Create Trusted Type policy for parse_html_subset.js

This change adds Trusted Type policy for parse_html_subset.js, so that sanitization happens without a Trusted Types violation. Bug: 41905 Change-Id: I545d1a7a28b22d56f5c4539a3c20923ab26d6d58 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2215701 Commit-Queue: Jun Kokatsu <Jun.Kokatsu@microsoft.com> Reviewed-by: dpapad <dpapad@chromium.org> Cr-Commit-Position: refs/heads/master@{#775252}

Create Trusted Type policy for parse_html_subset.js
This change adds Trusted Type policy for parse_html_subset.js, so that sanitization happens without a Trusted Types violation. Bug: 41905 Change-Id: I545d1a7a28b22d56f5c4539a3c20923ab26d6d58 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2215701 Commit-Queue: Jun Kokatsu <Jun.Kokatsu@microsoft.com> Reviewed-by: dpapad <dpapad@chromium.org> Cr-Commit-Position: refs/heads/master@{#775252}
32bf6be7 · Jun Kokatsu · Commit Bot · 2bd7fe6b · 32bf6be7 · 32bf6be7
Commit 32bf6be7 authored Jun 04, 2020 by Jun Kokatsu Committed by Commit Bot Jun 04, 2020
4 changed files
--- a/chrome/browser/ui/webui/chrome_url_data_manager_browsertest.cc
+++ b/chrome/browser/ui/webui/chrome_url_data_manager_browsertest.cc
@@ -413,3 +413,82 @@ IN_PROC_BROWSER_TEST_F(
    NoTrustedTypesViolationInCrashes) {
  CheckTrustedTypesViolation("chrome://crashes");
 }
+
+// Verify that there's no Trusted Types violation in chrome://omnibox
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInOmnibox) {
+  CheckTrustedTypesViolation("chrome://omnibox");
+}
+
+// Verify that there's no Trusted Types violation in chrome://network-errors
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInNetworkErrors) {
+  CheckTrustedTypesViolation("chrome://network-errors");
+}
+
+// Verify that there's no Trusted Types violation in chrome://cryptohome
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInCryptoHome) {
+  CheckTrustedTypesViolation("chrome://cryptohome");
+}
+
+// Verify that there's no Trusted Types violation in chrome://drive-internals
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInDriveInternals) {
+  CheckTrustedTypesViolation("chrome://drive-internals");
+}
+
+// Verify that there's no Trusted Types violation in chrome://first-run
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInFirstRun) {
+  CheckTrustedTypesViolation("chrome://first-run");
+}
+
+// Verify that there's no Trusted Types violation in
+// chrome://machine-learning-internals
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInMachineLearningInternals) {
+  CheckTrustedTypesViolation("chrome://machine-learning-internals");
+}
+
+// Verify that there's no Trusted Types violation in chrome://power
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInPower) {
+  CheckTrustedTypesViolation("chrome://power");
+}
+
+// Verify that there's no Trusted Types violation in
+// chrome://explore-sites-internals
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInExploreSitesInternals) {
+  CheckTrustedTypesViolation("chrome://explore-sites-internals");
+}
+
+// Verify that there's no Trusted Types violation in chrome://snippets-internals
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInSnippetsInternals) {
+  CheckTrustedTypesViolation("chrome://snippets-internals");
+}
+
+// Verify that there's no Trusted Types violation in chrome://webapks
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInWebapks) {
+  CheckTrustedTypesViolation("chrome://webapks");
+}
+
+// Verify that there's no Trusted Types violation in chrome://linux-proxy-config
+IN_PROC_BROWSER_TEST_F(
+    ChromeURLDataManagerTestWithWebUIReportOnlyTrustedTypesEnabled,
+    NoTrustedTypesViolationInLinuxProxyConfig) {
+  CheckTrustedTypesViolation("chrome://linux-proxy-config");
+}
--- a/chrome/test/data/webui/js/parse_html_subset_trusted_types_test.js
+++ b/chrome/test/data/webui/js/parse_html_subset_trusted_types_test.js
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+import {parseHtmlSubset} from 'chrome://resources/js/parse_html_subset.m.js';
+import {assertNotReached} from '../chai_assert.js';
+
+suite('ParseHtmlSubsetTrustedTypesTest', function() {
+  test('parseHtmlSubset won\'t cause Trusted Types violation', () => {
+    const meta = document.createElement('meta');
+    meta.httpEquiv = 'content-security-policy';
+    meta.content = 'require-trusted-types-for \'script\';';
+    document.head.appendChild(meta);
+
+    try {
+      parseHtmlSubset('<b>bold</b>');
+    } catch (e) {
+      assertNotReached('Trusted Types violation detected');
+    }
+  });
+});
\ No newline at end of file
--- a/chrome/test/data/webui/js/webui_resource_module_async_browsertest.js
+++ b/chrome/test/data/webui/js/webui_resource_module_async_browsertest.js
@@ -75,6 +75,18 @@ TEST_F('ParseHtmlSubsetModuleTest', 'All', function() {
  mocha.run();
 });

+var ParseHtmlSubsetTrustedTypesTest =
+    class extends WebUIResourceModuleAsyncTest {
+  /** @override */
+  get browsePreload() {
+    return 'chrome://test?module=js/parse_html_subset_trusted_types_test.js';
+  }
+};
+
+TEST_F('ParseHtmlSubsetTrustedTypesTest', 'All', function() {
+  mocha.run();
+});
+
 var UtilModuleTest = class extends WebUIResourceModuleAsyncTest {
  /** @override */
  get browsePreload() {

--- a/ui/webui/resources/js/parse_html_subset.js
+++ b/ui/webui/resources/js/parse_html_subset.js
@@ -35,6 +35,24 @@
   */
  const allowedTags = ['A', 'B', 'SPAN', 'STRONG'];

+  /**
+   * This is used to create TrustedHTML.
+   *
+   * @type {TrustedTypePolicy|undefined}
+   */
+  let untrustedHTMLPolicy;
+  if (window.trustedTypes) {
+    untrustedHTMLPolicy = trustedTypes.createPolicy('parse-html-subset', {
+      createHTML: untrustedHTML => {
+        // This is safe because the untrusted HTML will be sanitized
+        // later in this function. We are adding this so that
+        // the sanitization will not cause a Trusted Types violation.
+        // TODO(crbug.com/1086318): Improve parseHtmlSubset sanitizer
+        return untrustedHTML;
+      },
+    });
+  }
+
  /** @param {...Object} var_args Objects to merge. */
  function merge(var_args) {
    const clone = {};
@@ -81,6 +99,11 @@
    const doc = document.implementation.createHTMLDocument('');
    const r = doc.createRange();
    r.selectNode(doc.body);
+
+    if (window.trustedTypes) {
+      s = untrustedHTMLPolicy.createHTML(s);
+    }
+
    // This does not execute any scripts because the document has no view.
    const df = r.createContextualFragment(s);
    walk(df, function(node) {