[Trusted Types] Fix eval handling in workers.

The current code only enables/disables eval (& Function constructors) in
workers wholesale, and never registers a callback. This means that the
functionality that relies on the callback doesn't work in workers.

This patch registers the callback, and removes two assertions that are now
no longer true.

Bug: 1126472
Change-Id: I3996431acd97fd6f62e8e09ed44732e8eaa438f6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2426645Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#811633}

third_party/blink/renderer/bindings/core/v8/v8_initializer.cc

@@ -355,11 +355,6 @@ static bool ContentSecurityPolicyCodeGenerationCheck(
     v8::Local<v8::Context> context,
     v8::Local<v8::String> source) {
   if (ExecutionContext* execution_context = ToExecutionContext(context)) {
-    DCHECK(execution_context->IsWindow() ||
-           execution_context->IsMainThreadWorkletGlobalScope());
-
-    v8::Context::Scope scope(context);
-
     // Note this callback is only triggered for contexts which have eval
     // disabled. Hence we don't need to handle the case of isolated world
     // contexts with no CSP specified. (They should be exempt from the page CSP.
@@ -367,6 +362,7 @@ static bool ContentSecurityPolicyCodeGenerationCheck(
 
     if (ContentSecurityPolicy* policy =
             execution_context->GetContentSecurityPolicyForCurrentWorld()) {
+      v8::Context::Scope scope(context);
       v8::String::Value source_str(context->GetIsolate(), source);
       UChar snippet[ContentSecurityPolicy::kMaxSampleLength + 1];
       size_t len = std::min((sizeof(snippet) / sizeof(UChar)) - 1,
@@ -786,6 +782,8 @@ void V8Initializer::InitializeWorker(v8::Isolate* isolate) {
 
   isolate->SetStackLimit(WTF::GetCurrentStackPosition() - kWorkerMaxStackSize);
   isolate->SetPromiseRejectCallback(PromiseRejectHandlerInWorker);
+  isolate->SetModifyCodeGenerationFromStringsCallback(
+      CodeGenerationCheckCallbackInMainThread);
 }
 
 }  // namespace blink

third_party/blink/web_tests/TestExpectations

@@ -3059,9 +3059,6 @@ crbug.com/626703 [ Win ] external/wpt/css/css-lists/content-property/marker-text
 crbug.com/626703 external/wpt/css/css-lists/content-property/marker-text-matches-square.html [ Failure ]
 crbug.com/626703 external/wpt/svg/linking/reftests/use-descendant-combinator-003.html [ Failure ]
 crbug.com/626703 external/wpt/css/css-lists/content-property/marker-text-matches-circle.html [ Failure ]
-crbug.com/626703 external/wpt/content-security-policy/securitypolicyviolation/inside-service-worker.https.html [ Timeout ]
-crbug.com/626703 external/wpt/content-security-policy/securitypolicyviolation/inside-shared-worker.html [ Timeout ]
-crbug.com/626703 external/wpt/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html [ Timeout ]
 crbug.com/626703 external/wpt/content-security-policy/securitypolicyviolation/targeting.html [ Timeout ]
 crbug.com/863355 [ Mac ] external/wpt/svg/shapes/reftests/pathlength-002.svg [ Failure ]
 crbug.com/366559 external/wpt/svg/shapes/reftests/pathlength-003.svg [ Failure ]

third_party/blink/web_tests/WPTOverrideExpectations

@@ -176,9 +176,6 @@ external/wpt/content-security-policy/reporting-api/reporting-api-sends-reports-o
 external/wpt/content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html [ Pass ] # wpt_subtest_failure
 external/wpt/content-security-policy/script-src/script-src-strict_dynamic_hashes.html [ Failure ]
 external/wpt/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html [ Timeout ] # wpt_subtest_failure
-external/wpt/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html [ Timeout ] # wpt_subtest_failure
-external/wpt/content-security-policy/securitypolicyviolation/inside-service-worker.https.html [ Timeout ] # wpt_subtest_failure
-external/wpt/content-security-policy/securitypolicyviolation/inside-shared-worker.html [ Timeout ] # wpt_subtest_failure
 external/wpt/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html [ Pass ] # wpt_subtest_failure
 external/wpt/content-security-policy/securitypolicyviolation/targeting.html [ Timeout ] # wpt_subtest_failure
 external/wpt/content-security-policy/worker-src/service-none.https.sub.html [ Pass Failure ]

third_party/blink/web_tests/external/wpt/trusted-types/WorkerGlobalScope-eval.html

+<!doctype html>
+<html>
+<head>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<div id=log></div>
+
+<script>
+
+// To test workers, we need to importScripts source files in the workers.
+// Since the point of this test is to test blocking of importScripts, we need
+// to set up one policy that will blindly pass through URLs for use in the test
+// setup, and then have additional policies for the actual test cases.
+//
+// For the same reason we cannot use the otherwise preferred 'META: workers'
+// tag, since that test setup would be blocked as soon as trusted types
+// enforcement is enabled.
+const test_setup_policy = trustedTypes.createPolicy("hurrayanythinggoes", {
+  createScriptURL: x => x});
+const test_url =
+  test_setup_policy.createScriptURL("support/WorkerGlobalScope-eval.https.js");
+
+fetch_tests_from_worker(new Worker(test_url));
+
+fetch_tests_from_worker(new SharedWorker(test_url));
+
+// Cargo-culted from code generated from "META: worker".
+if ('serviceWorker' in navigator) {
+  (async function() {
+      const scope = 'support/some/scope/for/this/test';
+      let reg = await navigator.serviceWorker.getRegistration(scope);
+      if (reg) await reg.unregister();
+      reg = await navigator.serviceWorker.register(test_url, {scope});
+      fetch_tests_from_worker(reg.installing);
+  })();
+}
+
+</script>
+</body>

third_party/blink/web_tests/external/wpt/trusted-types/support/WorkerGlobalScope-eval.https.js

+let test_setup_policy = trustedTypes.createPolicy("hurrayanythinggoes", {
+  createScriptURL: x => x
+});
+importScripts(test_setup_policy.createScriptURL("/resources/testharness.js"));
+
+// Determine worker type (for better logging)
+let worker_type = "unknown";
+if (this.DedicatedWorkerGlobalScope !== undefined) {
+  worker_type = "dedicated worker";
+} else if (this.SharedWorkerGlobalScope !== undefined) {
+  worker_type = "shared worker";
+} else if (this.ServiceWorkerGlobalScope !== undefined) {
+  worker_type = "service worker";
+}
+
+// Test eval(string)
+test(t => {
+  assert_throws_js(EvalError, _ => eval("2"));
+}, "eval(string) in " + worker_type);
+
+// Test eval(TrustedScript)
+let test_policy = trustedTypes.createPolicy("xxx", {
+  createScript: x => x.replace("2", "7")
+});
+test(t => {
+  assert_equals(eval(test_policy.createScript("2")), 7);
+}, "eval(TrustedScript) in " + worker_type);
+
+// Test eval(String) with default policy
+trustedTypes.createPolicy("default", {
+  createScript: x => x.replace("2", "5")
+});
+test(t => {
+  assert_equals(eval("2"), 5);
+}, "eval(string) with default policy in " + worker_type);
+
+done();

third_party/blink/web_tests/external/wpt/trusted-types/support/WorkerGlobalScope-eval.https.js.headers

+Content-Security-Policy: require-trusted-types-for 'script';