LibWeb: Hook TrustedTypes to the Range Dom api

Author: https://github.com/tete17
Commit: bd4e3fd3e0
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/6424
Reviewed-by: https://github.com/Lubrsi ✅
Reviewed-by: https://github.com/tcl3

Libraries/LibWeb/DOM/Range.cpp

@@ -27,6 +27,8 @@
 #include <LibWeb/HTML/Window.h>
 #include <LibWeb/Namespace.h>
 #include <LibWeb/Painting/ViewportPaintable.h>
+#include <LibWeb/TrustedTypes/RequireTrustedTypesForDirective.h>
+#include <LibWeb/TrustedTypes/TrustedTypePolicy.h>
 
 namespace Web::DOM {
 
@@ -1240,9 +1242,16 @@ GC::Ref<Geometry::DOMRect> Range::get_bounding_client_rect()
 }
 
 // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-range-createcontextualfragment
-WebIDL::ExceptionOr<GC::Ref<DocumentFragment>> Range::create_contextual_fragment(String const& string)
+WebIDL::ExceptionOr<GC::Ref<DocumentFragment>> Range::create_contextual_fragment(TrustedTypes::TrustedHTMLOrString const& string)
 {
-    // FIXME: 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global object, string, "Range createContextualFragment", and "script".
+    // 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with
+    //    TrustedHTML, this's relevant global object, string, "Range createContextualFragment", and "script".
+    auto const compliant_string = TRY(TrustedTypes::get_trusted_type_compliant_string(
+        TrustedTypes::TrustedTypeName::TrustedHTML,
+        HTML::relevant_global_object(*this),
+        string,
+        TrustedTypes::InjectionSink::RangecreateContextualFragment,
+        TrustedTypes::Script.to_string()));
 
     // 2. Let node be this's start node.
     GC::Ref<Node> node = *start_container();
@@ -1268,8 +1277,8 @@ WebIDL::ExceptionOr<GC::Ref<DocumentFragment>> Range::create_contextual_fragment
         element = TRY(DOM::create_element(node->document(), HTML::TagNames::body, Namespace::HTML));
     }
 
-    // 7. Let fragment node be the result of invoking the fragment parsing algorithm steps with element and compliantString. FIXME: Use compliantString.
+    // 7. Let fragment node be the result of invoking the fragment parsing algorithm steps with element and compliantString.
-    auto fragment_node = TRY(element->parse_fragment(string));
+    auto fragment_node = TRY(element->parse_fragment(compliant_string.to_utf8_but_should_be_ported_to_utf16()));
 
     // 8. For each script of fragment node's script element descendants:
     fragment_node->for_each_in_subtree_of_type<HTML::HTMLScriptElement>([&](HTML::HTMLScriptElement& script_element) {

Libraries/LibWeb/DOM/Range.h

@@ -13,6 +13,7 @@
 #include <LibWeb/DOM/Node.h>
 #include <LibWeb/Export.h>
 #include <LibWeb/Selection/Selection.h>
+#include <LibWeb/TrustedTypes/TrustedHTML.h>
 #include <LibWeb/WebIDL/Types.h>
 
 namespace Web::DOM {
@@ -91,7 +92,7 @@ public:
 
     void set_associated_selection(Badge<Selection::Selection>, GC::Ptr<Selection::Selection>);
 
-    WebIDL::ExceptionOr<GC::Ref<DocumentFragment>> create_contextual_fragment(String const& fragment);
+    WebIDL::ExceptionOr<GC::Ref<DocumentFragment>> create_contextual_fragment(TrustedTypes::TrustedHTMLOrString const& fragment);
 
     template<typename Callback>
     void for_each_contained(Callback callback) const

Libraries/LibWeb/DOM/Range.idl

@@ -1,6 +1,7 @@
 #import <DOM/Node.idl>
 #import <DOM/AbstractRange.idl>
 #import <Geometry/DOMRect.idl>
+#import <TrustedTypes/TrustedHTML.idl>
 
 // https://dom.spec.whatwg.org/#interface-range
 [Exposed=Window]
@@ -46,6 +47,5 @@ interface Range : AbstractRange {
     stringifier;
 
     // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-range-createcontextualfragment
-    // FIXME: [CEReactions, NewObject] DocumentFragment createContextualFragment((TrustedHTML or DOMString) string);
+    [CEReactions, NewObject] DocumentFragment createContextualFragment((TrustedHTML or Utf16DOMString) string);
-    [CEReactions, NewObject] DocumentFragment createContextualFragment(DOMString string);
 };

Libraries/LibWeb/Editing/Commands.cpp

@@ -24,6 +24,8 @@
 #include <LibWeb/HTML/Numbers.h>
 #include <LibWeb/Layout/Node.h>
 #include <LibWeb/Namespace.h>
+#include <LibWeb/TrustedTypes/RequireTrustedTypesForDirective.h>
+#include <LibWeb/TrustedTypes/TrustedTypePolicy.h>
 
 namespace Web::Editing {
 
@@ -1218,9 +1220,14 @@ bool command_insert_horizontal_rule_action(DOM::Document& document, Utf16String
 // https://w3c.github.io/editing/docs/execCommand/#the-inserthtml-command
 bool command_insert_html_action(DOM::Document& document, Utf16String const& value)
 {
-    // FIXME: 1. Set value to the result of invoking get trusted types compliant string with TrustedHTML, this's relevant
+    // 1. Set value to the result of invoking get trusted types compliant string with TrustedHTML, this's relevant
     //    global object, value, "Document execCommand", and "script".
-    auto resulting_value = value;
+    auto const resulting_value = MUST(TrustedTypes::get_trusted_type_compliant_string(
+        TrustedTypes::TrustedTypeName::TrustedHTML,
+        HTML::relevant_global_object(document),
+        value,
+        TrustedTypes::InjectionSink::DocumentexecCommand,
+        TrustedTypes::Script.to_string()));
 
     // 2. Delete the selection.
     auto& selection = *document.get_selection();
@@ -1232,7 +1239,7 @@ bool command_insert_html_action(DOM::Document& document, Utf16String const& valu
         return true;
 
     // 4. Let frag be the result of calling createContextualFragment(value) on the active range.
-    auto frag = MUST(range->create_contextual_fragment(resulting_value.to_utf8_but_should_be_ported_to_utf16()));
+    auto frag = MUST(range->create_contextual_fragment(resulting_value));
 
     // 5. Let last child be the lastChild of frag.
     GC::Ptr<DOM::Node> last_child = frag->last_child();

Libraries/LibWeb/TrustedTypes/InjectionSink.h

@@ -16,18 +16,20 @@ namespace Web::TrustedTypes {
     __ENUMERATE_INJECTION_SINKS(Element##attribute_name, "Element " #attribute_name)
 
 // https://w3c.github.io/trusted-types/dist/spec/#injection-sink
-#define ENUMERATE_INJECTION_SINKS                                                              \
+#define ENUMERATE_INJECTION_SINKS                                                                \
-    __ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write")                               \
+    __ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write")                                 \
-    __ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln")                           \
+    __ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln")                             \
-    __ENUMERATE_INJECTION_SINKS(Function, "Function")                                          \
+    __ENUMERATE_INJECTION_SINKS(DocumentexecCommand, "Document execCommand")                     \
-    __ENUMERATE_INJECTION_SINKS(HTMLIFrameElementsrcdoc, "HTMLIFrameElement srcdoc")           \
+    __ENUMERATE_INJECTION_SINKS(Function, "Function")                                            \
-    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementinnerText, "HTMLScriptElement innerText")     \
+    __ENUMERATE_INJECTION_SINKS(HTMLIFrameElementsrcdoc, "HTMLIFrameElement srcdoc")             \
-    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementsrc, "HTMLScriptElement src")                 \
+    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementinnerText, "HTMLScriptElement innerText")       \
-    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtext, "HTMLScriptElement text")               \
+    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementsrc, "HTMLScriptElement src")                   \
-    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtextContent, "HTMLScriptElement textContent") \
+    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtext, "HTMLScriptElement text")                 \
-    __ENUMERATE_INJECTION_SINKS(Locationhref, "Location href")                                 \
+    __ENUMERATE_INJECTION_SINKS(HTMLScriptElementtextContent, "HTMLScriptElement textContent")   \
-    __ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href")                 \
+    __ENUMERATE_INJECTION_SINKS(Locationhref, "Location href")                                   \
-    ENUMERATE_GLOBAL_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS)                            \
+    __ENUMERATE_INJECTION_SINKS(RangecreateContextualFragment, "Range createContextualFragment") \
+    __ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href")                   \
+    ENUMERATE_GLOBAL_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS)                              \
     ENUMERATE_WINDOW_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS)
 
 enum class InjectionSink {

Libraries/LibWeb/TrustedTypes/TrustedHTML.h

@@ -12,6 +12,8 @@
 
 namespace Web::TrustedTypes {
 
+using TrustedHTMLOrString = Variant<GC::Root<TrustedHTML>, Utf16String>;
+
 class TrustedHTML final : public Bindings::PlatformObject {
     WEB_PLATFORM_OBJECT(TrustedHTML, Bindings::PlatformObject);
     GC_DECLARE_ALLOCATOR(TrustedHTML);