diff options
Diffstat (limited to 'dom/security/trusted-types/TrustedTypePolicy.cpp')
-rw-r--r-- | dom/security/trusted-types/TrustedTypePolicy.cpp | 94 |
1 files changed, 77 insertions, 17 deletions
diff --git a/dom/security/trusted-types/TrustedTypePolicy.cpp b/dom/security/trusted-types/TrustedTypePolicy.cpp index 3c4e758ed0..62c58ae1f6 100644 --- a/dom/security/trusted-types/TrustedTypePolicy.cpp +++ b/dom/security/trusted-types/TrustedTypePolicy.cpp @@ -6,38 +6,98 @@ #include "mozilla/dom/TrustedTypePolicy.h" -#include "mozilla/AlreadyAddRefed.h" +#include "mozilla/dom/DOMString.h" #include "mozilla/dom/TrustedTypePolicyFactory.h" #include "mozilla/dom/TrustedTypesBinding.h" +#include <utility> + namespace mozilla::dom { -NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(TrustedTypePolicy, mParentObject) +NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(TrustedTypePolicy, mParentObject, + mOptions.mCreateHTMLCallback, + mOptions.mCreateScriptCallback, + mOptions.mCreateScriptURLCallback) + +TrustedTypePolicy::TrustedTypePolicy(TrustedTypePolicyFactory* aParentObject, + const nsAString& aName, Options&& aOptions) + : mParentObject{aParentObject}, + mName{aName}, + mOptions{std::move(aOptions)} {} JSObject* TrustedTypePolicy::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto) { return TrustedTypePolicy_Binding::Wrap(aCx, this, aGivenProto); } -UniquePtr<TrustedHTML> TrustedTypePolicy::CreateHTML( - JSContext* aJSContext, const nsAString& aInput, - const Sequence<JS::Value>& aArguments) const { - // TODO: implement the spec. - return MakeUnique<TrustedHTML>(); +void TrustedTypePolicy::GetName(DOMString& aResult) const { + aResult.SetKnownLiveString(mName); } -UniquePtr<TrustedScript> TrustedTypePolicy::CreateScript( - JSContext* aJSContext, const nsAString& aInput, - const Sequence<JS::Value>& aArguments) const { - // TODO: implement the spec. - return MakeUnique<TrustedScript>(); +#define IMPL_CREATE_TRUSTED_TYPE(_trustedTypeSuffix) \ + UniquePtr<Trusted##_trustedTypeSuffix> \ + TrustedTypePolicy::Create##_trustedTypeSuffix( \ + JSContext* aJSContext, const nsAString& aInput, \ + const Sequence<JS::Value>& aArguments, ErrorResult& aErrorResult) \ + const { \ + /* Invoking the callback could delete the policy and hence the callback. \ + * Hence keep a strong reference to it on the stack. \ + */ \ + RefPtr<Create##_trustedTypeSuffix##Callback> callbackObject = \ + mOptions.mCreate##_trustedTypeSuffix##Callback; \ + \ + return CreateTrustedType<Trusted##_trustedTypeSuffix>( \ + callbackObject, aInput, aArguments, aErrorResult); \ + } + +IMPL_CREATE_TRUSTED_TYPE(HTML) +IMPL_CREATE_TRUSTED_TYPE(Script) +IMPL_CREATE_TRUSTED_TYPE(ScriptURL) + +template <typename T, typename CallbackObject> +UniquePtr<T> TrustedTypePolicy::CreateTrustedType( + const RefPtr<CallbackObject>& aCallbackObject, const nsAString& aValue, + const Sequence<JS::Value>& aArguments, ErrorResult& aErrorResult) const { + nsString policyValue; + DetermineTrustedPolicyValue(aCallbackObject, aValue, aArguments, true, + aErrorResult, policyValue); + + if (aErrorResult.Failed()) { + return nullptr; + } + + UniquePtr<T> trustedObject = MakeUnique<T>(std::move(policyValue)); + + // TODO: add special handling for `TrustedScript` when default policy support + // is added. + + return trustedObject; } -UniquePtr<TrustedScriptURL> TrustedTypePolicy::CreateScriptURL( - JSContext* aJSContext, const nsAString& aInput, - const Sequence<JS::Value>& aArguments) const { - // TODO: implement the spec. - return MakeUnique<TrustedScriptURL>(); +template <typename CallbackObject> +void TrustedTypePolicy::DetermineTrustedPolicyValue( + const RefPtr<CallbackObject>& aCallbackObject, const nsAString& aValue, + const Sequence<JS::Value>& aArguments, bool aThrowIfMissing, + ErrorResult& aErrorResult, nsAString& aResult) const { + if (!aCallbackObject) { + // The spec lacks a definition for stringifying null, see + // <https://github.com/w3c/trusted-types/issues/469>. + aResult = EmptyString(); + + if (aThrowIfMissing) { + aErrorResult.ThrowTypeError("Function missing."); + } + + return; + } + + nsString callbackResult; + aCallbackObject->Call(aValue, aArguments, callbackResult, aErrorResult, + nullptr, CallbackObject::eRethrowExceptions); + + if (!aErrorResult.Failed()) { + aResult = std::move(callbackResult); + } } } // namespace mozilla::dom |