[Trusted Types] Sink name changes in violation reports.

1. Use space instead of a dot.
2. Use HTMLScriptElement and SVGScriptElement instead of script.
3. Use `|` instead of ` ` between sink name and string value.


Bug: 1058446
Change-Id: I84b555b50dcb839cc8455612f08d53f028fc607f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2120495
Commit-Queue: Yifan Luo <lyf@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#755319}

third_party/blink/renderer/core/frame/csp/content_security_policy.cc

@@ -1079,10 +1079,9 @@ static void GatherSecurityPolicyViolationEventData(
   if (!sample_prefix.IsEmpty()) {
     sample.Append(sample_prefix.StripWhiteSpace().Left(
         ContentSecurityPolicy::kMaxSampleLength));
+    sample.Append("|");
   }
   if (!script_source.IsEmpty()) {
-    if (!sample.IsEmpty())
-      sample.Append(" ");
     sample.Append(script_source.StripWhiteSpace().Left(
         ContentSecurityPolicy::kMaxSampleLength));
   }

third_party/blink/renderer/core/html/html_script_element.cc

@@ -293,6 +293,10 @@ void HTMLScriptElement::SetScriptElementForBinding(
     element.SetHTMLScriptElement(this);
 }
 
+ScriptElementBase::Type HTMLScriptElement::GetScriptElementType() {
+  return ScriptElementBase::Type::kHTMLScriptElement;
+}
+
 Element& HTMLScriptElement::CloneWithoutAttributesAndChildren(
     Document& factory) const {
   CreateElementFlags flags =

third_party/blink/renderer/core/html/html_script_element.h

@@ -109,6 +109,8 @@ class CORE_EXPORT HTMLScriptElement final : public HTMLElement,
   void SetScriptElementForBinding(
       HTMLScriptElementOrSVGScriptElement&) override;
 
+  Type GetScriptElementType() override;
+
   Element& CloneWithoutAttributesAndChildren(Document&) const override;
 
   // https://w3c.github.io/webappsec-trusted-types/dist/spec/#script-scripttext

third_party/blink/renderer/core/script/mock_script_element_base.h

@@ -54,6 +54,9 @@ class MockScriptElementBase : public GarbageCollected<MockScriptElementBase>,
                void(HTMLScriptElementOrSVGScriptElement&));
   MOCK_CONST_METHOD0(Loader, ScriptLoader*());
 
+  ScriptElementBase::Type GetScriptElementType() override {
+    return ScriptElementBase::Type::kHTMLScriptElement;
+  }
   void Trace(Visitor* visitor) override { ScriptElementBase::Trace(visitor); }
 };
 

third_party/blink/renderer/core/script/script_element_base.h

@@ -38,6 +38,7 @@ ScriptLoader* ScriptLoaderFromElement(Element*);
 
 class CORE_EXPORT ScriptElementBase : public GarbageCollectedMixin {
  public:
+  enum class Type { kHTMLScriptElement, kSVGScriptElement };
   virtual bool AsyncAttributeValue() const = 0;
   virtual String CharsetAttributeValue() const = 0;
   virtual String CrossOriginAttributeValue() const = 0;
@@ -76,6 +77,8 @@ class CORE_EXPORT ScriptElementBase : public GarbageCollectedMixin {
   virtual void DispatchLoadEvent() = 0;
   virtual void DispatchErrorEvent() = 0;
 
+  virtual Type GetScriptElementType() = 0;
+
  protected:
   ScriptLoader* InitializeScriptLoader(bool parser_inserted,
                                        bool already_started);

third_party/blink/renderer/core/script/script_loader.cc

@@ -1044,6 +1044,7 @@ String ScriptLoader::GetScriptText() const {
   if (child_text_content == script_text_internal_slot)
     return child_text_content;
   return GetStringForScriptExecution(child_text_content,
+                                     element_->GetScriptElementType(),
                                      element_->GetDocument().ContextDocument());
 }
 

third_party/blink/renderer/core/svg/svg_script_element.cc

@@ -170,6 +170,10 @@ void SVGScriptElement::SetScriptElementForBinding(
     element.SetSVGScriptElement(this);
 }
 
+ScriptElementBase::Type SVGScriptElement::GetScriptElementType() {
+  return ScriptElementBase::Type::kSVGScriptElement;
+}
+
 #if DCHECK_IS_ON()
 bool SVGScriptElement::IsAnimatableAttribute(const QualifiedName& name) const {
   if (name == svg_names::kTypeAttr || name == svg_names::kHrefAttr ||

third_party/blink/renderer/core/svg/svg_script_element.h

@@ -100,6 +100,8 @@ class SVGScriptElement final : public SVGElement,
   void SetScriptElementForBinding(
       HTMLScriptElementOrSVGScriptElement&) override;
 
+  Type GetScriptElementType() override;
+
   Element& CloneWithoutAttributesAndChildren(Document&) const override;
   bool LayoutObjectIsNeeded(const ComputedStyle&) const override {
     return false;

third_party/blink/renderer/core/trustedtypes/trusted_types_util.cc

@@ -12,6 +12,7 @@
 #include "third_party/blink/renderer/bindings/core/v8/window_proxy_manager.h"
 #include "third_party/blink/renderer/core/frame/csp/content_security_policy.h"
 #include "third_party/blink/renderer/core/frame/local_frame.h"
+#include "third_party/blink/renderer/core/script/script_element_base.h"
 #include "third_party/blink/renderer/core/trustedtypes/trusted_html.h"
 #include "third_party/blink/renderer/core/trustedtypes/trusted_script.h"
 #include "third_party/blink/renderer/core/trustedtypes/trusted_script_url.h"
@@ -100,12 +101,23 @@ String GetSamplePrefix(const ExceptionState& exception_state) {
     sample_prefix.Append("eval");
   } else if (interface_name && property_name) {
     sample_prefix.Append(interface_name);
-    sample_prefix.Append(".");
+    sample_prefix.Append(" ");
     sample_prefix.Append(property_name);
   }
   return sample_prefix.ToString();
 }
 
+const char* GetElementName(const ScriptElementBase::Type type) {
+  switch (type) {
+    case ScriptElementBase::Type::kHTMLScriptElement:
+      return "HTMLScriptElement";
+    case ScriptElementBase::Type::kSVGScriptElement:
+      return "SVGScriptElement";
+  }
+  NOTREACHED();
+  return "";
+}
+
 // Handle failure of a Trusted Type assignment.
 //
 // If trusted type assignment fails, we need to
@@ -438,9 +450,11 @@ String TrustedTypesCheckFor(SpecificTrustedType type,
   return "";
 }
 
-String CORE_EXPORT GetStringForScriptExecution(const String& script,
-                                               Document* doc) {
-  return GetStringFromScriptHelper(script, doc, "script", "text",
+String CORE_EXPORT
+GetStringForScriptExecution(const String& script,
+                            const ScriptElementBase::Type type,
+                            Document* doc) {
+  return GetStringFromScriptHelper(script, doc, GetElementName(type), "text",
                                    kScriptExecution,
                                    kScriptExecutionAndDefaultPolicyFailed);
 }

third_party/blink/renderer/core/trustedtypes/trusted_types_util.h

@@ -6,6 +6,7 @@
 #define THIRD_PARTY_BLINK_RENDERER_CORE_TRUSTEDTYPES_TRUSTED_TYPES_UTIL_H_
 
 #include "third_party/blink/renderer/core/core_export.h"
+#include "third_party/blink/renderer/core/script/script_element_base.h"
 #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
 
 namespace blink {
@@ -65,7 +66,9 @@ CORE_EXPORT String TrustedTypesCheckForScriptURL(const String&,
 // but with setup & error handling suitable for the asynchronous execution
 // cases.
 String TrustedTypesCheckForJavascriptURLinNavigation(const String&, Document*);
-CORE_EXPORT String GetStringForScriptExecution(const String&, Document*);
+CORE_EXPORT String GetStringForScriptExecution(const String&,
+                                               ScriptElementBase::Type,
+                                               Document*);
 
 // Determine whether a Trusted Types check is needed in this execution context.
 //

third_party/blink/web_tests/external/wpt/content-security-policy/reporting/report-clips-sample.https.html

@@ -16,7 +16,7 @@
     });
     assert_false(evil);
     return waitUntilCSPEventForTrustedTypes(t).then(t.step_func_done(e => {
-      assert_equals(e.sample, "eval evil = '12345678901234567890123456789012");
+      assert_equals(e.sample, "eval|evil = '12345678901234567890123456789012");
     }));
   }, "Unsafe eval violation sample is clipped to 40 characters.");
 
@@ -26,7 +26,7 @@
     });
     return waitUntilCSPEventForTrustedTypes(t).then(t.step_func_done(e => {
       assert_equals(e.sample.replace(/\n/g, ""),
-                    "eval (function anonymous(a,b) {return '1234");
+                    "eval|(function anonymous(a,b) {return '1234");
     }));
   }, "Function constructor - the other kind of eval - is clipped.");
 
@@ -37,7 +37,7 @@
     });
     assert_equals(a.innerHTML, "");
     return waitUntilCSPEventForTrustedTypes(t).then(t.step_func_done(e => {
-      assert_equals(e.sample, "Element.innerHTML 1234567890123456789012345678901234567890");
+      assert_equals(e.sample, "Element innerHTML|1234567890123456789012345678901234567890");
     }));
   }, "Trusted Types violation sample is clipped to 40 characters excluded the sink name.");
   </script>

third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-navigation.tentative.https.html

@@ -33,7 +33,7 @@
     openWindow(t, "support/navigation-support.html");
     return Promise.all([
       expectLoadedAsMessage("navigation-support.html"),
-      expectViolationAsMessage("Location.href"),
+      expectViolationAsMessage("Location href"),
     ]);
   }, "Navigate a window with javascript:-urls in enforcing mode.");
 

third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-reporting.tentative.https.html

 <!DOCTYPE html>
 <head>
+  <meta name="timeout" content="long">
   <script src="/resources/testharness.js"></script>
   <script src="/resources/testharnessreport.js"></script>
   <script src="/content-security-policy/support/testharness-helper.js"></script>
@@ -154,17 +155,25 @@
     let p = Promise.resolve()
         .then(promise_violation("require-trusted-types-for 'script'"))
         .then(expect_blocked_uri("trusted-types-sink"))
-        .then(expect_sample("Element.innerHTML"))
-        .then(expect_sample("abc"));
+        .then(expect_sample("Element innerHTML|abc"));
     expect_throws(_ => { document.getElementById("div").innerHTML = "abc" });
     return p;
-  }, "Trusted Type violation report: sample for .innerHTML assignment");
+  }, "Trusted Type violation report: sample for innerHTML assignment");
 
   promise_test(t => {
     let p = Promise.resolve()
         .then(promise_violation("require-trusted-types-for 'script'"))
         .then(expect_blocked_uri("trusted-types-sink"))
-        .then(expect_sample("HTMLScriptElement.src"));
+        .then(expect_sample("HTMLScriptElement text|abc"));
+    expect_throws(_ => { document.getElementById("script").text = "abc" });
+    return p;
+  }, "Trusted Type violation report: sample for text assignment");
+
+  promise_test(t => {
+    let p = Promise.resolve()
+        .then(promise_violation("require-trusted-types-for 'script'"))
+        .then(expect_blocked_uri("trusted-types-sink"))
+        .then(expect_sample("HTMLScriptElement src"));
       expect_throws(_ => { document.getElementById("script").src = "" });
     return p;
   }, "Trusted Type violation report: sample for script.src assignment");
@@ -173,18 +182,48 @@
     let p = Promise.resolve()
         .then(promise_violation("require-trusted-types-for 'script'"))
         .then(expect_blocked_uri("trusted-types-sink"))
-        .then(expect_sample("HTMLElement.innerText"))
-        .then(expect_sample("2+2;"));
+        .then(expect_sample("HTMLElement innerText|2+2;"));
     expect_throws(_ => document.getElementById("script").innerText = "2+2;");
     return p;
   }, "Trusted Type violation report: sample for script innerText assignment");
 
+  // TODO(lyf): https://crbug.com/1066791 Following tests which related to svg
+  // script element cause a flaky timeout in `linux-blink-rel`, following tests
+  // should be added back after the bug fix.
+  //
+  // TODO(lyf): https://crbug.com/1064598
+  // promise_test(t => {
+  //   let p = Promise.resolve()
+  //       .then(promise_violation("require-trusted-types-for 'script'"))
+  //       .then(expect_blocked_uri("trusted-types-sink"))
+  //       .then(expect_sample("SVGScriptElement href"));
+  //     expect_throws(_ => { document.getElementById("svgscript").href.baseVal = "" });
+  //   return p;
+  // }, "Trusted Type violation report: sample for SVGScriptElement href assignment");
+  //
+  // promise_test(t => {
+  //   let p = Promise.resolve()
+  //       .then(promise_violation("require-trusted-types-for 'script'"))
+  //       .then(expect_blocked_uri("trusted-types-sink"))
+  //       .then(expect_sample("Element setAttribute"));
+  //     expect_throws(_ => { document.getElementById("svgscript").setAttribute('href', "test"); });
+  //   return p;
+  // }, "Trusted Type violation report: sample for SVGScriptElement href assignment by setAttribute");
+  //
+  // promise_test(t => {
+  //   let p = Promise.resolve()
+  //       .then(promise_violation("require-trusted-types-for 'script'"))
+  //       .then(expect_blocked_uri("trusted-types-sink"))
+  //       .then(expect_sample("SVGScriptElement text"));
+  //     expect_throws(_ => { document.getElementById("svgscript").insertBefore(document.createTextNode("Hello"), null) });
+  //   return p;
+  // }, "Trusted Type violation report: sample for SVGScriptElement text assignment");
+
   promise_test(t => {
     let p = Promise.resolve()
         .then(promise_violation("require-trusted-types-for 'script'"))
         .then(expect_blocked_uri("trusted-types-sink"))
-        .then(expect_sample("eval"))
-        .then(expect_sample("2+2"))
+        .then(expect_sample("eval|2+2"))
         .then(promise_flush());
     expect_throws(_ => eval("2+2"));
     flush();
@@ -197,8 +236,7 @@
     let p = Promise.resolve()
         .then(promise_violation("require-trusted-types-for 'script'"))
         .then(expect_blocked_uri("trusted-types-sink"))
-        .then(expect_sample("HTMLElement.innerText"))
-        .then(expect_sample("abbb"))
+        .then(expect_sample("HTMLElement innerText|abbb"))
         .then(e => assert_less_than(e.sample.length, 150));
     const value = "a" + "b".repeat(50000);
     expect_throws(_ => document.getElementById("script").innerText = value);
@@ -216,8 +254,7 @@
       let p = Promise.resolve()
           .then(promise_violation("require-trusted-types-for 'script'"))
           .then(expect_blocked_uri("trusted-types-sink"))
-          .then(expect_sample("HTMLScriptElement.src"))
-          .then(expect_sample("abc"));
+          .then(expect_sample("HTMLScriptElement src|abc"));
       expect_throws(_ => document.getElementById("customscript").src = "abc");
       return p;
     }, "Trusted Type violation report: sample for custom element assignment");
@@ -229,4 +266,5 @@
   <div id="div"></div>
   <script id="script"></script>
   <script id="customscript" is="custom-script" src="a"></script>
+  <svg><script id="svgscript"></script></svg>
 </body>