[Trusted Types] Remove modifying eval() callback.

This temporary change disables eval(TT), so all related WPTs are disabled as well. It is necessary to change the v8 callback signature and support throwing exceptions when CSP blocks execution.

Bug: 940927
Change-Id: I9b16f9e9611034111859683eb6b6a31d958fe6eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1872221Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Stefano Sanfilippo <ssanfilippo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#710803}

third_party/blink/renderer/bindings/core/v8/v8_initializer.cc

@@ -384,59 +384,6 @@ static bool ContentSecurityPolicyCodeGenerationCheck(
   return false;
 }
 
-static v8::MaybeLocal<v8::String> TrustedTypesCodeGenerationCheck(
-    v8::Local<v8::Context> context,
-    v8::Local<v8::Value> source) {
-  ExceptionState exception_state(context->GetIsolate(),
-                                 ExceptionState::kExecutionContext, "eval", "");
-  StringOrTrustedScript string_or_trusted_script;
-  V8StringOrTrustedScript::ToImpl(
-      context->GetIsolate(), source, string_or_trusted_script,
-      UnionTypeConversionMode::kNotNullable, exception_state);
-
-  String modified_source = GetStringFromTrustedScript(
-      string_or_trusted_script, ToExecutionContext(context), exception_state);
-  if (exception_state.HadException()) {
-    exception_state.ClearException();
-    return v8::MaybeLocal<v8::String>();
-  }
-
-  return V8String(context->GetIsolate(), modified_source);
-}
-
-static v8::MaybeLocal<v8::String> CodeGenerationCheckCallbackInMainThread(
-    v8::Local<v8::Context> context,
-    v8::Local<v8::Value> source) {
-  // Without trusted types, we decide based on CSP.
-  if (!RequireTrustedTypesCheck(ToExecutionContext(context))) {
-    bool allowed_by_csp =
-        source->IsString() && ContentSecurityPolicyCodeGenerationCheck(
-                                  context, source.As<v8::String>());
-    return allowed_by_csp ? source.As<v8::String>()
-                          : v8::MaybeLocal<v8::String>();
-  }
-
-  // With Trusted Types, we pass when both CSP and TT allow the value.
-  // We will always run the TT check because of reporting, and because a
-  // default policy might want to modify the string.
-  v8::Local<v8::String> trusted_types_string;
-  if (TrustedTypesCodeGenerationCheck(context, source)
-          .ToLocal(&trusted_types_string) &&
-      ContentSecurityPolicyCodeGenerationCheck(context, trusted_types_string)) {
-    return trusted_types_string;
-  }
-
-  // TODO(ssanfilippo) returning an empty local covers two different messages:
-  //
-  //  * The source was not a string or TrustedScript.
-  //  * TT or CSP has rejected this source.
-  //
-  // We need to patch the V8 callback to differentiate these two. For now,
-  // rejected TSs are passed through. CSP reports are still sent as side-effect.
-  // See crbug.com/992424.
-  return v8::MaybeLocal<v8::String>();
-}
-
 static bool WasmCodeGenerationCheckCallbackInMainThread(
     v8::Local<v8::Context> context,
     v8::Local<v8::String> source) {
@@ -694,8 +641,8 @@ void V8Initializer::InitializeMainThread(const intptr_t* reference_table) {
           v8::Isolate::kMessageLog);
   isolate->SetFailedAccessCheckCallbackFunction(
       FailedAccessCheckCallbackInMainThread);
-  isolate->SetModifyCodeGenerationFromStringsCallback(
-      CodeGenerationCheckCallbackInMainThread);
+  isolate->SetAllowCodeGenerationFromStringsCallback(
+      ContentSecurityPolicyCodeGenerationCheck);
   isolate->SetAllowWasmCodeGenerationCallback(
       WasmCodeGenerationCheckCallbackInMainThread);
   if (RuntimeEnabledFeatures::V8IdleTasksEnabled()) {

third_party/blink/web_tests/TestExpectations

@@ -5766,3 +5766,9 @@ crbug.com/842488 http/tests/devtools/network/network-initiator-chain.js [ Pass F
 
 # Temporarily disabled to a breakpoint non-determinism issue.
 crbug.com/1019613 http/tests/devtools/sources/debugger/debug-inlined-scripts.js [ Pass Failure ]
+
+# eval+Trusted Types failures while the feature is implemented.
+crbug.com/940927 external/wpt/trusted-types/trusted-types-eval-reporting-report-only.tentative.https.html [ Timeout ]
+crbug.com/940927 external/wpt/trusted-types/trusted-types-eval-reporting.tentative.https.html [ Failure ]
+crbug.com/940927 external/wpt/trusted-types/trusted-types-eval-reporting-no-unsafe-eval.tentative.https.html [ Timeout ]
+crbug.com/940927 external/wpt/trusted-types/eval-with-permissive-csp.tentative.html [ Failure ]

third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-reporting.tentative.https.html

@@ -179,18 +179,6 @@
     return p;
   }, "Trusted Type violation report: sample for script innerText assignment");
 
-  promise_test(t => {
-    let p = Promise.resolve()
-        .then(promise_violation("trusted-types one"))
-        .then(expect_blocked_uri("trusted-types-sink"))
-        .then(expect_sample("eval"))
-        .then(expect_sample("2+2"))
-        .then(promise_flush());
-    expect_throws(_ => eval("2+2"));
-    flush();
-    return p;
-  }, "Trusted Type violation report: sample for eval");
-
   promise_test(t => {
     // We expect the sample string to always contain the name, and at least the
     // start of the value, but it should not be excessively long.