Trusted Types: In report-only mode, assignment should pass

... even if default policy application fails. Bug: 739170 Change-Id: I2a44b281eea185f5b34b3050a14dca219f38d5fc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1789303Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/master@{#695962}

Trusted Types: In report-only mode, assignment should pass
... even if default policy application fails. Bug: 739170 Change-Id: I2a44b281eea185f5b34b3050a14dca219f38d5fc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1789303Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/master@{#695962}
ee128184 · Daniel Vogelheim · Commit Bot · d1f9d48e · ee128184 · ee128184
Commit ee128184 authored Sep 12, 2019 by Daniel Vogelheim Committed by Commit Bot Sep 12, 2019
3 changed files
--- a/third_party/blink/renderer/core/trustedtypes/trusted_types_util.cc
+++ b/third_party/blink/renderer/core/trustedtypes/trusted_types_util.cc
@@ -290,9 +290,12 @@ String GetStringFromTrustedHTML(const String& string,
  }
  if (result->toString().IsNull()) {
-    TrustedTypeFail(kTrustedHTMLAssignmentAndDefaultPolicyFailed,
+    if (TrustedTypeFail(kTrustedHTMLAssignmentAndDefaultPolicyFailed,
-                    execution_context, exception_state, string);
+                        execution_context, exception_state, string)) {
-    return g_empty_string;
+      return g_empty_string;
+    } else {
+      return string;
+    }
  }
  return result->toString();
@@ -346,9 +349,12 @@ String GetStringFromTrustedScript(const String& potential_script,
  }
  if (result->toString().IsNull()) {
-    TrustedTypeFail(kTrustedScriptAssignmentAndDefaultPolicyFailed,
+    if (TrustedTypeFail(kTrustedScriptAssignmentAndDefaultPolicyFailed,
-                    execution_context, exception_state, potential_script);
+                        execution_context, exception_state, potential_script)) {
-    return g_empty_string;
+      return g_empty_string;
+    } else {
+      return potential_script;
+    }
  }
  return result->toString();
@@ -390,9 +396,12 @@ String GetStringFromTrustedScriptURL(
  }
  if (result->toString().IsNull()) {
-    TrustedTypeFail(kTrustedScriptURLAssignmentAndDefaultPolicyFailed,
+    if (TrustedTypeFail(kTrustedScriptURLAssignmentAndDefaultPolicyFailed,
-                    execution_context, exception_state, string);
+                        execution_context, exception_state, string)) {
-    return g_empty_string;
+      return g_empty_string;
+    } else {
+      return string;
+    }
  }
  return result->toString();
@@ -430,9 +439,12 @@ String GetStringFromTrustedURL(USVStringOrTrustedURL string_or_trusted_url,
  }
  if (result->toString().IsNull()) {
-    TrustedTypeFail(kTrustedURLAssignmentAndDefaultPolicyFailed,
+    if (TrustedTypeFail(kTrustedURLAssignmentAndDefaultPolicyFailed,
-                    execution_context, exception_state, string);
+                        execution_context, exception_state, string)) {
-    return g_empty_string;
+      return g_empty_string;
+    } else {
+      return string;
+    }
  }
  return result->toString();

--- a/third_party/blink/web_tests/external/wpt/trusted-types/default-policy-report-only.tentative.html
+++ b/third_party/blink/web_tests/external/wpt/trusted-types/default-policy-report-only.tentative.html
@@ -7,26 +7,6 @@
 </head>
 <body>
 <script>
-// We expect to run this test in two instances, enforcing and report-only
-// Trusted Type policies. We'll infer from our URL which one we are.
-//
-// The expected file names/headers are:
-// - default-policy.tentative.html:
-//     Content-Security-Policy: trusted-types *
-// - default-policy-report-only.tentative.html:
-//    Content-Security-Policy-Report-Only: trusted-types *
-//
-// The behaviour of the tests should be _mostly_ identical, except that
-// Trusted Types relevant assignments should only throw in the enforced
-// case. We will use assert_throws for things that should always throw
-// (i.e., regular exceptions), and maybe_throws for tests that should only
-// throw in TT-enforcing mode.
-const is_report_only = document.location.pathname.includes("report-only");
-const maybe_throws = (is_report_only
-  ? (error, fn, message) => fn()
-  : assert_throws);
 // Ensure that only the right events trigger violation reports.
 // The Promise will resolve, when an event including the string "done" is
 // received. The last line of this test file will cause this trigger.
@@ -69,7 +49,8 @@ const testCases = [
 testCases.forEach(c => {
  test(t => {
    const element = document.createElement(c[0]);
-    maybe_throws(TypeError(), _ => element[c[1]] = "nodefault");
+    element[c[1]] = "nodefault";
+    assert_true(element[c[1]].includes("nodefault"));
  }, `${c[0]}.${c[1]} no default policy`);
 });
@@ -105,7 +86,8 @@ testCases.forEach(c => {
  }, name + "default");
  test(t => {
    const element = document.createElement(c[0]);
-    maybe_throws(TypeError(), _ => element[c[1]] = "null");
+    element[c[1]] = "null";
+    assert_true(element[c[1]].includes("null"));
  }, name + "null");
  test(t => {
    const element = document.createElement(c[0]);
@@ -113,7 +95,8 @@ testCases.forEach(c => {
  }, name + "throw");
  test(t => {
    const element = document.createElement(c[0]);
-    maybe_throws(TypeError(), _ => element[c[1]] = "undefined");
+    element[c[1]] = "undefined";
+    assert_true(element[c[1]].includes("undefined"));
  }, name + "undefined");
  test(t => {
    const element = document.createElement(c[0]);

--- a/third_party/blink/web_tests/external/wpt/trusted-types/default-policy.tentative.html
+++ b/third_party/blink/web_tests/external/wpt/trusted-types/default-policy.tentative.html
@@ -7,26 +7,6 @@
 </head>
 <body>
 <script>
-// We expect to run this test in two instances, enforcing and report-only
-// Trusted Type policies. We'll infer from our URL which one we are.
-//
-// The expected file names/headers are:
-// - default-policy.tentative.html:
-//     Content-Security-Policy: trusted-types *
-// - default-policy-report-only.tentative.html:
-//    Content-Security-Policy-Report-Only: trusted-types *
-//
-// The behaviour of the tests should be _mostly_ identical, except that
-// Trusted Types relevant assignments should only throw in the enforced
-// case. We will use assert_throws for things that should always throw
-// (i.e., regular exceptions), and maybe_throws for tests that should only
-// throw in TT-enforcing mode.
-const is_report_only = document.location.pathname.includes("report-only");
-const maybe_throws = (is_report_only
-  ? (error, fn, message) => fn()
-  : assert_throws);
 // Ensure that only the right events trigger violation reports.
 // The Promise will resolve, when an event including the string "done" is
 // received. The last line of this test file will cause this trigger.
@@ -69,7 +49,8 @@ const testCases = [
 testCases.forEach(c => {
  test(t => {
    const element = document.createElement(c[0]);
-    maybe_throws(TypeError(), _ => element[c[1]] = "nodefault");
+    assert_throws(TypeError(), _ => element[c[1]] = "nodefault");
+    assert_equals(element[c[1]], "");
  }, `${c[0]}.${c[1]} no default policy`);
 });
@@ -105,7 +86,8 @@ testCases.forEach(c => {
  }, name + "default");
  test(t => {
    const element = document.createElement(c[0]);
-    maybe_throws(TypeError(), _ => element[c[1]] = "null");
+    assert_throws(TypeError(), _ => element[c[1]] = "null");
+    assert_equals(element[c[1]], "");
  }, name + "null");
  test(t => {
    const element = document.createElement(c[0]);
@@ -113,7 +95,8 @@ testCases.forEach(c => {
  }, name + "throw");
  test(t => {
    const element = document.createElement(c[0]);
-    maybe_throws(TypeError(), _ => element[c[1]] = "undefined");
+    assert_throws(TypeError(), _ => element[c[1]] = "undefined");
+    assert_equals(element[c[1]], "");
  }, name + "undefined");
  test(t => {
    const element = document.createElement(c[0]);