[Trusted Types] Remove Trusted Types' Origin Trial

Reason for removal: Origin Trials are time-limited,
and this one has run out. We're removing the trial itself,
as well as the test that tested feature initialization
when performed via an origin trial token (977099).

Bug: 739170

Change-Id: Ibfdf902c9125fe58111de82b48622f45db60c9b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1827285
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#705093}

chrome/test/BUILD.gn

@@ -1365,7 +1365,6 @@ if (!is_android) {
       "origin_policy/origin_policy_browsertest.cc",
       "ppapi/ppapi_browsertest.cc",
       "ppapi/ppapi_filechooser_browsertest.cc",
-      "trustedtypes/trusted_types_browsertest.cc",
       "v8/wasm_trap_handler_browsertest.cc",
     ]
 

chrome/test/trustedtypes/trusted_types_browsertest.cc

-// Copyright 2019 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/strings/string_util.h"
-#include "base/strings/utf_string_conversions.h"
-#include "base/test/scoped_feature_list.h"
-#include "chrome/common/chrome_switches.h"
-#include "chrome/test/base/in_process_browser_test.h"
-#include "chrome/test/base/ui_test_utils.h"
-#include "content/public/common/content_features.h"
-#include "net/http/http_status_code.h"
-#include "net/test/embedded_test_server/embedded_test_server.h"
-#include "net/test/embedded_test_server/http_request.h"
-#include "net/test/embedded_test_server/http_response.h"
-
-namespace {
-// Origin Trial tokens are bound to a specific origin (incl. port), so we need
-// to force our test server to run on the same port that the test token has
-// been generated for.
-const int kServerPort = 54321;
-
-// We (thankfully) cannot generate origin trial tokens with the production key
-// There is an origin trial 'test key' is documented of sorts, but does not
-// have a standard API.
-// Ref: docs/origin_trials_integration.md
-// Ref: src/third_party/blink/common/origin_trials/trial_token_unittest.cc
-constexpr char kOriginTrialTestPublicKey[] =
-    "dRCs+TocuKkocNKa0AtZ4awrt9XKH2SQCI6o4FY6BNA=";
-
-// Origin Trial Token for TrustedDOMTypes generated with:
-// $ tools/origin_trials/generate_token.py  \
-//     https://127.0.0.1:54321/  \
-//     "TrustedDOMTypes"  \
-//     --expire-timestamp=2000000000
-// (Token will expire ca. ~2033. See content/test/data/origin_trials/basic.html)
-constexpr char kOriginTrialToken[] =
-    "AnRnI2yGt1XQTaKUvbAQ8nRas1bXSDIWwfjeEaDKtXvHgid7wigd4IMm4DkBWsFWM+"
-    "Cww0rgYOpQpBWPBPN8xQwAAABZeyJvcmlnaW4iOiAiaHR0cHM6Ly8xMjcuMC4wLjE6NTQzMjEi"
-    "LCAiZmVhdHVyZSI6ICJUcnVzdGVkRE9NVHlwZXMiLCAiZXhwaXJ5IjogMjAwMDAwMDAwMH0=";
-constexpr char kTrustedTypesCSP[] = "trusted-types *";
-constexpr char kDefaultResponseTemplate[] = R"(
-<html>
-<head>
-  <title>(starting)</title>
-  META
-  <script id="target"></script>
-  <script>
-    const tt_available = window.TrustedTypes ? "enabled" : "disabled";
-    const target = document.getElementById("target");
-    let tt_enforced = "dont know yet";
-    try {
-      target.textContent = "2+2;";
-      tt_enforced = "ignored";
-    } catch (e) {
-      tt_enforced = "enforced";
-    }
-    document.title = `Trusted Types: ${tt_available} and ${tt_enforced}`;
-  </script>
-</head>
-<body>
-  <p>Hello World!</p>
-  <p>This test sets the document title.</p>
-</body>
-</html>
-)";
-
-// The expected test page titles when Trusted Types are disabled or enabled:
-constexpr char kTitleEnabled[] = "Trusted Types: enabled and enforced";
-constexpr char kTitleDisabled[] = "Trusted Types: disabled and ignored";
-constexpr char kTitleAvailable[] = "Trusted Types: enabled and ignored";
-
-// Generate a test response, based on kDefaultResponseTemplate.
-// If the request path contains:
-// - "otheader"/"otmeta": Put Origin Trial in header/<meta> element.
-//   (Use the token from kOriginTrialToken.)
-// - "cspheader"/"cspmeta": Put CSP into header/<meta> element.
-//   (Use the CSP from kTrustedTypesCSP.
-// Return 404 for all paths not ending in ".html".
-std::unique_ptr<net::test_server::HttpResponse> TrustedTypesTestHandler(
-    const net::test_server::HttpRequest& request) {
-  std::unique_ptr<net::test_server::BasicHttpResponse> response =
-      std::make_unique<net::test_server::BasicHttpResponse>();
-  std::string url = request.GetURL().spec();
-  if (!base::EndsWith(url, ".html", base::CompareCase::SENSITIVE)) {
-    response->set_code(net::HTTP_NOT_FOUND);
-    return response;
-  }
-
-  std::string meta;
-  if (url.find("otheader") != std::string::npos) {
-    response->AddCustomHeader("origin-trial", kOriginTrialToken);
-  } else if (url.find("otmeta") != std::string::npos) {
-    meta.append(std::string() + R"(<meta http-equiv="origin-trial" content=")" +
-                kOriginTrialToken + R"(">)");
-  }
-  if (url.find("cspheader") != std::string::npos) {
-    response->AddCustomHeader("Content-Security-Policy", kTrustedTypesCSP);
-  } else if (url.find("cspmeta") != std::string::npos) {
-    meta.append(std::string() +
-                R"(<meta http-equiv="Content-Security-Policy" content=")" +
-                kTrustedTypesCSP + R"(">)");
-  }
-
-  std::string contents = kDefaultResponseTemplate;
-  base::ReplaceFirstSubstringAfterOffset(&contents, 0, "META", meta);
-  response->set_content(contents);
-  response->set_content_type("text/html");
-  response->set_code(net::HTTP_OK);
-  return response;
-}
-
-}  // namespace
-
-// TrustedTypesBrowserTest tests activation of Trusted Types via CSP and Origin
-// Trial. (The tests for the actual TT functionality are found in
-// external/wpt/trusted-types/*.)
-class TrustedTypesBrowserTest : public InProcessBrowserTest {
- public:
-  TrustedTypesBrowserTest() = default;
-  ~TrustedTypesBrowserTest() override = default;
-
-  void SetUpInProcessBrowserTestFixture() override {
-    server_ = std::make_unique<net::test_server::EmbeddedTestServer>(
-        net::test_server::EmbeddedTestServer::TYPE_HTTPS);
-    server_->RegisterRequestHandler(base::Bind(&TrustedTypesTestHandler));
-    EXPECT_TRUE(server()->Start(kServerPort));
-  }
-
-  void TearDownInProcessBrowserTestFixture() override { server_.reset(); }
-
-  net::test_server::EmbeddedTestServer* server() { return server_.get(); }
-
-  base::string16 NavigateToAndReturnTitle(const char* url) {
-    EXPECT_TRUE(server());
-    ui_test_utils::NavigateToURL(browser(), GURL(server()->GetURL(url)));
-    base::string16 title;
-    ui_test_utils::GetCurrentTabTitle(browser(), &title);
-    return title;
-  }
-
-  void SetUpDefaultCommandLine(base::CommandLine* command_line) override {
-    InProcessBrowserTest::SetUpDefaultCommandLine(command_line);
-    command_line->AppendSwitchASCII(switches::kOriginTrialPublicKey,
-                                    kOriginTrialTestPublicKey);
-  }
-
-  void SetUp() override {
-    // We need to explicitly disable the feature, so that our test cases can
-    // verify whether enabling it actually works.
-    feature_list_.InitAndDisableFeature(features::kTrustedDOMTypes);
-    InProcessBrowserTest::SetUp();
-  }
-
- private:
-  std::unique_ptr<net::test_server::EmbeddedTestServer> server_;
-  base::test::ScopedFeatureList feature_list_;
-
-  DISALLOW_COPY_AND_ASSIGN(TrustedTypesBrowserTest);
-};
-
-// Our test cases are effectively a 3x3 matrix of origin trial token (absent|in
-// header|in <meta>) and content security policy (absent|in header|in <meta>).
-// The test fixture will generate the appropriate page based on the URL path.
-
-// crbug.com/1003738: Mark tests as MANUAL until that issue is fixed.
-// (See: BrowserTestBase::ShouldSkipManualTests)
-
-IN_PROC_BROWSER_TEST_F(TrustedTypesBrowserTest, MANUAL_PagePlain) {
-  EXPECT_EQ(base::ASCIIToUTF16(kTitleDisabled),
-            NavigateToAndReturnTitle("/page.html"));
-}
-
-IN_PROC_BROWSER_TEST_F(TrustedTypesBrowserTest, MANUAL_PageWithTokenInHeader) {
-  EXPECT_EQ(base::ASCIIToUTF16(kTitleAvailable),
-            NavigateToAndReturnTitle("/page-otheader.html"));
-}
-
-IN_PROC_BROWSER_TEST_F(TrustedTypesBrowserTest, MANUAL_PageWithTokenInMeta) {
-  EXPECT_EQ(base::ASCIIToUTF16(kTitleAvailable),
-            NavigateToAndReturnTitle("/page-otmeta.html"));
-}
-
-IN_PROC_BROWSER_TEST_F(TrustedTypesBrowserTest, MANUAL_PageWithCSPInHeaderX) {
-  EXPECT_EQ(base::ASCIIToUTF16(kTitleDisabled),
-            NavigateToAndReturnTitle("/page-cspheader.html"));
-}
-
-IN_PROC_BROWSER_TEST_F(TrustedTypesBrowserTest,
-                       MANUAL_PageWithCSPAndTokenInHeader) {
-  EXPECT_EQ(base::ASCIIToUTF16(kTitleEnabled),
-            NavigateToAndReturnTitle("/page-cspheader-otheader.html"));
-}
-
-IN_PROC_BROWSER_TEST_F(TrustedTypesBrowserTest,
-                       MANUAL_PageWithCSPInHeaderAndTokenInMeta) {
-  EXPECT_EQ(base::ASCIIToUTF16(kTitleEnabled),
-            NavigateToAndReturnTitle("/page-cspheader-otmeta.html"));
-}
-
-IN_PROC_BROWSER_TEST_F(TrustedTypesBrowserTest, MANUAL_PageWithCSPInMetaX) {
-  EXPECT_EQ(base::ASCIIToUTF16(kTitleDisabled),
-            NavigateToAndReturnTitle("/page-cspmeta.html"));
-}
-
-IN_PROC_BROWSER_TEST_F(TrustedTypesBrowserTest,
-                       MANUAL_PageWithCSPInMetaAndTokenInHeader) {
-  EXPECT_EQ(base::ASCIIToUTF16(kTitleEnabled),
-            NavigateToAndReturnTitle("/page-cspmeta-otheader.html"));
-}
-
-IN_PROC_BROWSER_TEST_F(TrustedTypesBrowserTest,
-                       MANUAL_PageWithCSPAndTokenInMeta) {
-  EXPECT_EQ(base::ASCIIToUTF16(kTitleEnabled),
-            NavigateToAndReturnTitle("/page-cspmeta-otmeta.html"));
-}

third_party/blink/renderer/platform/runtime_enabled_features.json5

@@ -1614,7 +1614,6 @@
     },
     {
       name: "TrustedDOMTypes",
-      origin_trial_feature_name: "TrustedDOMTypes",
       status: "experimental",
     },
     {

third_party/blink/web_tests/http/tests/origin_trials/webexposed/trusted-types-origin-trial.html

-<!DOCTYPE html>
-<meta charset="utf-8">
-<title>Trusted types - exposed by origin trial</title>
-<script src="../../../../resources/testharness.js"></script>
-<script src="../../../../resources/testharnessreport.js"></script>
-<script src="../../../../resources/origin-trials-helper.js"></script>
-
-<script>
-// Can only run this test if TrustedDOMTypes is not enabled via a Chrome flag.
-// That is only the case when running this in a virtual test suite (by default,
-// runtime enabled features are on for layout tests).
-// To run in virtual test suite:
-// tools/run_web_tests.py virtual/origin-trials-runtimeflags-disabled/http/tests/origin_trials/webexposed
-if (!self.internals.runtimeFlags.trustedDOMTypesEnabled) {
-  test(t => {
-    assert_not_own_property(window, 'TrustedTypes', 'TrustedTypes is defined on the window');
-  }, 'trusted types in Origin-Trial disabled document.');
-}
-
-// generated with command
-// tools/origin_trials/generate_token.py http://127.0.0.1:8000 TrustedDOMTypes --expire-timestamp=2000000000
-const token = 'AqXgC692H4wuaTLMJ0jzBazq/pN6WCvcllT60HwwZpdNy/vrnklJOcAL7D6wcSDL+FjyR16xxhbcTtB8Mc1Q4wMAAABXeyJvcmlnaW4iOiAiaHR0cDovLzEyNy4wLjAuMTo4MDAwIiwgImZlYXR1cmUiOiAiVHJ1c3RlZERPTVR5cGVzIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9';
-OriginTrialsHelper.add_token(token);
-test(t => {
-  assert_own_property(window, 'TrustedTypes', 'TrustedTypes is not defined on the window');
-  assert_own_property(window.TrustedTypes, 'createPolicy', 'createPolicy is not defined on TrustedTypes');
-}, 'trusted types in Origin-Trial enabled document.');
-</script>