From c591f8c14f0734049914ea2ece3935a2fa657d06 Mon Sep 17 00:00:00 2001 From: Tete17 Date: Mon, 11 Aug 2025 00:31:46 +0200 Subject: [PATCH] LibWeb: Amend DomParser to make it compatible with TrustedTypes --- Libraries/LibWeb/HTML/DOMParser.cpp | 24 +++++++++++++------ Libraries/LibWeb/HTML/DOMParser.h | 2 +- Libraries/LibWeb/HTML/DOMParser.idl | 2 +- Libraries/LibWeb/TrustedTypes/InjectionSink.h | 1 + 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/Libraries/LibWeb/HTML/DOMParser.cpp b/Libraries/LibWeb/HTML/DOMParser.cpp index 7b70b863e48..4e4b099cea5 100644 --- a/Libraries/LibWeb/HTML/DOMParser.cpp +++ b/Libraries/LibWeb/HTML/DOMParser.cpp @@ -12,6 +12,8 @@ #include #include #include +#include +#include #include namespace Web::HTML { @@ -37,9 +39,16 @@ void DOMParser::initialize(JS::Realm& realm) } // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-domparser-parsefromstring -GC::Ref DOMParser::parse_from_string(StringView string, Bindings::DOMParserSupportedType type) +WebIDL::ExceptionOr> DOMParser::parse_from_string(Utf16String string, Bindings::DOMParserSupportedType type) { - // FIXME: 1. Let compliantString to the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global object, string, "DOMParser parseFromString", and "script". + // 1. Let compliantString to the result of invoking the Get Trusted Type compliant string algorithm with + // TrustedHTML, this's relevant global object, string, "DOMParser parseFromString", and "script". + auto const compliant_string = TRY(TrustedTypes::get_trusted_type_compliant_string( + TrustedTypes::TrustedTypeName::TrustedHTML, + relevant_global_object(*this), + move(string), + TrustedTypes::InjectionSink::DOMParserparseFromString, + TrustedTypes::Script.to_string())); // 2. Let document be a new Document, whose content type is type and url is this's relevant global object's associated Document's URL. GC::Ptr document; @@ -52,8 +61,8 @@ GC::Ref DOMParser::parse_from_string(StringView string, Bindings: document->set_content_type(Bindings::idl_enum_to_string(type)); document->set_document_type(DOM::Document::Type::HTML); - // 1. Parse HTML from a string given document and compliantString. FIXME: Use compliantString. - document->parse_html_from_a_string(string); + // 1. Parse HTML from a string given document and compliantString. + document->parse_html_from_a_string(compliant_string.to_utf8_but_should_be_ported_to_utf16()); } else { // -> Otherwise document = DOM::Document::create(realm(), associated_document.url()); @@ -61,9 +70,10 @@ GC::Ref DOMParser::parse_from_string(StringView string, Bindings: document->set_document_type(DOM::Document::Type::XML); // 1. Create an XML parser parse, associated with document, and with XML scripting support disabled. - XML::Parser parser(string, { .resolve_external_resource = resolve_xml_resource }); + auto const utf8_complaint_string = compliant_string.to_utf8_but_should_be_ported_to_utf16(); + XML::Parser parser(utf8_complaint_string, { .resolve_external_resource = resolve_xml_resource }); XMLDocumentBuilder builder { *document, XMLScriptingSupport::Disabled }; - // 2. Parse compliantString using parser. FIXME: Use compliantString. + // 2. Parse compliantString using parser. auto result = parser.parse_with_listener(builder); // 3. If the previous step resulted in an XML well-formedness or XML namespace well-formedness error, then: if (result.is_error() || builder.has_error()) { @@ -84,7 +94,7 @@ GC::Ref DOMParser::parse_from_string(StringView string, Bindings: document->set_origin(associated_document.origin()); // 3. Return document. - return *document; + return document; } } diff --git a/Libraries/LibWeb/HTML/DOMParser.h b/Libraries/LibWeb/HTML/DOMParser.h index 7ef8ce9eab6..1b908cf7da1 100644 --- a/Libraries/LibWeb/HTML/DOMParser.h +++ b/Libraries/LibWeb/HTML/DOMParser.h @@ -24,7 +24,7 @@ public: virtual ~DOMParser() override; - GC::Ref parse_from_string(StringView, Bindings::DOMParserSupportedType type); + WebIDL::ExceptionOr> parse_from_string(Utf16String, Bindings::DOMParserSupportedType type); private: explicit DOMParser(JS::Realm&); diff --git a/Libraries/LibWeb/HTML/DOMParser.idl b/Libraries/LibWeb/HTML/DOMParser.idl index bfe112d109b..cee3f08ba1b 100644 --- a/Libraries/LibWeb/HTML/DOMParser.idl +++ b/Libraries/LibWeb/HTML/DOMParser.idl @@ -13,5 +13,5 @@ enum DOMParserSupportedType { interface DOMParser { constructor(); - Document parseFromString(DOMString string, DOMParserSupportedType type); + Document parseFromString(Utf16DOMString string, DOMParserSupportedType type); }; diff --git a/Libraries/LibWeb/TrustedTypes/InjectionSink.h b/Libraries/LibWeb/TrustedTypes/InjectionSink.h index edafe5c573e..0f525448b4b 100644 --- a/Libraries/LibWeb/TrustedTypes/InjectionSink.h +++ b/Libraries/LibWeb/TrustedTypes/InjectionSink.h @@ -21,6 +21,7 @@ namespace Web::TrustedTypes { __ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write") \ __ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln") \ __ENUMERATE_INJECTION_SINKS(DocumentexecCommand, "Document execCommand") \ + __ENUMERATE_INJECTION_SINKS(DOMParserparseFromString, "DOMParser parseFromString") \ __ENUMERATE_INJECTION_SINKS(ElementinnerHTML, "Element innerHTML") \ __ENUMERATE_INJECTION_SINKS(ElementinsertAdjacentHTML, "Element insertAdjacentHTML") \ __ENUMERATE_INJECTION_SINKS(ElementouterHTML, "Element outerHTML") \