[Trusted Types] Clean up uses of "trusted-types *".

Change-Id: Id71c80eb058ddd35ecda8156a2faf742d25faf24 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2095536Reviewed-by: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Commit-Queue: Stefano Sanfilippo <ssanfilippo@chromium.org> Cr-Commit-Position: refs/heads/master@{#749182}

[Trusted Types] Clean up uses of "trusted-types *".
Change-Id: Id71c80eb058ddd35ecda8156a2faf742d25faf24 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2095536Reviewed-by: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Commit-Queue: Stefano Sanfilippo <ssanfilippo@chromium.org> Cr-Commit-Position: refs/heads/master@{#749182}
dc20fdde · Stefano Sanfilippo · Commit Bot · 62b01f85 · dc20fdde · dc20fdde
Commit dc20fdde authored Mar 11, 2020 by Stefano Sanfilippo Committed by Commit Bot Mar 11, 2020
4 changed files
--- a/chrome/test/data/extensions/test_file_with_trusted_types.html
+++ b/chrome/test/data/extensions/test_file_with_trusted_types.html
 <!doctype html>
 <html>
 <head>
-  <meta http-equiv="Content-Security-Policy" content="trusted-types *">
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
  <title>Define a restrictive CSP trusted-types directive.</title>
 </head>
 <body>

--- a/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc
+++ b/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc
@@ -1404,6 +1404,28 @@ TEST_F(ContentSecurityPolicyTest, TrustedTypesStar) {
  EXPECT_FALSE(csp->AllowTrustedTypePolicy("somepolicy", true));
 }

+TEST_F(ContentSecurityPolicyTest, TrustedTypesStarMix) {
+  csp->BindToDelegate(execution_context->GetContentSecurityPolicyDelegate());
+  csp->DidReceiveHeader("trusted-types abc * def",
+                        ContentSecurityPolicyType::kEnforce,
+                        ContentSecurityPolicySource::kHTTP);
+  EXPECT_TRUE(csp->AllowTrustedTypePolicy("abc", false));
+  EXPECT_TRUE(csp->AllowTrustedTypePolicy("def", false));
+  EXPECT_TRUE(csp->AllowTrustedTypePolicy("ghi", false));
+  EXPECT_FALSE(csp->AllowTrustedTypePolicy("abc", true));
+  EXPECT_FALSE(csp->AllowTrustedTypePolicy("def", true));
+  EXPECT_FALSE(csp->AllowTrustedTypePolicy("ghi", true));
+}
+
+TEST_F(ContentSecurityPolicyTest, TrustedTypeDupe) {
+  csp->BindToDelegate(execution_context->GetContentSecurityPolicyDelegate());
+  csp->DidReceiveHeader("trusted-types somepolicy 'allow-duplicates'",
+                        ContentSecurityPolicyType::kEnforce,
+                        ContentSecurityPolicySource::kHTTP);
+  EXPECT_TRUE(csp->AllowTrustedTypePolicy("somepolicy", false));
+  EXPECT_TRUE(csp->AllowTrustedTypePolicy("somepolicy", true));
+}
+
 TEST_F(ContentSecurityPolicyTest, TrustedTypeDupeStar) {
  csp->BindToDelegate(execution_context->GetContentSecurityPolicyDelegate());
  csp->DidReceiveHeader("trusted-types * 'allow-duplicates'",

--- a/third_party/blink/renderer/core/trustedtypes/trusted_types_util_test.cc
+++ b/third_party/blink/renderer/core/trustedtypes/trusted_types_util_test.cc
@@ -23,9 +23,6 @@ namespace blink {
 void TrustedTypesCheckForHTMLThrows(const String& string) {
  auto dummy_page_holder = std::make_unique<DummyPageHolder>(IntSize(800, 600));
  Document& document = dummy_page_holder->GetDocument();
-  document.GetContentSecurityPolicy()->DidReceiveHeader(
-      "trusted-types *", network::mojom::ContentSecurityPolicyType::kEnforce,
-      network::mojom::ContentSecurityPolicySource::kMeta);
  V8TestingScope scope;
  DummyExceptionStateForTesting exception_state;
  ASSERT_FALSE(exception_state.HadException());
@@ -46,9 +43,6 @@ void TrustedTypesCheckForHTMLThrows(const String& string) {
 void TrustedTypesCheckForScriptThrows(const String& string) {
  auto dummy_page_holder = std::make_unique<DummyPageHolder>(IntSize(800, 600));
  Document& document = dummy_page_holder->GetDocument();
-  document.GetContentSecurityPolicy()->DidReceiveHeader(
-      "trusted-types *", network::mojom::ContentSecurityPolicyType::kEnforce,
-      network::mojom::ContentSecurityPolicySource::kMeta);
  V8TestingScope scope;
  DummyExceptionStateForTesting exception_state;
  ASSERT_FALSE(exception_state.HadException());
@@ -71,9 +65,6 @@ void TrustedTypesCheckForScriptThrows(const String& string) {
 void TrustedTypesCheckForScriptURLThrows(const String& string) {
  auto dummy_page_holder = std::make_unique<DummyPageHolder>(IntSize(800, 600));
  Document& document = dummy_page_holder->GetDocument();
-  document.GetContentSecurityPolicy()->DidReceiveHeader(
-      "trusted-types *", network::mojom::ContentSecurityPolicyType::kEnforce,
-      network::mojom::ContentSecurityPolicySource::kMeta);
  V8TestingScope scope;
  DummyExceptionStateForTesting exception_state;
  ASSERT_FALSE(exception_state.HadException());
@@ -98,9 +89,6 @@ void TrustedTypesCheckForScriptWorks(
    String expected) {
  auto dummy_page_holder = std::make_unique<DummyPageHolder>(IntSize(800, 600));
  Document& document = dummy_page_holder->GetDocument();
-  document.GetContentSecurityPolicy()->DidReceiveHeader(
-      "trusted-types *", network::mojom::ContentSecurityPolicyType::kEnforce,
-      network::mojom::ContentSecurityPolicySource::kMeta);
  V8TestingScope scope;
  DummyExceptionStateForTesting exception_state;
  String s = TrustedTypesCheckForScript(

--- a/third_party/blink/web_tests/http/tests/security/isolatedWorld/bypass-main-world-trusted-types.html
+++ b/third_party/blink/web_tests/http/tests/security/isolatedWorld/bypass-main-world-trusted-types.html
 <!DOCTYPE html>
 <html>
 <head>
-<meta http-equiv="Content-Security-Policy" content="trusted-types *; require-trusted-types-for 'script';">
+<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
 <script>
    if (window.testRunner) {
        testRunner.dumpAsText();