const& [element_name, element_ns] = element;
+
+    // 2. If attributeNs is null, « HTML namespace, SVG namespace, MathML namespace » contains element’s namespace, and attribute is the name of an event handler content attribute:
+    if (!attribute_ns.has_value()
+        && (Namespace::HTML == element_ns || Namespace::SVG == element_ns || Namespace::MathML == element_ns)) {
 #undef __ENUMERATE
 #define __ENUMERATE(attribute_name, event_name)                                                                                                       \
    if (attribute == HTML::AttributeNames::attribute_name) {                                                                                          \
@ -324,8 +327,8 @@ Optional<TrustedTypeData> get_trusted_type_data_for_attribute(Utf16String const&

    // 3. Find the row in the following table, where element is in the first column, attributeNs is in the second column,
    // and attribute is in the third column. If a matching row is found, set data to that row.
-    data = table.first_matching([&element, &attribute, &attribute_ns](auto const& row) {
-        return row.element == element && row.attribute_ns == attribute_ns && row.attribute_local_name == attribute;
+    data = table.first_matching([&element_name, &attribute, &attribute_ns](auto const& row) {
+        return row.element == element_name && row.attribute_ns == attribute_ns && row.attribute_local_name == attribute;
    });

    // 4. Return data
--- a/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h
+++ b/Libraries/LibWeb/TrustedTypes/TrustedTypePolicyFactory.h
@ -69,6 +69,6 @@ struct TrustedTypeData {
    InjectionSink sink;
 };

-Optional<TrustedTypeData> get_trusted_type_data_for_attribute(Utf16String const&, Utf16String const&, Optional<Utf16String> const&);
+Optional<TrustedTypeData> get_trusted_type_data_for_attribute(ElementInterface const& element, Utf16String const&, Optional<Utf16String> const&);

 }