Added new class TrustedScript to TrustedTypes

New class TrustedScript added as a C++ implementation of JS
TrustedScript.

Bug: 739170
Change-Id: Ife70f8838aefa6bb4aac45f09639464c19de6e1b
Reviewed-on: https://chromium-review.googlesource.com/1168494
Commit-Queue: Maja Kabus <kabusm@google.com>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#584197}

third_party/WebKit/LayoutTests/external/wpt/trusted-types/TrustedTypePolicyFactory-createPolicy.tentative.html

@@ -84,6 +84,77 @@
     }));
   }, "html - calling undefined callback");
 
+  //Script tests
+  function createScriptTest(policy, expectedScript, t) {
+    let p = window.trustedTypes.createPolicy('SomeName', policy)
+        .then(t.step_func_done(p => {
+            assert_true(p.createScript('whatever') instanceof TrustedScript);
+            assert_equals(p.createScript('whatever') + "", expectedScript);
+    }));
+  }
+
+  async_test(t => {
+    createScriptTest( { createScript: s => s }, 'whatever', t);
+  }, "script = identity function");
+
+  async_test(t => {
+    createScriptTest( { createScript: s => null }, "null", t);
+  }, "script = null");
+
+  var Scriptstr = 'well, ';
+  async_test(t => {
+    createScriptTest( { createScript: s => Scriptstr + s }, Scriptstr + 'whatever', t);
+  }, "script = string + global string");
+
+  var Scriptx = 'global';
+  async_test(t => {
+    let p = window.trustedTypes.createPolicy('SomeName', {
+        createScript: s => { Scriptx = s; return s; }
+      })
+      .then(t.step_func_done(p => {
+        assert_true(p.createScript('whatever') instanceof TrustedScript);
+        assert_equals(p.createScript('whatever') + "", 'whatever');
+        assert_equals(Scriptx, 'whatever');
+    }));
+  }, "script = identity function, global string changed");
+
+  async_test(t => {
+    let p = window.trustedTypes.createPolicy('SomeName', {
+        createScript: s => { throw new Error(); }
+      })
+      .then(t.step_func_done(p => {
+        assert_throws(new Error(), _ => {
+          p.createScript('whatever');
+        });
+    }));
+  }, "script = callback that throws");
+
+  var obj = {
+    "foo": "well,"
+  }
+
+  function getScript(s) {
+    return this.foo + " " + s;
+  }
+
+  async_test(t => {
+    createScriptTest( {
+      createScript: getScript.bind(obj)},
+      'well, whatever', t);
+  }, "script = this bound to an object");
+
+  var foo = "well,";
+  async_test(t => {
+    createScriptTest( { createScript: s => getScript(s) }, 'well, whatever', t);
+  }, "script = this without bind");
+
+  async_test(t => {
+    let p = window.trustedTypes.createPolicy('SomeName', null)
+        .then(t.step_func_done(p => {
+            assert_equals(p.createScript('whatever'), null);
+    }));
+  }, "script - calling undefined callback");
+
   //ScriptURL tests
   function createScriptURLTest(policy, expectedScriptURL, t) {
     window.trustedTypes.createPolicy('SomeName', policy)

third_party/WebKit/LayoutTests/external/wpt/trusted-types/support/helper.sub.js

 var INPUTS = {
   HTML: "Hi, I want to be transformed!",
+  SCRIPT: "Hi, I want to be transformed!",
   SCRIPTURL: "http://this.is.a.scripturl.test/",
   URL: "http://hello.i.am.an.url/"
 };
 
 var RESULTS = {
   HTML: "Quack, I want to be a duck!",
+  SCRIPT: "Meow, I want to be a cat!",
   SCRIPTURL: "http://this.is.a.successful.test/",
   URL: "http://hooray.i.am.successfully.transformed/"
 };
@@ -15,6 +17,11 @@ function createHTMLJS(html) {
       .replace("transformed", "a duck");
 }
 
+function createScriptJS(script) {
+  return script.replace("Hi", "Meow")
+      .replace("transformed", "a cat");
+}
+
 function createScriptURLJS(scripturl) {
   return scripturl.replace("scripturl", "successful");
 }
@@ -28,6 +35,10 @@ function createHTML_policy(win) {
   return win.trustedTypes.createPolicy('SomeName', { createHTML: createHTMLJS });
 }
 
+function createScript_policy(win) {
+  return win.trustedTypes.createPolicy('SomeName', { createScript: createScriptJS });
+}
+
 function createScriptURL_policy(win) {
   return win.trustedTypes.createPolicy('SomeName', { createScriptURL: createScriptURLJS });
 }
@@ -44,6 +55,14 @@ function assert_element_accepts_trusted_html(win, t, tag, attribute, expected) {
       }));
 }
 
+function assert_element_accepts_trusted_script(win, t, tag, attribute, expected) {
+  createScript_policy(win)
+      .then(t.step_func_done(p => {
+          let script = p.createScript(INPUTS.SCRIPT);
+          assert_element_accepts_trusted_type(tag, attribute, script, expected);
+      }));
+}
+
 function assert_element_accepts_trusted_script_url(win, t, tag, attribute, expected) {
   createScriptURL_policy(win)
       .then(t.step_func_done(p => {

third_party/WebKit/LayoutTests/http/tests/serviceworker/webexposed/global-interface-listing-service-worker-expected.txt

@@ -1219,6 +1219,10 @@ interface TrustedHTML
     attribute @@toStringTag
     method constructor
     method toString
+interface TrustedScript
+    attribute @@toStringTag
+    method constructor
+    method toString
 interface TrustedScriptURL
     static method unsafelyCreate
     attribute @@toStringTag

third_party/WebKit/LayoutTests/webexposed/global-interface-listing-dedicated-worker-expected.txt

@@ -1119,6 +1119,10 @@ Starting worker: resources/global-interface-listing-worker.js
 [Worker]     attribute @@toStringTag
 [Worker]     method constructor
 [Worker]     method toString
+[Worker] interface TrustedScript
+[Worker]     attribute @@toStringTag
+[Worker]     method constructor
+[Worker]     method toString
 [Worker] interface TrustedScriptURL
 [Worker]     static method unsafelyCreate
 [Worker]     attribute @@toStringTag

third_party/WebKit/LayoutTests/webexposed/global-interface-listing-expected.txt

@@ -7296,6 +7296,10 @@ interface TrustedHTML
     attribute @@toStringTag
     method constructor
     method toString
+interface TrustedScript
+    attribute @@toStringTag
+    method constructor
+    method toString
 interface TrustedScriptURL
     static method unsafelyCreate
     attribute @@toStringTag
@@ -7306,6 +7310,7 @@ interface TrustedTypePolicy
     getter name
     method constructor
     method createHTML
+    method createScript
     method createScriptURL
     method createURL
 interface TrustedTypePolicyFactory

third_party/WebKit/LayoutTests/webexposed/global-interface-listing-shared-worker-expected.txt

@@ -1119,6 +1119,10 @@ Starting worker: resources/global-interface-listing-worker.js
 [Worker]     attribute @@toStringTag
 [Worker]     method constructor
 [Worker]     method toString
+[Worker] interface TrustedScript
+[Worker]     attribute @@toStringTag
+[Worker]     method constructor
+[Worker]     method toString
 [Worker] interface TrustedScriptURL
 [Worker]     static method unsafelyCreate
 [Worker]     attribute @@toStringTag

third_party/blink/renderer/bindings/core/v8/BUILD.gn

@@ -90,6 +90,8 @@ bindings_core_generated_union_type_files = [
   "$bindings_core_v8_output_dir/string_or_string_sequence.h",
   "$bindings_core_v8_output_dir/string_or_trusted_html.cc",
   "$bindings_core_v8_output_dir/string_or_trusted_html.h",
+  "$bindings_core_v8_output_dir/string_or_trusted_script.cc",
+  "$bindings_core_v8_output_dir/string_or_trusted_script.h",
   "$bindings_core_v8_output_dir/string_or_trusted_script_url.cc",
   "$bindings_core_v8_output_dir/string_or_trusted_script_url.h",
   "$bindings_core_v8_output_dir/string_or_unrestricted_double_sequence.cc",
@@ -150,6 +152,8 @@ generated_core_callback_function_files = [
   "$bindings_core_v8_output_dir/v8_scroll_state_callback.h",
   "$bindings_core_v8_output_dir/v8_create_html_callback.cc",
   "$bindings_core_v8_output_dir/v8_create_html_callback.h",
+  "$bindings_core_v8_output_dir/v8_create_script_callback.cc",
+  "$bindings_core_v8_output_dir/v8_create_script_callback.h",
   "$bindings_core_v8_output_dir/v8_create_url_callback.cc",
   "$bindings_core_v8_output_dir/v8_create_url_callback.h",
   "$bindings_core_v8_output_dir/v8_void_function.cc",

third_party/blink/renderer/core/core_idl_files.gni

@@ -134,6 +134,7 @@ core_idl_files =
                     "dom/events/event.idl",
                     "dom/events/event_target.idl",
                     "trustedtypes/trusted_html.idl",
+                    "trustedtypes/trusted_script.idl",
                     "trustedtypes/trusted_script_url.idl",
                     "trustedtypes/trusted_url.idl",
                     "trustedtypes/trusted_type_policy.idl",

third_party/blink/renderer/core/trustedtypes/BUILD.gn

@@ -8,6 +8,8 @@ blink_core_sources("trustedtypes") {
   sources = [
     "trusted_html.cc",
     "trusted_html.h",
+    "trusted_script.cc",
+    "trusted_script.h",
     "trusted_script_url.cc",
     "trusted_script_url.h",
     "trusted_type_policy.cc",

third_party/blink/renderer/core/trustedtypes/trusted_script.cc

+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "third_party/blink/renderer/core/trustedtypes/trusted_script.h"
+
+#include "third_party/blink/renderer/bindings/core/v8/string_or_trusted_script.h"
+#include "third_party/blink/renderer/core/dom/document.h"
+#include "third_party/blink/renderer/platform/runtime_enabled_features.h"
+
+namespace blink {
+
+TrustedScript::TrustedScript(const String& script) : script_(script) {}
+
+String TrustedScript::GetString(StringOrTrustedScript string_or_trusted_script,
+                                const Document* doc,
+                                ExceptionState& exception_state) {
+  DCHECK(string_or_trusted_script.IsString() ||
+         RuntimeEnabledFeatures::TrustedDOMTypesEnabled());
+  DCHECK(!string_or_trusted_script.IsNull());
+
+  if (!string_or_trusted_script.IsTrustedScript() && doc &&
+      doc->RequireTrustedTypes()) {
+    exception_state.ThrowTypeError(
+        "This document requires `TrustedScript` assignment.");
+    return g_empty_string;
+  }
+
+  String markup =
+      string_or_trusted_script.IsString()
+          ? string_or_trusted_script.GetAsString()
+          : string_or_trusted_script.GetAsTrustedScript()->toString();
+  return markup;
+}
+
+String TrustedScript::toString() const {
+  return script_;
+}
+
+}  // namespace blink

third_party/blink/renderer/core/trustedtypes/trusted_script.h

+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef THIRD_PARTY_BLINK_RENDERER_CORE_TRUSTEDTYPES_TRUSTED_SCRIPT_H_
+#define THIRD_PARTY_BLINK_RENDERER_CORE_TRUSTEDTYPES_TRUSTED_SCRIPT_H_
+
+#include "third_party/blink/renderer/core/core_export.h"
+#include "third_party/blink/renderer/platform/bindings/script_wrappable.h"
+#include "third_party/blink/renderer/platform/heap/handle.h"
+#include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
+
+namespace blink {
+
+class Document;
+class ExceptionState;
+class StringOrTrustedScript;
+
+class CORE_EXPORT TrustedScript final : public ScriptWrappable {
+  DEFINE_WRAPPERTYPEINFO();
+
+ public:
+  static TrustedScript* Create(const String& script) {
+    return new TrustedScript(script);
+  }
+
+  // TrustedScript.idl
+  String toString() const;
+
+  static String GetString(StringOrTrustedScript,
+                          const Document*,
+                          ExceptionState&);
+
+ private:
+  TrustedScript(const String& script);
+
+  const String script_;
+};
+
+}  // namespace blink
+
+#endif  // THIRD_PARTY_BLINK_RENDERER_CORE_TRUSTEDTYPES_TRUSTED_SCRIPT_H_

third_party/blink/renderer/core/trustedtypes/trusted_script.idl

+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// https://github.com/wicg/trusted-types
+
+typedef (DOMString or TrustedScript) ScriptString;
+
+[
+    Exposed=(Window,Worker),
+    RuntimeEnabled=TrustedDOMTypes
+] interface TrustedScript {
+    stringifier;
+};

third_party/blink/renderer/core/trustedtypes/trusted_type_policy.cc

@@ -5,6 +5,7 @@
 #include "third_party/blink/renderer/core/trustedtypes/trusted_type_policy.h"
 
 #include "third_party/blink/renderer/core/trustedtypes/trusted_html.h"
+#include "third_party/blink/renderer/core/trustedtypes/trusted_script.h"
 #include "third_party/blink/renderer/core/trustedtypes/trusted_script_url.h"
 #include "third_party/blink/renderer/core/trustedtypes/trusted_url.h"
 #include "third_party/blink/renderer/platform/bindings/exception_state.h"
@@ -39,6 +40,22 @@ TrustedHTML* TrustedTypePolicy::createHTML(ScriptState* script_state,
   return TrustedHTML::Create(html);
 }
 
+TrustedScript* TrustedTypePolicy::createScript(
+    ScriptState* script_state,
+    const String& input,
+    ExceptionState& exception_state) {
+  if (!policy_options_.createScript())
+    return nullptr;
+  v8::TryCatch try_catch(script_state->GetIsolate());
+  String script;
+  if (!policy_options_.createScript()->Invoke(nullptr, input).To(&script)) {
+    DCHECK(try_catch.HasCaught());
+    exception_state.RethrowV8Exception(try_catch.Exception());
+    return nullptr;
+  }
+  return TrustedScript::Create(script);
+}
+
 TrustedScriptURL* TrustedTypePolicy::createScriptURL(
     ScriptState* script_state,
     const String& input,

third_party/blink/renderer/core/trustedtypes/trusted_type_policy.h

@@ -15,6 +15,7 @@ namespace blink {
 
 class ExceptionState;
 class TrustedHTML;
+class TrustedScript;
 class TrustedScriptURL;
 class TrustedURL;
 
@@ -26,6 +27,7 @@ class CORE_EXPORT TrustedTypePolicy final : public ScriptWrappable {
                                    const TrustedTypePolicyOptions&);
 
   TrustedHTML* createHTML(ScriptState*, const String&, ExceptionState&);
+  TrustedScript* createScript(ScriptState*, const String&, ExceptionState&);
   TrustedScriptURL* createScriptURL(ScriptState*,
                                     const String&,
                                     ExceptionState&);

third_party/blink/renderer/core/trustedtypes/trusted_type_policy.idl

@@ -9,6 +9,7 @@
 ] interface TrustedTypePolicy {
     readonly attribute DOMString name;
     [CallWith=ScriptState, RaisesException] TrustedHTML createHTML(DOMString input);
+    [CallWith=ScriptState, RaisesException] TrustedScript createScript(DOMString input);
     [CallWith=ScriptState, RaisesException] TrustedScriptURL createScriptURL(DOMString input);
     [CallWith=ScriptState, RaisesException] TrustedURL createURL(DOMString input);
 };

third_party/blink/renderer/core/trustedtypes/trusted_type_policy_options.idl

@@ -6,9 +6,11 @@
 
 dictionary TrustedTypePolicyOptions {
    CreateHTMLCallback createHTML;
+   CreateScriptCallback createScript;
    CreateURLCallback createScriptURL;
    CreateURLCallback createURL;
 };
 
 callback CreateHTMLCallback = DOMString (DOMString input);
+callback CreateScriptCallback = DOMString (DOMString input);
 callback CreateURLCallback = USVString (DOMString input);