Introduce feature policy: document-stream-insertion

This CL introduces a new experimental feature 'document-stream-insertion' whose purpose is to limit the usage of specific (anti-pattern) javascript API for "dynamic markup insertion". The list of javascript methods to be blocked by this feature are: document.{write, writeln, open, close}. The set of disabled APIs is a subset of "dynamic-markup-insertion" from HTML spec: https://dev.w3.org/html5/spec-LC/apis-in-html-documents.html#dynamic-markup-insertion https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dynamic-markup-insertion Bug: 841605 Change-Id: I9cc31fab36e2cea70cdce575e3868ce1d0cfecfa Reviewed-on: https://chromium-review.googlesource.com/1053349Reviewed-by: Ehsan Karamad <ekaramad@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Ojan Vafai <ojan@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Commit-Queue: Ehsan Karamad <ekaramad@chromium.org> Cr-Commit-Position: refs/heads/master@{#558847}

Introduce feature policy: document-stream-insertion
This CL introduces a new experimental feature 'document-stream-insertion' whose purpose is to limit the usage of specific (anti-pattern) javascript API for "dynamic markup insertion". The list of javascript methods to be blocked by this feature are: document.{write, writeln, open, close}. The set of disabled APIs is a subset of "dynamic-markup-insertion" from HTML spec: https://dev.w3.org/html5/spec-LC/apis-in-html-documents.html#dynamic-markup-insertion https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dynamic-markup-insertion Bug: 841605 Change-Id: I9cc31fab36e2cea70cdce575e3868ce1d0cfecfa Reviewed-on: https://chromium-review.googlesource.com/1053349Reviewed-by: Ehsan Karamad <ekaramad@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Ojan Vafai <ojan@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Commit-Queue: Ehsan Karamad <ekaramad@chromium.org> Cr-Commit-Position: refs/heads/master@{#558847}
3f197642 · Ehsan Karamad · Commit Bot · 39bd6b8f · 3f197642 · 3f197642
Commit 3f197642 authored May 15, 2018 by Ehsan Karamad Committed by Commit Bot May 15, 2018
4 changed files
--- a/content/browser/frame_host/render_frame_host_feature_policy_unittest.cc
+++ b/content/browser/frame_host/render_frame_host_feature_policy_unittest.cc
@@ -30,7 +30,7 @@ class RenderFrameHostFeaturePolicyTest
  static constexpr const char* kOrigin4 = "https://test.com";
  static const blink::mojom::FeaturePolicyFeature kDefaultEnabledFeature =
-      blink::mojom::FeaturePolicyFeature::kDocumentWrite;
+      blink::mojom::FeaturePolicyFeature::kDocumentStreamInsertion;
  static const blink::mojom::FeaturePolicyFeature kDefaultSelfFeature =
      blink::mojom::FeaturePolicyFeature::kGeolocation;

--- a/third_party/blink/common/feature_policy/feature_policy.cc
+++ b/third_party/blink/common/feature_policy/feature_policy.cc
@@ -251,7 +251,8 @@ void FeaturePolicy::AddContainerPolicy(
 // See third_party/blink/public/common/feature_policy/feature_policy.h for
 // status of each feature (in spec, implemented, etc).
 const FeaturePolicy::FeatureList& FeaturePolicy::GetDefaultFeatureList() {
-  CR_DEFINE_STATIC_LOCAL(FeatureList, default_feature_list,
+  CR_DEFINE_STATIC_LOCAL(
+      FeatureList, default_feature_list,
      ({{mojom::FeaturePolicyFeature::kAutoplay,
         FeaturePolicy::FeatureDefault::EnableForSelf},
        {mojom::FeaturePolicyFeature::kCamera,
@@ -274,8 +275,6 @@ const FeaturePolicy::FeatureList& FeaturePolicy::GetDefaultFeatureList() {
         FeaturePolicy::FeatureDefault::EnableForAll},
        {mojom::FeaturePolicyFeature::kDocumentDomain,
         FeaturePolicy::FeatureDefault::EnableForAll},
-                           {mojom::FeaturePolicyFeature::kDocumentWrite,
-                            FeaturePolicy::FeatureDefault::EnableForAll},
        {mojom::FeaturePolicyFeature::kSyncScript,
         FeaturePolicy::FeatureDefault::EnableForAll},
        {mojom::FeaturePolicyFeature::kSyncXHR,
@@ -305,6 +304,8 @@ const FeaturePolicy::FeatureList& FeaturePolicy::GetDefaultFeatureList() {
        {mojom::FeaturePolicyFeature::kPictureInPicture,
         FeaturePolicy::FeatureDefault::EnableForAll},
        {mojom::FeaturePolicyFeature::kVerticalScroll,
+         FeaturePolicy::FeatureDefault::EnableForAll},
+        {mojom::FeaturePolicyFeature::kDocumentStreamInsertion,
         FeaturePolicy::FeatureDefault::EnableForAll}}));
  return default_feature_list;
 }

--- a/third_party/blink/public/mojom/feature_policy/feature_policy.mojom
+++ b/third_party/blink/public/mojom/feature_policy/feature_policy.mojom
@@ -58,8 +58,6 @@ enum FeaturePolicyFeature {
  kDocumentCookie,
  // Contols access to document.domain attribute.
  kDocumentDomain,
-  // Controls access to document.write and document.writeln methods.
-  kDocumentWrite,
  // Controls whether synchronous script elements will run.
  kSyncScript,
  // Controls use of synchronous XMLHTTPRequest API.
@@ -90,6 +88,10 @@ enum FeaturePolicyFeature {
  kPictureInPicture,
  // Controls the ability to block and interfere with vertical scrolling.
  kVerticalScroll,
+  // Controls the ability of the document to use several dynamic markup API
+  // which interfere with document's input stream (document.write(),
+  // document.close(), etc.).
+  kDocumentStreamInsertion,
 };
 // This struct holds feature policy whitelist data that needs to be replicated

--- a/third_party/blink/renderer/platform/feature_policy/feature_policy.cc
+++ b/third_party/blink/renderer/platform/feature_policy/feature_policy.cc
@@ -152,6 +152,7 @@ bool IsSupportedInFeaturePolicy(mojom::FeaturePolicyFeature feature) {
    case mojom::FeaturePolicyFeature::kVerticalScroll:
    case mojom::FeaturePolicyFeature::kLegacyImageFormats:
    case mojom::FeaturePolicyFeature::kImageCompression:
+    case mojom::FeaturePolicyFeature::kDocumentStreamInsertion:
      return RuntimeEnabledFeatures::ExperimentalProductivityFeaturesEnabled();
    default:
      return false;
@@ -193,6 +194,9 @@ const FeatureNameMap& GetDefaultFeatureNameMap() {
    default_feature_name_map.Set("picture-in-picture",
                                 mojom::FeaturePolicyFeature::kPictureInPicture);
    if (RuntimeEnabledFeatures::ExperimentalProductivityFeaturesEnabled()) {
+      default_feature_name_map.Set(
+          "document-stream-insertion",
+          mojom::FeaturePolicyFeature::kDocumentStreamInsertion);
      default_feature_name_map.Set(
          "image-compression", mojom::FeaturePolicyFeature::kImageCompression);
      default_feature_name_map.Set(
@@ -212,8 +216,6 @@ const FeatureNameMap& GetDefaultFeatureNameMap() {
          "cookie", mojom::FeaturePolicyFeature::kDocumentCookie);
      default_feature_name_map.Set(
          "domain", mojom::FeaturePolicyFeature::kDocumentDomain);
-      default_feature_name_map.Set("docwrite",
-                                   mojom::FeaturePolicyFeature::kDocumentWrite);
    }
    if (RuntimeEnabledFeatures::FeaturePolicyAutoplayFeatureEnabled()) {
      default_feature_name_map.Set("autoplay",