Skip to content

Commit

Permalink
Update Trusted Types enforcement for document.write/writeln
Browse files Browse the repository at this point in the history 
This changes from using HTMLString to a TrustedHTML or DOMString union.

This also changes the timing of the default policy call.
  • Loading branch information
@lukewarlow
lukewarlow committed May 7, 2024
1 parent b3fa80d commit 424f608
Showing 1 changed file with 99 additions and 9 deletions.
108 changes: 99 additions & 9 deletions source
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4608,7 +4608,10 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
<ul class="brief">
<li><dfn data-x="tt-htmlstring" data-x-href="https://w3c.github.io/trusted-types/dist/spec/#typedefdef-htmlstring"><code>HTMLString</code></dfn></li>
<li><dfn data-x="tt-scripturlstring" data-x-href="https://w3c.github.io/trusted-types/dist/spec/#typedefdef-scripturlstring"><code>ScriptURLString</code></dfn></li>
</ul>
<li><dfn data-x="tt-trustedhtml" data-x-href="https://w3c.github.io/trusted-types/dist/spec/#trustedhtml"><code>TrustedHTML</code></dfn></li>
<li><dfn data-x="tt-trustedhtml-data" data-x-href="https://w3c.github.io/trusted-types/dist/spec/#trustedhtml-data">data</dfn></li>
<li><dfn data-x="tt-getcompliantstring" data-x-href="https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-compliant-string-algorithm">Get Trusted Type compliant string</dfn></li>
</ul>
</dd>
</dl>

Expand Down Expand Up @@ -10694,8 +10697,8 @@ partial interface <dfn id="document" data-lt="">Document</dfn> {
[<span>CEReactions</span>] <span>Document</span> <span data-x="dom-document-open">open</span>(optional DOMString unused1, optional DOMString unused2); // both arguments are <a href="#dom-document-open-unused-arguments">ignored</a>
<span>WindowProxy</span>? <span data-x="dom-document-open-window">open</span>(USVString url, DOMString name, DOMString features);
[<span>CEReactions</span>] undefined <span data-x="dom-document-close">close</span>();
[<span>CEReactions</span>] undefined <span data-x="dom-document-write">write</span>(<span data-x="tt-htmlstring">HTMLString</span>... text);
[<span>CEReactions</span>] undefined <span data-x="dom-document-writeln">writeln</span>(<span data-x="tt-htmlstring">HTMLString</span>... text);
[<span>CEReactions</span>] undefined <span data-x="dom-document-write">write</span>((<code data-x="tt-trustedhtml">TrustedHTML</code> or DOMString)... text);
[<span>CEReactions</span>] undefined <span data-x="dom-document-writeln">writeln</span>((<code data-x="tt-trustedhtml">TrustedHTML</code> or DOMString)... text);

// <span>user interaction</span>
readonly attribute <span>WindowProxy</span>? <span data-x="dom-document-defaultView">defaultView</span>;
Expand Down Expand Up @@ -112309,9 +112312,51 @@ document.body.appendChild(frame)</code></pre>
</ol>

<p>The <dfn method for="Document"><code
data-x="dom-document-write">document.write(...)</code></dfn> method steps are to run the
<span>document write steps</span> with <span>this</span> and a string that is the concatenation
of all arguments passed.</p>
data-x="dom-document-write">document.write(...<var>text</var>)</code></dfn> method steps are:</p>

<ol>
<li><p>Let <var>string</var> be the empty string.</p></li>

<li><p>Let <var>isTrusted</var> be true.</p></li>

<li>
<p><span data-x="list iterate">For each</span> <var>value</var> in <var>text</var>:</p>
<ol>
<li>
<p>If <var>value</var> is a <code data-x="tt-trustedhtml">TrustedHTML</code> object:</p>

<ol>
<li><p>Append <var>value</var>'s associated <span data-x="tt-trustedhtml-data">data</span>
to <var>string</var>.</p></li>
</ol>
</li>

<li>
<p>Otherwise:

<ol>
<li><p>Set <var>isTrusted</var> to false.</p></li>

<li><p>Append <var>value</var> to <var>string</var>.</p></li>
</ol>
</li>
</ol>
</li>

<li>
<p>If <var>isTrusted</var> is false:</p>

<ol>
<li><p>Set <var>string</var> to the result of invoking the <span
data-x="tt-getcompliantstring">Get Trusted Type compliant string</span> algorithm with <code
data-x="tt-trustedhtml">TrustedHTML</code>, <span>this</span>'s <span>relevant global
object</span>, <var>string</var>, and <code data-x="">"Document write"</code>.</p></li>
</ol>
</li>

<li><p>Run the <span>document write steps</span> with <span>this</span> and
<var>string</var>.</p></li>
</ol>

</div>

Expand Down Expand Up @@ -112340,9 +112385,54 @@ document.body.appendChild(frame)</code></pre>
<div w-nodev>

<p>The <dfn method for="Document"><code
data-x="dom-document-writeln">document.writeln(...)</code></dfn> method steps are to run the
<span>document write steps</span> with <span>this</span> and a string that is the concatenation
of all arguments passed and U+000A LINE FEED.</p>
data-x="dom-document-writeln">document.writeln(...<var>text</var>)</code></dfn> method steps
are:</p>

<ol>
<li><p>Let <var>string</var> be the empty string.</p></li>

<li><p>Let <var>isTrusted</var> be true.</p></li>

<li>
<p><span data-x="list iterate">For each</span> <var>value</var> in <var>text</var>:</p>
<ol>
<li>
<p>If <var>value</var> is a <code data-x="tt-trustedhtml">TrustedHTML</code> object:</p>

<ol>
<li><p>Append <var>value</var>'s associated <span data-x="tt-trustedhtml-data">data</span>
to <var>string</var>.</p></li>
</ol>
</li>

<li>
<p>Otherwise:

<ol>
<li><p>Set <var>isTrusted</var> to false.</p></li>

<li><p>Append <var>value</var> to <var>string</var>.</p></li>
</ol>
</li>
</ol>
</li>

<li>
<p>If <var>isTrusted</var> is false:</p>

<ol>
<li><p>Set <var>string</var> to the result of invoking the <span
data-x="tt-getcompliantstring">Get Trusted Type compliant string</span> algorithm with <code
data-x="tt-trustedhtml">TrustedHTML</code>, <span>this</span>'s <span>relevant global
object</span>, <var>string</var>, and <code data-x="">"Document writeln"</code>.</p></li>
</ol>
</li>

<li><p>Append U+000A LINE FEED to <var>string</var></p></li>

<li><p>Run the <span>document write steps</span> with <span>this</span> and
<var>string</var>.</p></li>
</ol>

</div>

Expand Down

0 comments on commit 424f608

Please sign in to comment.