[TrustedTypes] Lock the API to secure contexts.

This addresses only the IDL changes. We'll need to decide how the CSP
integration ought to work (e.g. whether `require-sri-for` has any
impact on non-secure pages) in the next CL.

Bug: 1059554
Change-Id: Ie67a3cc1dbaac1e52e2d63bed45b43eb2ffa020b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2093214
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Yifan Luo <lyf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#748064}

third_party/blink/renderer/core/frame/window.idl

@@ -209,7 +209,7 @@
     [DisableInNewIDLCompiler] attribute DOMMatrixConstructor WebKitCSSMatrix;
 
     // TrustedTypes API: http://github.com/wicg/trusted-types
-    [RuntimeEnabled=TrustedDOMTypes] readonly attribute TrustedTypePolicyFactory trustedTypes;
+    [RuntimeEnabled=TrustedDOMTypes, SecureContext] readonly attribute TrustedTypePolicyFactory trustedTypes;
 };
 
 Window includes GlobalEventHandlers;

third_party/blink/renderer/core/trustedtypes/trusted_html.idl

@@ -8,7 +8,8 @@ typedef (DOMString or TrustedHTML) HTMLString;
 
 [
     Exposed=Window,
-    RuntimeEnabled=TrustedDOMTypes
+    RuntimeEnabled=TrustedDOMTypes,
+    SecureContext
 ] interface TrustedHTML {
     stringifier;
 };

third_party/blink/renderer/core/trustedtypes/trusted_script.idl

@@ -8,7 +8,8 @@ typedef (DOMString or TrustedScript) ScriptString;
 
 [
     Exposed=Window,
-    RuntimeEnabled=TrustedDOMTypes
+    RuntimeEnabled=TrustedDOMTypes,
+    SecureContext
 ] interface TrustedScript {
     stringifier;
 };

third_party/blink/renderer/core/trustedtypes/trusted_script_url.idl

@@ -8,7 +8,8 @@ typedef (DOMString or TrustedScriptURL) ScriptURLString;
 
 [
     Exposed=Window,
-    RuntimeEnabled=TrustedDOMTypes
+    RuntimeEnabled=TrustedDOMTypes,
+    SecureContext
 ] interface TrustedScriptURL {
     stringifier;
 };

third_party/blink/renderer/core/trustedtypes/trusted_type_policy.idl

@@ -8,7 +8,8 @@ typedef (DOMString or TrustedHTML or TrustedScript or TrustedScriptURL) TrustedS
 
 [
     Exposed=Window,
-    RuntimeEnabled=TrustedDOMTypes
+    RuntimeEnabled=TrustedDOMTypes,
+    SecureContext
 ] interface TrustedTypePolicy {
     readonly attribute DOMString name;
     [CallWith=ScriptState, RaisesException] TrustedHTML createHTML(DOMString input, any... args);

third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.idl

@@ -6,7 +6,8 @@
 
 [
     Exposed=(Window, Worker),
-    RuntimeEnabled=TrustedDOMTypes
+    RuntimeEnabled=TrustedDOMTypes,
+    SecureContext
 ] interface TrustedTypePolicyFactory {
     [RaisesException] TrustedTypePolicy createPolicy(DOMString policyName, TrustedTypePolicyOptions policyOptions);
     readonly attribute TrustedTypePolicy defaultPolicy;

third_party/blink/web_tests/external/wpt/lint.whitelist

@@ -201,8 +201,8 @@ SET TIMEOUT: service-workers/service-worker/resources/resource-timing-worker.js
 SET TIMEOUT: shadow-dom/Document-prototype-currentScript.html
 SET TIMEOUT: shadow-dom/scroll-to-the-fragment-in-shadow-tree.html
 SET TIMEOUT: shadow-dom/slotchange-event.html
-SET TIMEOUT: trusted-types/block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.tentative.html
-SET TIMEOUT: trusted-types/DOMWindowTimers-setTimeout-setInterval.tentative.html
+SET TIMEOUT: trusted-types/block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.tentative.https.html
+SET TIMEOUT: trusted-types/DOMWindowTimers-setTimeout-setInterval.tentative.https.html
 SET TIMEOUT: user-timing/*
 SET TIMEOUT: web-animations/timing-model/animations/*
 SET TIMEOUT: webaudio/the-audio-api/the-mediaelementaudiosourcenode-interface/mediaElementAudioSourceToScriptProcessorTest.html

third_party/blink/web_tests/fast/dom/Window/property-access-on-cached-window-after-frame-removed-and-gced-expected.txt

@@ -186,7 +186,6 @@ PASS childWindow.status is ''
 PASS childWindow.statusbar.visible is false
 PASS childWindow.styleMedia.type is ''
 PASS childWindow.toolbar.visible is false
-PASS childWindow.trustedTypes.defaultPolicy is null
 PASS childWindow.visualViewport.height is 0
 PASS childWindow.visualViewport.offsetLeft is 0
 PASS childWindow.visualViewport.offsetTop is 0

third_party/blink/web_tests/fast/dom/Window/property-access-on-cached-window-after-frame-removed-expected.txt

@@ -186,7 +186,6 @@ PASS childWindow.status is ''
 PASS childWindow.statusbar.visible is false
 PASS childWindow.styleMedia.type is ''
 PASS childWindow.toolbar.visible is false
-PASS childWindow.trustedTypes.defaultPolicy is null
 PASS childWindow.visualViewport.height is 0
 PASS childWindow.visualViewport.offsetLeft is 0
 PASS childWindow.visualViewport.offsetTop is 0