DOMWindowTimers::setTimeout and setInterval modified to accept Trusted

Types.

New implementations of DOMWindowTimers::setTimeout() and setInterval()
added to accept TrustedScript as an argument.
Previously existing implementations renamed to setTimeoutFromString()
and setIntervalFromString(), respectively.

Bug: 739170
Change-Id: I3513ebb651534f0b1ef1b8de9c694136b02e2412
Reviewed-on: https://chromium-review.googlesource.com/1179899Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Commit-Queue: Maja Kabus <kabusm@google.com>
Cr-Commit-Position: refs/heads/master@{#591327}

third_party/WebKit/LayoutTests/external/wpt/lint.whitelist

@@ -208,6 +208,8 @@ SET TIMEOUT: streams/piping/general.js
 SET TIMEOUT: streams/readable-streams/cancel.js
 SET TIMEOUT: streams/resources/rs-utils.js
 SET TIMEOUT: streams/writable-streams/byte-length-queuing-strategy.js
+SET TIMEOUT: trusted-types/block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.tentative.html
+SET TIMEOUT: trusted-types/DOMWindowTimers-setTimeout-setInterval.tentative.html
 SET TIMEOUT: user-timing/*
 SET TIMEOUT: webaudio/the-audio-api/the-mediaelementaudiosourcenode-interface/mediaElementAudioSourceToScriptProcessorTest.html
 SET TIMEOUT: webauthn/*timeout.https.html

third_party/WebKit/LayoutTests/external/wpt/trusted-types/DOMWindowTimers-setTimeout-setInterval.tentative.html

+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="support/helper.sub.js"></script>
+<body>
+<script>
+  async_test(t => {
+    window.timeoutTest = t;
+    let policy = createScript_policy(window, 'timeout');
+    let script = policy.createScript("window.timeoutTest.done();");
+    setTimeout(script);
+  }, "window.setTimeout assigned via policy (successful Script transformation).");
+
+  async_test(t => {
+    window.intervalTest = t;
+    let policy = createScript_policy(window, 'script');
+    let script = policy.createScript("window.intervalTest.done();");
+    setInterval(script);
+  }, "window.setInterval assigned via policy (successful Script transformation).");
+</script>

third_party/WebKit/LayoutTests/external/wpt/trusted-types/block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.tentative.html

+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="support/helper.sub.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="trusted-types">
+<body>
+<script>
+  // setTimeout tests
+  // TrustedScript assignments do not throw.
+  async_test(t => {
+    window.timeoutTest = t;
+    let policy = createScript_policy(window, 'timeout');
+    let script = policy.createScript("window.timeoutTest.done();");
+    setTimeout(script);
+  }, "window.setTimeout assigned via policy (successful Script transformation).");
+
+  // String assignments throw.
+  test(t => {
+    window.timeoutTestString = t.unreached_func();
+    assert_throws(new TypeError(), _ => {
+      setTimeout("window.timeoutTestString();");
+    });
+  }, "`window.setTimeout(string)` throws.");
+
+  // Null assignment throws.
+  test(t => {
+    assert_throws(new TypeError(), _ => {
+      setTimeout(null);
+    });
+  }, "`window.setTimeout(null)` throws.");
+
+  // setInterval tests
+  // TrustedScript assignments do not throw.
+  async_test(t => {
+    window.intervalTest = t;
+    let policy = createScript_policy(window, 'script');
+    let script = policy.createScript("window.intervalTest.done();");
+    setInterval(script);
+  }, "window.setInterval assigned via policy (successful Script transformation).");
+
+  // String assignments throw.
+  test(t => {
+    window.intervalTestString = t.unreached_func();
+    assert_throws(new TypeError(), _ => {
+      setInterval("window.intervalTestString()");
+    });
+  }, "`window.setInterval(string)` throws.");
+
+  // Null assignment throws.
+  test(t => {
+    assert_throws(new TypeError(), _ => {
+      setInterval(null);
+    });
+  }, "`window.setInterval(null)` throws.");
+</script>

third_party/blink/renderer/core/frame/dom_window_timers.cc

@@ -32,13 +32,16 @@
 
 #include "third_party/blink/renderer/core/frame/dom_window_timers.h"
 
+#include "third_party/blink/renderer/bindings/core/v8/string_or_trusted_script.h"
 #include "third_party/blink/renderer/bindings/core/v8/v8_gc_for_context_dispose.h"
 #include "third_party/blink/renderer/core/dom/document.h"
 #include "third_party/blink/renderer/core/dom/events/event_target.h"
 #include "third_party/blink/renderer/core/execution_context/execution_context.h"
 #include "third_party/blink/renderer/core/frame/csp/content_security_policy.h"
 #include "third_party/blink/renderer/core/frame/dom_timer.h"
+#include "third_party/blink/renderer/core/trustedtypes/trusted_types_util.h"
 #include "third_party/blink/renderer/core/workers/worker_global_scope.h"
+#include "third_party/blink/renderer/platform/bindings/exception_state.h"
 #include "third_party/blink/renderer/platform/weborigin/security_violation_reporting_policy.h"
 
 namespace blink {
@@ -99,6 +102,24 @@ int setTimeout(ScriptState* script_state,
 }
 
 int setTimeout(ScriptState* script_state,
+               EventTarget& event_target,
+               const StringOrTrustedScript& string_or_trusted_script,
+               int timeout,
+               const Vector<ScriptValue>& arguments,
+               ExceptionState& exception_state) {
+  ExecutionContext* execution_context = event_target.GetExecutionContext();
+  Document* document = execution_context->IsDocument()
+                           ? static_cast<Document*>(execution_context)
+                           : nullptr;
+  String handler = GetStringFromTrustedScript(string_or_trusted_script,
+                                              document, exception_state);
+  if (exception_state.HadException())
+    return 0;
+  return setTimeoutFromString(script_state, event_target, handler, timeout,
+                              arguments);
+}
+
+int setTimeoutFromString(ScriptState* script_state,
                          EventTarget& event_target,
                          const String& handler,
                          int timeout,
@@ -136,6 +157,24 @@ int setInterval(ScriptState* script_state,
 }
 
 int setInterval(ScriptState* script_state,
+                EventTarget& event_target,
+                const StringOrTrustedScript& string_or_trusted_script,
+                int timeout,
+                const Vector<ScriptValue>& arguments,
+                ExceptionState& exception_state) {
+  ExecutionContext* execution_context = event_target.GetExecutionContext();
+  Document* document = execution_context->IsDocument()
+                           ? static_cast<Document*>(execution_context)
+                           : nullptr;
+  String handler = GetStringFromTrustedScript(string_or_trusted_script,
+                                              document, exception_state);
+  if (exception_state.HadException())
+    return 0;
+  return setIntervalFromString(script_state, event_target, handler, timeout,
+                               arguments);
+}
+
+int setIntervalFromString(ScriptState* script_state,
                           EventTarget& event_target,
                           const String& handler,
                           int timeout,

third_party/blink/renderer/core/frame/dom_window_timers.h

@@ -39,8 +39,10 @@
 namespace blink {
 
 class EventTarget;
+class ExceptionState;
 class ScriptState;
 class ScriptValue;
+class StringOrTrustedScript;
 
 namespace DOMWindowTimers {
 int setTimeout(ScriptState*,
@@ -49,6 +51,12 @@ int setTimeout(ScriptState*,
                int timeout,
                const Vector<ScriptValue>& arguments);
 int setTimeout(ScriptState*,
+               EventTarget&,
+               const StringOrTrustedScript&,
+               int timeout,
+               const Vector<ScriptValue>&,
+               ExceptionState&);
+int setTimeoutFromString(ScriptState*,
                          EventTarget&,
                          const String& handler,
                          int timeout,
@@ -59,6 +67,12 @@ int setInterval(ScriptState*,
                 int timeout,
                 const Vector<ScriptValue>&);
 int setInterval(ScriptState*,
+                EventTarget&,
+                const StringOrTrustedScript&,
+                int timeout,
+                const Vector<ScriptValue>&,
+                ExceptionState&);
+int setIntervalFromString(ScriptState*,
                           EventTarget&,
                           const String& handler,
                           int timeout,

third_party/blink/renderer/core/frame/window_timers.idl

@@ -38,9 +38,9 @@
     // setTimeout and setInterval.
     // https://html.spec.whatwg.org/C/webappapis.html#windoworworkerglobalscope-mixin
     [CallWith=ScriptState, RuntimeCallStatsCounter=WindowSetTimeout] long setTimeout(CallbackFunctionTreatedAsScriptValue handler, optional long timeout = 0, any... arguments);
-    [CallWith=ScriptState] long setTimeout(DOMString handler, optional long timeout = 0, any... arguments);
+    [CallWith=ScriptState, RaisesException] long setTimeout(ScriptString handler, optional long timeout = 0, any... arguments);
     void clearTimeout(optional long handle = 0);
     [CallWith=ScriptState] long setInterval(CallbackFunctionTreatedAsScriptValue handler, optional long timeout = 0, any... arguments);
-    [CallWith=ScriptState] long setInterval(DOMString handler, optional long timeout = 0, any... arguments);
+    [CallWith=ScriptState, RaisesException] long setInterval(ScriptString handler, optional long timeout = 0, any... arguments);
     void clearInterval(optional long handle = 0);
 };