[Trusted Types] Change violation resource to trusted-types-sink.

Following updates in the spec, see https://w3c.github.io/webappsec-trusted-types/dist/spec/#should-block-sink-type-mismatch. Change-Id: Ia3622696068aaaa74cca7c1e08e475edd6b75016 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1829382 Commit-Queue: Stefano Sanfilippo <ssanfilippo@chromium.org> Reviewed-by: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#701109}

[Trusted Types] Change violation resource to trusted-types-sink.
Following updates in the spec, see https://w3c.github.io/webappsec-trusted-types/dist/spec/#should-block-sink-type-mismatch. Change-Id: Ia3622696068aaaa74cca7c1e08e475edd6b75016 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1829382 Commit-Queue: Stefano Sanfilippo <ssanfilippo@chromium.org> Reviewed-by: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#701109}
01ffae85 · Stefano Sanfilippo · Commit Bot · e16dd84b · 01ffae85 · 01ffae85
Commit 01ffae85 authored Sep 30, 2019 by Stefano Sanfilippo Committed by Commit Bot Sep 30, 2019
4 changed files
--- a/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
+++ b/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
@@ -947,8 +947,8 @@ static void GatherSecurityPolicyViolationEventData(
            StripURLForUseInReport(delegate->GetSecurityOrigin(), blocked_url,
                                   redirect_status, effective_type));
        break;
-      case ContentSecurityPolicy::kTrustedTypesViolation:
-        init->setBlockedURI("trusted-types");
+      case ContentSecurityPolicy::kTrustedTypesSinkViolation:
+        init->setBlockedURI("trusted-types-sink");
        break;
      case ContentSecurityPolicy::kTrustedTypesPolicyViolation:
        init->setBlockedURI("trusted-types-policy");

--- a/third_party/blink/renderer/core/frame/csp/content_security_policy.h
+++ b/third_party/blink/renderer/core/frame/csp/content_security_policy.h
@@ -144,7 +144,7 @@ class CORE_EXPORT ContentSecurityPolicy final
    kInlineViolation,
    kEvalViolation,
    kURLViolation,
-    kTrustedTypesViolation,
+    kTrustedTypesSinkViolation,
    kTrustedTypesPolicyViolation
  };


--- a/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc
+++ b/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc
@@ -337,7 +337,7 @@ bool CSPDirectiveList::AllowTrustedTypeAssignmentFailure(
                      ContentSecurityPolicy::DirectiveType::kTrustedTypes),
                  ContentSecurityPolicy::DirectiveType::kTrustedTypes, message,
                  KURL(), RedirectStatus::kFollowedRedirect,
-                  ContentSecurityPolicy::kTrustedTypesViolation, sample);
+                  ContentSecurityPolicy::kTrustedTypesSinkViolation, sample);
  return IsReportOnly();
 }


--- a/third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-reporting.tentative.https.html
+++ b/third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-reporting.tentative.https.html
@@ -68,7 +68,7 @@

  function expect_blocked_uri(s) { return e => {
    assert_true(e.blockedURI === s,
-                `expected "${e.blockedUri}" to be "${s}".`);
+                `expected "${e.blockedURI}" to be "${s}".`);
    return e;
  } }

@@ -154,6 +154,7 @@
  promise_test(t => {
    let p = Promise.resolve()
        .then(promise_violation("trusted-types two"))
+        .then(expect_blocked_uri("trusted-types-sink"))
        .then(expect_sample("Element.innerHTML"))
        .then(expect_sample("abc"));
    expect_throws(_ => { document.getElementById("div").innerHTML = "abc" });
@@ -163,6 +164,7 @@
  promise_test(t => {
    let p = Promise.resolve()
        .then(promise_violation("trusted-types two"))
+        .then(expect_blocked_uri("trusted-types-sink"))
        .then(expect_sample("HTMLAnchorElement.href"));
      expect_throws(_ => { document.getElementById("anchor").href = "" });
    return p;
@@ -171,6 +173,7 @@
  promise_test(t => {
    let p = Promise.resolve()
        .then(promise_violation("trusted-types two"))
+        .then(expect_blocked_uri("trusted-types-sink"))
        .then(expect_sample("HTMLElement.innerText"))
        .then(expect_sample("2+2;"));
    expect_throws(_ => document.getElementById("script").innerText = "2+2;");
@@ -180,6 +183,7 @@
  promise_test(t => {
    let p = Promise.resolve()
        .then(promise_violation("trusted-types one"))
+        .then(expect_blocked_uri("trusted-types-sink"))
        .then(expect_sample("eval"))
        .then(expect_sample("2+2"))
        .then(promise_flush());
@@ -193,6 +197,7 @@
    // start of the value, but it should not be excessively long.
    let p = Promise.resolve()
        .then(promise_violation("trusted-types two"))
+        .then(expect_blocked_uri("trusted-types-sink"))
        .then(expect_sample("HTMLElement.innerText"))
        .then(expect_sample("abbb"))
        .then(e => assert_less_than(e.sample.length, 150));
@@ -211,6 +216,7 @@
    promise_test(t => {
      let p = Promise.resolve()
          .then(promise_violation("trusted-types one"))
+          .then(expect_blocked_uri("trusted-types-sink"))
          .then(expect_sample("HTMLAnchorElement.href"))
          .then(expect_sample("abc"));
      expect_throws(_ => document.getElementById("customlink").href = "abc");