isXXX methods added to TrustedTypePolicyFactory

isHTML(), isScript(), isScriptURL() and isURL() added to
TrustedTypePolicyFactory class as part of Trusted Types API update to
current JS polyfill.
The methods require additional code to be fully matched to polyfill
expected behaviour.

Added a helper private method GetWrapperTypeInfoFromScriptValue.

Bug: 739170
Change-Id: I027e43ab6432405c686255a4d0ce24248c59a4dc
Reviewed-on: https://chromium-review.googlesource.com/1238433
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#595527}

third_party/WebKit/LayoutTests/external/wpt/trusted-types/TrustedTypePolicyFactory-createPolicy-createXYZTests.tentative.html

@@ -7,8 +7,10 @@
   //HTML tests
   function createHTMLTest(policyName, policy, expectedHTML, t) {
     let p = window.TrustedTypes.createPolicy(policyName, policy);
-    assert_true(p.createHTML('whatever') instanceof TrustedHTML);
-    assert_equals(p.createHTML('whatever') + "", expectedHTML);
+    let html = p.createHTML('whatever');
+    assert_true(html instanceof TrustedHTML);
+    assert_true(TrustedTypes.isHTML(html));
+    assert_equals(html + "", expectedHTML);
   }
 
   test(t => {
@@ -77,8 +79,10 @@
   //Script tests
   function createScriptTest(policyName, policy, expectedScript, t) {
     let p = window.TrustedTypes.createPolicy(policyName, policy);
-    assert_true(p.createScript('whatever') instanceof TrustedScript);
-    assert_equals(p.createScript('whatever') + "", expectedScript);
+    let script = p.createScript('whatever');
+    assert_true(script instanceof TrustedScript);
+    assert_true(TrustedTypes.isScript(script));
+    assert_equals(script + "", expectedScript);
   }
 
   test(t => {
@@ -150,8 +154,10 @@
   //ScriptURL tests
   function createScriptURLTest(policyName, policy, expectedScriptURL, t) {
     let p = window.TrustedTypes.createPolicy(policyName, policy);
-    assert_true(p.createScriptURL(INPUTS.SCRIPTURL) instanceof TrustedScriptURL);
-    assert_equals(p.createScriptURL(INPUTS.SCRIPTURL) + "", expectedScriptURL);
+    let scriptUrl = p.createScriptURL(INPUTS.SCRIPTURL);
+    assert_true(scriptUrl instanceof TrustedScriptURL);
+    assert_true(TrustedTypes.isScriptURL(scriptUrl));
+    assert_equals(scriptUrl + "", expectedScriptURL);
   }
 
   test(t => {
@@ -223,8 +229,10 @@
   //URL tests
   function createURLTest(policyName, policy, expectedURL, t) {
     let p = window.TrustedTypes.createPolicy(policyName, policy);
-    assert_true(p.createURL(INPUTS.URL) instanceof TrustedURL);
-    assert_equals(p.createURL(INPUTS.URL) + "", expectedURL);
+    let url = p.createURL(INPUTS.URL);
+    assert_true(url instanceof TrustedURL);
+    assert_true(TrustedTypes.isURL(url));
+    assert_equals(url + "", expectedURL);
   }
 
   test(t => {

third_party/WebKit/LayoutTests/external/wpt/trusted-types/TrustedTypePolicyFactory-isXXX.tentative.html

+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="support/helper.sub.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="trusted-types">
+<body>
+<script>
+  // Policy settings for all tests
+  const noopPolicy = {
+    'createHTML': (s) => s,
+    'createScriptURL': (s) => s,
+    'createURL': (s) => s,
+    'createScript': (s) => s,
+  };
+
+  // isHTML tests
+  test(t => {
+    const p = TrustedTypes.createPolicy('html', noopPolicy);
+    let html = p.createHTML(INPUTS.HTML);
+
+    assert_true(TrustedTypes.isHTML(html));
+    let html2 = Object.create(html);
+
+    // instanceof can pass, but we rely on isHTML
+    assert_true(html2 instanceof TrustedHTML);
+    assert_false(TrustedTypes.isHTML(html2));
+
+    let html3 = Object.assign({}, html, {toString: () => 'fake'});
+
+    assert_false(TrustedTypes.isHTML(html3));
+  }, 'TrustedTypePolicyFactory.isHTML requires the object to be created via policy.');
+
+  // isScript tests
+  test(t => {
+    const p = TrustedTypes.createPolicy('script', noopPolicy);
+    let script = p.createScript(INPUTS.SCRIPT);
+
+    assert_true(TrustedTypes.isScript(script));
+    let script2 = Object.create(script);
+
+    // instanceof can pass, but we rely on isScript
+    assert_true(script2 instanceof TrustedScript);
+    assert_false(TrustedTypes.isScript(script2));
+
+    let script3 = Object.assign({}, script, {toString: () => 'fake'});
+
+    assert_false(TrustedTypes.isScript(script3));
+  }, 'TrustedTypePolicyFactory.isScript requires the object to be created via policy.');
+
+  // isScriptURL tests
+  test(t => {
+    const p = TrustedTypes.createPolicy('script_url', noopPolicy);
+    let script = p.createScriptURL(INPUTS.SCRIPTURL);
+
+    assert_true(TrustedTypes.isScriptURL(script));
+    let script2 = Object.create(script);
+
+    // instanceof can pass, but we rely on isScript
+    assert_true(script2 instanceof TrustedScriptURL);
+    assert_false(TrustedTypes.isScriptURL(script2));
+
+    let script3 = Object.assign({}, script, {toString: () => 'fake'});
+
+    assert_false(TrustedTypes.isScriptURL(script3));
+  }, 'TrustedTypePolicyFactory.isScriptURL requires the object to be created via policy.');
+
+  // isURL tests
+  test(t => {
+    const p = TrustedTypes.createPolicy('url', noopPolicy);
+    let url = p.createURL(INPUTS.URL);
+
+    assert_true(TrustedTypes.isURL(url));
+    let url2 = Object.create(url);
+
+    // instanceof can pass, but we rely on isScript
+    assert_true(url2 instanceof TrustedURL);
+    assert_false(TrustedTypes.isURL(url2));
+
+    let url3 = Object.assign({}, url, {toString: () => 'fake'});
+
+    assert_false(TrustedTypes.isURL(url3));
+  }, 'TrustedTypePolicyFactory.isURL requires the object to be created via policy.');
+
+  // Redefinition tests
+  // TODO(vogelheim): Implement TrustedTypes (& policy objects) as 'frozen'.
+/*  test(t => {
+    assert_throws(new TypeError(), _ => {
+      TrustedTypes.isHTML = () => true;
+    });
+
+    assert_false(TrustedTypes.isHTML({}));
+  }, 'TrustedTypePolicyFactory.IsHTML cannot be redefined.');
+
+  test(t => {
+    assert_throws(new TypeError(), _ => {
+      TrustedTypes.isScript = () => true;
+    });
+
+    assert_false(TrustedTypes.isScript({}));
+  }, 'TrustedTypePolicyFactory.isScript cannot be redefined.');
+
+  test(t => {
+    assert_throws(new TypeError(), _ => {
+      TrustedTypes.isScriptURL = () => true;
+    });
+
+    assert_false(TrustedTypes.isScriptURL({}));
+  }, 'TrustedTypePolicyFactory.isScriptURL cannot be redefined.');
+
+  test(t => {
+    assert_throws(new TypeError(), _ => {
+      TrustedTypes.isURL = () => true;
+    });
+
+    assert_false(TrustedTypes.isURL({}));
+  }, 'TrustedTypePolicyFactory.isURL cannot be redefined.');*/
+</script>

third_party/WebKit/LayoutTests/webexposed/global-interface-listing-expected.txt

@@ -7434,6 +7434,10 @@ interface TrustedTypePolicyFactory
     method createPolicy
     method getExposedPolicy
     method getPolicyNames
+    method isHTML
+    method isScript
+    method isScriptURL
+    method isURL
 interface TrustedURL
     attribute @@toStringTag
     method constructor

third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.cc

@@ -4,6 +4,11 @@
 
 #include "third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.h"
 
+#include "third_party/blink/renderer/bindings/core/v8/script_value.h"
+#include "third_party/blink/renderer/bindings/core/v8/v8_trusted_html.h"
+#include "third_party/blink/renderer/bindings/core/v8/v8_trusted_script.h"
+#include "third_party/blink/renderer/bindings/core/v8/v8_trusted_script_url.h"
+#include "third_party/blink/renderer/bindings/core/v8/v8_trusted_url.h"
 #include "third_party/blink/renderer/core/dom/document.h"
 #include "third_party/blink/renderer/core/frame/csp/content_security_policy.h"
 #include "third_party/blink/renderer/core/frame/local_frame.h"
@@ -59,6 +64,51 @@ Vector<String> TrustedTypePolicyFactory::getPolicyNames() const {
   return policyNames;
 }
 
+const WrapperTypeInfo*
+TrustedTypePolicyFactory::GetWrapperTypeInfoFromScriptValue(
+    ScriptState* script_state,
+    const ScriptValue& script_value) {
+  v8::Local<v8::Value> value = script_value.V8Value();
+  v8::Isolate* isolate = script_state->GetIsolate();
+  if (value.IsEmpty() || !value->IsObject() ||
+      !V8DOMWrapper::IsWrapper(isolate, value))
+    return nullptr;
+  v8::Local<v8::Object> object = script_value.V8Value()->ToObject(isolate);
+  return ToWrapperTypeInfo(object);
+}
+
+bool TrustedTypePolicyFactory::isHTML(ScriptState* script_state,
+                                      const ScriptValue& script_value) {
+  const WrapperTypeInfo* wrapper_type_info =
+      GetWrapperTypeInfoFromScriptValue(script_state, script_value);
+  return wrapper_type_info &&
+         wrapper_type_info->Equals(&V8TrustedHTML::wrapperTypeInfo);
+}
+
+bool TrustedTypePolicyFactory::isScript(ScriptState* script_state,
+                                        const ScriptValue& script_value) {
+  const WrapperTypeInfo* wrapper_type_info =
+      GetWrapperTypeInfoFromScriptValue(script_state, script_value);
+  return wrapper_type_info &&
+         wrapper_type_info->Equals(&V8TrustedScript::wrapperTypeInfo);
+}
+
+bool TrustedTypePolicyFactory::isScriptURL(ScriptState* script_state,
+                                           const ScriptValue& script_value) {
+  const WrapperTypeInfo* wrapper_type_info =
+      GetWrapperTypeInfoFromScriptValue(script_state, script_value);
+  return wrapper_type_info &&
+         wrapper_type_info->Equals(&V8TrustedScriptURL::wrapperTypeInfo);
+}
+
+bool TrustedTypePolicyFactory::isURL(ScriptState* script_state,
+                                     const ScriptValue& script_value) {
+  const WrapperTypeInfo* wrapper_type_info =
+      GetWrapperTypeInfoFromScriptValue(script_state, script_value);
+  return wrapper_type_info &&
+         wrapper_type_info->Equals(&V8TrustedURL::wrapperTypeInfo);
+}
+
 void TrustedTypePolicyFactory::Trace(blink::Visitor* visitor) {
   ScriptWrappable::Trace(visitor);
   DOMWindowClient::Trace(visitor);

third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.h

@@ -16,6 +16,8 @@ namespace blink {
 
 class ExceptionState;
 class LocalFrame;
+class ScriptState;
+class ScriptValue;
 class TrustedTypePolicy;
 
 class CORE_EXPORT TrustedTypePolicyFactory final : public ScriptWrappable,
@@ -28,6 +30,7 @@ class CORE_EXPORT TrustedTypePolicyFactory final : public ScriptWrappable,
     return new TrustedTypePolicyFactory(frame);
   }
 
+  // TrustedTypePolicyFactory.idl
   TrustedTypePolicy* createPolicy(const String&,
                                   const TrustedTypePolicyOptions&,
                                   bool exposed,
@@ -37,11 +40,19 @@ class CORE_EXPORT TrustedTypePolicyFactory final : public ScriptWrappable,
 
   Vector<String> getPolicyNames() const;
 
+  bool isHTML(ScriptState*, const ScriptValue&);
+  bool isScript(ScriptState*, const ScriptValue&);
+  bool isScriptURL(ScriptState*, const ScriptValue&);
+  bool isURL(ScriptState*, const ScriptValue&);
+
   void Trace(blink::Visitor*) override;
 
  private:
   explicit TrustedTypePolicyFactory(LocalFrame*);
 
+  const WrapperTypeInfo* GetWrapperTypeInfoFromScriptValue(ScriptState*,
+                                                           const ScriptValue&);
+
   HeapHashMap<String, Member<TrustedTypePolicy>> policy_map_;
 };
 

third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.idl

@@ -12,4 +12,8 @@
     TrustedTypePolicy getExposedPolicy(DOMString policyName);
     // All the policy object names that have been created
     [Affects=Nothing] sequence<DOMString> getPolicyNames();
+    [CallWith=ScriptState] boolean isHTML(object? checkedObject);
+    [CallWith=ScriptState] boolean isScript(object? checkedObject);
+    [CallWith=ScriptState] boolean isScriptURL(object? checkedObject);
+    [CallWith=ScriptState] boolean isURL(object? checkedObject);
 };