mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-12-07 21:59:54 +00:00
LibWeb: Make Trusted Types injection sink names more readable
No functional change.
This commit is contained in:
Luke Wilde
Tim Flynn
parent
60e1a136aa
commit
fb9406ddcd
Notes:
github-actions[bot]
2025-11-06 16:46:08 +00:00
Author: https://github.com/Lubrsi
Commit: fb9406ddcd
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/6632
Reviewed-by: https://github.com/AtkinsSJ
14 changed files with 55 additions and 55 deletions
|
|
@ -649,14 +649,14 @@ GC::Ptr<Selection::Selection> Document::get_selection() const
|
|||
WebIDL::ExceptionOr<void> Document::write(Vector<TrustedTypes::TrustedHTMLOrString> const& text)
|
||||
{
|
||||
// The document.write(...text) method steps are to run the document write steps with this, text, false, and "Document write".
|
||||
return run_the_document_write_steps(text, AddLineFeed::No, TrustedTypes::InjectionSink::Documentwrite);
|
||||
return run_the_document_write_steps(text, AddLineFeed::No, TrustedTypes::InjectionSink::Document_write);
|
||||
}
|
||||
|
||||
// https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-document-writeln
|
||||
WebIDL::ExceptionOr<void> Document::writeln(Vector<TrustedTypes::TrustedHTMLOrString> const& text)
|
||||
{
|
||||
// The document.writeln(...text) method steps are to run the document write steps with this, text, true, and "Document writeln".
|
||||
return run_the_document_write_steps(text, AddLineFeed::Yes, TrustedTypes::InjectionSink::Documentwriteln);
|
||||
return run_the_document_write_steps(text, AddLineFeed::Yes, TrustedTypes::InjectionSink::Document_writeln);
|
||||
}
|
||||
|
||||
// https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-write-steps
|
||||
|
|
@ -6373,7 +6373,7 @@ WebIDL::ExceptionOr<GC::Root<DOM::Document>> Document::parse_html_unsafe(JS::VM&
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::current_principal_global_object(),
|
||||
html,
|
||||
TrustedTypes::InjectionSink::DocumentparseHTMLUnsafe,
|
||||
TrustedTypes::InjectionSink::Document_parseHTMLUnsafe,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Let document be a new Document, whose content type is "text/html".
|
||||
|
|
|
|||
|
|
@ -1066,7 +1066,7 @@ WebIDL::ExceptionOr<void> Element::set_inner_html(TrustedTypes::TrustedHTMLOrStr
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::relevant_global_object(*this),
|
||||
value,
|
||||
TrustedTypes::InjectionSink::ElementinnerHTML,
|
||||
TrustedTypes::InjectionSink::Element_innerHTML,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Let context be this.
|
||||
|
|
@ -2120,7 +2120,7 @@ WebIDL::ExceptionOr<void> Element::set_outer_html(TrustedTypes::TrustedHTMLOrStr
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::relevant_global_object(*this),
|
||||
value,
|
||||
TrustedTypes::InjectionSink::ElementouterHTML,
|
||||
TrustedTypes::InjectionSink::Element_outerHTML,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Let parent be this's parent.
|
||||
|
|
@ -2156,7 +2156,7 @@ WebIDL::ExceptionOr<void> Element::insert_adjacent_html(String const& position,
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::relevant_global_object(*this),
|
||||
string,
|
||||
TrustedTypes::InjectionSink::ElementinsertAdjacentHTML,
|
||||
TrustedTypes::InjectionSink::Element_insertAdjacentHTML,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Let context be null.
|
||||
|
|
@ -3968,7 +3968,7 @@ WebIDL::ExceptionOr<void> Element::set_html_unsafe(TrustedTypes::TrustedHTMLOrSt
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::relevant_global_object(*this),
|
||||
html,
|
||||
TrustedTypes::InjectionSink::ElementsetHTMLUnsafe,
|
||||
TrustedTypes::InjectionSink::Element_setHTMLUnsafe,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Let target be this's template contents if this is a template element; otherwise this.
|
||||
|
|
|
|||
|
|
@ -1250,7 +1250,7 @@ WebIDL::ExceptionOr<GC::Ref<DocumentFragment>> Range::create_contextual_fragment
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::relevant_global_object(*this),
|
||||
string,
|
||||
TrustedTypes::InjectionSink::RangecreateContextualFragment,
|
||||
TrustedTypes::InjectionSink::Range_createContextualFragment,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Let node be this's start node.
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ WebIDL::ExceptionOr<void> ShadowRoot::set_inner_html(TrustedTypes::TrustedHTMLOr
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::relevant_global_object(*this),
|
||||
value,
|
||||
TrustedTypes::InjectionSink::ShadowRootinnerHTML,
|
||||
TrustedTypes::InjectionSink::ShadowRoot_innerHTML,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Let context be this's host.
|
||||
|
|
@ -127,7 +127,7 @@ WebIDL::ExceptionOr<void> ShadowRoot::set_html_unsafe(TrustedTypes::TrustedHTMLO
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::relevant_global_object(*this),
|
||||
html,
|
||||
TrustedTypes::InjectionSink::ShadowRootsetHTMLUnsafe,
|
||||
TrustedTypes::InjectionSink::ShadowRoot_setHTMLUnsafe,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Unsafely set HTML given this, this's shadow host, and compliantHTML.
|
||||
|
|
|
|||
|
|
@ -1227,7 +1227,7 @@ bool command_insert_html_action(DOM::Document& document, Utf16String const& valu
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::relevant_global_object(document),
|
||||
value,
|
||||
TrustedTypes::InjectionSink::DocumentexecCommand,
|
||||
TrustedTypes::InjectionSink::Document_execCommand,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Delete the selection.
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ WebIDL::ExceptionOr<GC::Root<DOM::Document>> DOMParser::parse_from_string(Utf16S
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
relevant_global_object(*this),
|
||||
move(string),
|
||||
TrustedTypes::InjectionSink::DOMParserparseFromString,
|
||||
TrustedTypes::InjectionSink::DOMParser_parseFromString,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Let document be a new Document, whose content type is type and url is this's relevant global object's associated Document's URL.
|
||||
|
|
|
|||
|
|
@ -326,7 +326,7 @@ WebIDL::ExceptionOr<void> HTMLIFrameElement::set_srcdoc(TrustedTypes::TrustedHTM
|
|||
TrustedTypes::TrustedTypeName::TrustedHTML,
|
||||
HTML::relevant_global_object(*this),
|
||||
value,
|
||||
TrustedTypes::InjectionSink::HTMLIFrameElementsrcdoc,
|
||||
TrustedTypes::InjectionSink::HTMLIFrameElement_srcdoc,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Set an attribute value given this, srcdoc's local name, and compliantString.
|
||||
|
|
|
|||
|
|
@ -683,7 +683,7 @@ WebIDL::ExceptionOr<void> HTMLScriptElement::set_text(TrustedTypes::TrustedScrip
|
|||
TrustedTypes::TrustedTypeName::TrustedScript,
|
||||
HTML::relevant_global_object(*this),
|
||||
text,
|
||||
TrustedTypes::InjectionSink::HTMLScriptElementtext,
|
||||
TrustedTypes::InjectionSink::HTMLScriptElement_text,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Set this’s script text value to the given value.
|
||||
|
|
@ -703,7 +703,7 @@ WebIDL::ExceptionOr<void> HTMLScriptElement::set_src(TrustedTypes::TrustedScript
|
|||
TrustedTypes::TrustedTypeName::TrustedScriptURL,
|
||||
HTML::relevant_global_object(*this),
|
||||
text,
|
||||
TrustedTypes::InjectionSink::HTMLScriptElementsrc,
|
||||
TrustedTypes::InjectionSink::HTMLScriptElement_src,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Set this’s src content attribute to value.
|
||||
|
|
@ -727,7 +727,7 @@ WebIDL::ExceptionOr<void> HTMLScriptElement::set_text_content(TrustedTypes::Trus
|
|||
TrustedTypes::TrustedTypeName::TrustedScript,
|
||||
HTML::relevant_global_object(*this),
|
||||
text,
|
||||
TrustedTypes::InjectionSink::HTMLScriptElementtextContent,
|
||||
TrustedTypes::InjectionSink::HTMLScriptElement_textContent,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Set this’s script text value to value.
|
||||
|
|
@ -754,7 +754,7 @@ WebIDL::ExceptionOr<void> HTMLScriptElement::set_inner_text(TrustedTypes::Truste
|
|||
TrustedTypes::TrustedTypeName::TrustedScript,
|
||||
HTML::relevant_global_object(*this),
|
||||
text,
|
||||
TrustedTypes::InjectionSink::HTMLScriptElementinnerText,
|
||||
TrustedTypes::InjectionSink::HTMLScriptElement_innerText,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. Set this’s script text value to value.
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ WebIDL::ExceptionOr<GC::Ref<SharedWorker>> SharedWorker::construct_impl(JS::Real
|
|||
TrustedTypes::TrustedTypeName::TrustedScriptURL,
|
||||
realm.global_object(),
|
||||
script_url,
|
||||
TrustedTypes::InjectionSink::SharedWorkerconstructor,
|
||||
TrustedTypes::InjectionSink::SharedWorker_constructor,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 2. If options is a DOMString, set options to a new WorkerOptions dictionary whose name member is set to the value
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ WebIDL::ExceptionOr<GC::Ref<Worker>> Worker::create(TrustedTypes::TrustedScriptU
|
|||
TrustedTypes::TrustedTypeName::TrustedScriptURL,
|
||||
HTML::relevant_global_object(document),
|
||||
script_url,
|
||||
TrustedTypes::InjectionSink::Workerconstructor,
|
||||
TrustedTypes::InjectionSink::Worker_constructor,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
dbgln_if(WEB_WORKER_DEBUG, "WebWorker: Creating worker with compliant_script_url = {}", compliant_script_url);
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ GC::Ref<WebIDL::Promise> ServiceWorkerContainer::register_(TrustedTypes::Trusted
|
|||
TrustedTypes::TrustedTypeName::TrustedScriptURL,
|
||||
HTML::relevant_global_object(*this),
|
||||
script_url,
|
||||
TrustedTypes::InjectionSink::ServiceWorkerContainerregister,
|
||||
TrustedTypes::InjectionSink::ServiceWorkerContainer_register,
|
||||
TrustedTypes::Script.to_string()));
|
||||
|
||||
// 3 Let client be this's service worker client.
|
||||
|
|
|
|||
|
|
@ -13,34 +13,34 @@
|
|||
namespace Web::TrustedTypes {
|
||||
|
||||
#define EVENT_HANDLERS_INJECTION_SINKS(attribute_name, event_name) \
|
||||
__ENUMERATE_INJECTION_SINKS(Element##attribute_name, "Element " #attribute_name)
|
||||
__ENUMERATE_INJECTION_SINKS(Element_##attribute_name, "Element " #attribute_name)
|
||||
|
||||
// https://w3c.github.io/trusted-types/dist/spec/#injection-sink
|
||||
#define ENUMERATE_INJECTION_SINKS \
|
||||
__ENUMERATE_INJECTION_SINKS(DocumentparseHTMLUnsafe, "Document parseHTMLUnsafe") \
|
||||
__ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write") \
|
||||
__ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln") \
|
||||
__ENUMERATE_INJECTION_SINKS(DocumentexecCommand, "Document execCommand") \
|
||||
__ENUMERATE_INJECTION_SINKS(DOMParserparseFromString, "DOMParser parseFromString") \
|
||||
__ENUMERATE_INJECTION_SINKS(ElementinnerHTML, "Element innerHTML") \
|
||||
__ENUMERATE_INJECTION_SINKS(ElementinsertAdjacentHTML, "Element insertAdjacentHTML") \
|
||||
__ENUMERATE_INJECTION_SINKS(ElementouterHTML, "Element outerHTML") \
|
||||
__ENUMERATE_INJECTION_SINKS(ElementsetHTMLUnsafe, "Element setHTMLUnsafe") \
|
||||
__ENUMERATE_INJECTION_SINKS(Function, "Function") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLIFrameElementsrcdoc, "HTMLIFrameElement srcdoc") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLScriptElementinnerText, "HTMLScriptElement innerText") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLScriptElementsrc, "HTMLScriptElement src") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLScriptElementtext, "HTMLScriptElement text") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLScriptElementtextContent, "HTMLScriptElement textContent") \
|
||||
__ENUMERATE_INJECTION_SINKS(Locationhref, "Location href") \
|
||||
__ENUMERATE_INJECTION_SINKS(RangecreateContextualFragment, "Range createContextualFragment") \
|
||||
__ENUMERATE_INJECTION_SINKS(ServiceWorkerContainerregister, "ServiceWorkerContainer register") \
|
||||
__ENUMERATE_INJECTION_SINKS(ShadowRootinnerHTML, "ShadowRoot innerHTML") \
|
||||
__ENUMERATE_INJECTION_SINKS(ShadowRootsetHTMLUnsafe, "ShadowRoot setHTMLUnsafe") \
|
||||
__ENUMERATE_INJECTION_SINKS(SharedWorkerconstructor, "SharedWorker constructor") \
|
||||
__ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href") \
|
||||
__ENUMERATE_INJECTION_SINKS(Workerconstructor, "Worker constructor") \
|
||||
ENUMERATE_GLOBAL_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS) \
|
||||
#define ENUMERATE_INJECTION_SINKS \
|
||||
__ENUMERATE_INJECTION_SINKS(Document_parseHTMLUnsafe, "Document parseHTMLUnsafe") \
|
||||
__ENUMERATE_INJECTION_SINKS(Document_write, "Document write") \
|
||||
__ENUMERATE_INJECTION_SINKS(Document_writeln, "Document writeln") \
|
||||
__ENUMERATE_INJECTION_SINKS(Document_execCommand, "Document execCommand") \
|
||||
__ENUMERATE_INJECTION_SINKS(DOMParser_parseFromString, "DOMParser parseFromString") \
|
||||
__ENUMERATE_INJECTION_SINKS(Element_innerHTML, "Element innerHTML") \
|
||||
__ENUMERATE_INJECTION_SINKS(Element_insertAdjacentHTML, "Element insertAdjacentHTML") \
|
||||
__ENUMERATE_INJECTION_SINKS(Element_outerHTML, "Element outerHTML") \
|
||||
__ENUMERATE_INJECTION_SINKS(Element_setHTMLUnsafe, "Element setHTMLUnsafe") \
|
||||
__ENUMERATE_INJECTION_SINKS(Function, "Function") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLIFrameElement_srcdoc, "HTMLIFrameElement srcdoc") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLScriptElement_innerText, "HTMLScriptElement innerText") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLScriptElement_src, "HTMLScriptElement src") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLScriptElement_text, "HTMLScriptElement text") \
|
||||
__ENUMERATE_INJECTION_SINKS(HTMLScriptElement_textContent, "HTMLScriptElement textContent") \
|
||||
__ENUMERATE_INJECTION_SINKS(Location_href, "Location href") \
|
||||
__ENUMERATE_INJECTION_SINKS(Range_createContextualFragment, "Range createContextualFragment") \
|
||||
__ENUMERATE_INJECTION_SINKS(ServiceWorkerContainer_register, "ServiceWorkerContainer register") \
|
||||
__ENUMERATE_INJECTION_SINKS(ShadowRoot_innerHTML, "ShadowRoot innerHTML") \
|
||||
__ENUMERATE_INJECTION_SINKS(ShadowRoot_setHTMLUnsafe, "ShadowRoot setHTMLUnsafe") \
|
||||
__ENUMERATE_INJECTION_SINKS(SharedWorker_constructor, "SharedWorker constructor") \
|
||||
__ENUMERATE_INJECTION_SINKS(SVGScriptElement_href, "SVGScriptElement href") \
|
||||
__ENUMERATE_INJECTION_SINKS(Worker_constructor, "Worker constructor") \
|
||||
ENUMERATE_GLOBAL_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS) \
|
||||
ENUMERATE_WINDOW_EVENT_HANDLERS(EVENT_HANDLERS_INJECTION_SINKS)
|
||||
|
||||
enum class InjectionSink {
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ ContentSecurityPolicy::Directives::Directive::Result RequireTrustedTypesForDirec
|
|||
TrustedTypeName::TrustedScript,
|
||||
request->client()->global_object(),
|
||||
Utf16String::from_utf8(encoded_script_source),
|
||||
InjectionSink::Locationhref);
|
||||
InjectionSink::Location_href);
|
||||
|
||||
// If that algorithm threw an error or convertedScriptSource is not a TrustedScript object, return "Blocked" and abort further steps.
|
||||
if (converted_script_source.is_error() || !converted_script_source.value().has_value())
|
||||
|
|
|
|||
|
|
@ -305,10 +305,10 @@ Optional<TrustedTypeData> get_trusted_type_data_for_attribute(Utf16String const&
|
|||
// 2. If attributeNs is null, and attribute is the name of an event handler content attribute, then:
|
||||
if (!attribute_ns.has_value()) {
|
||||
#undef __ENUMERATE
|
||||
#define __ENUMERATE(attribute_name, event_name) \
|
||||
if (attribute == HTML::AttributeNames::attribute_name) { \
|
||||
/* 1. Return (Element, null, attribute, TrustedScript, "Element " + attribute). */ \
|
||||
return TrustedTypeData { "Element"_utf16, {}, attribute.to_utf8(), TrustedTypeName::TrustedScript, InjectionSink::Element##attribute_name }; \
|
||||
#define __ENUMERATE(attribute_name, event_name) \
|
||||
if (attribute == HTML::AttributeNames::attribute_name) { \
|
||||
/* 1. Return (Element, null, attribute, TrustedScript, "Element " + attribute). */ \
|
||||
return TrustedTypeData { "Element"_utf16, {}, attribute.to_utf8(), TrustedTypeName::TrustedScript, InjectionSink::Element_##attribute_name }; \
|
||||
}
|
||||
ENUMERATE_GLOBAL_EVENT_HANDLERS(__ENUMERATE)
|
||||
ENUMERATE_WINDOW_EVENT_HANDLERS(__ENUMERATE)
|
||||
|
|
@ -316,10 +316,10 @@ Optional<TrustedTypeData> get_trusted_type_data_for_attribute(Utf16String const&
|
|||
}
|
||||
|
||||
static Vector<TrustedTypeData> const table {
|
||||
{ "HTMLIFrameElement"_utf16, {}, HTML::AttributeNames::srcdoc, TrustedTypeName::TrustedHTML, InjectionSink::HTMLIFrameElementsrcdoc },
|
||||
{ "HTMLScriptElement"_utf16, {}, HTML::AttributeNames::src, TrustedTypeName::TrustedScriptURL, InjectionSink::HTMLScriptElementsrc },
|
||||
{ "SVGScriptElement"_utf16, {}, HTML::AttributeNames::href, TrustedTypeName::TrustedScriptURL, InjectionSink::SVGScriptElementhref },
|
||||
{ "SVGScriptElement"_utf16, Utf16String::from_utf8(Namespace::XLink), HTML::AttributeNames::href, TrustedTypeName::TrustedScriptURL, InjectionSink::SVGScriptElementhref },
|
||||
{ "HTMLIFrameElement"_utf16, {}, HTML::AttributeNames::srcdoc, TrustedTypeName::TrustedHTML, InjectionSink::HTMLIFrameElement_srcdoc },
|
||||
{ "HTMLScriptElement"_utf16, {}, HTML::AttributeNames::src, TrustedTypeName::TrustedScriptURL, InjectionSink::HTMLScriptElement_src },
|
||||
{ "SVGScriptElement"_utf16, {}, HTML::AttributeNames::href, TrustedTypeName::TrustedScriptURL, InjectionSink::SVGScriptElement_href },
|
||||
{ "SVGScriptElement"_utf16, Utf16String::from_utf8(Namespace::XLink), HTML::AttributeNames::href, TrustedTypeName::TrustedScriptURL, InjectionSink::SVGScriptElement_href },
|
||||
};
|
||||
|
||||
// 3. Find the row in the following table, where element is in the first column, attributeNs is in the second column,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue