From 1e8896800ada35ff0a12b6463255c11e9708ae16 Mon Sep 17 00:00:00 2001
From: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Date: Sun, 4 May 2025 19:05:07 +0200
Subject: [PATCH] Implement Trusted types worker sinks (#36811)

Part of #36258

Built on top of #36668

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
---
 components/script/dom/worker.rs               | 17 +++++++++++---
 components/script/dom/workerglobalscope.rs    | 23 +++++++++++++++++--
 .../script_bindings/webidls/Worker.webidl     |  2 +-
 .../webidls/WorkerGlobalScope.webidl          |  2 +-
 ...-constructor-from-DedicatedWorker.html.ini |  3 ---
 ...DedicatedWorker-constructor.https.html.ini |  6 -----
 .../DedicatedWorker-importScripts.html.ini    | 18 ---------------
 ...orker-DedicatedWorker-constructor.html.ini |  3 ---
 ...for-DedicatedWorker-importScripts.html.ini |  3 ---
 ...indow-DedicatedWorker-constructor.html.ini |  3 ---
 10 files changed, 37 insertions(+), 43 deletions(-)
 delete mode 100644 tests/wpt/meta/trusted-types/DedicatedWorker-constructor-from-DedicatedWorker.html.ini
 delete mode 100644 tests/wpt/meta/trusted-types/DedicatedWorker-constructor.https.html.ini
 delete mode 100644 tests/wpt/meta/trusted-types/DedicatedWorker-importScripts.html.ini
 delete mode 100644 tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html.ini
 delete mode 100644 tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-importScripts.html.ini
 delete mode 100644 tests/wpt/meta/trusted-types/trusted-types-reporting-for-Window-DedicatedWorker-constructor.html.ini

diff --git a/components/script/dom/worker.rs b/components/script/dom/worker.rs
index 6ad56026db6..7a6b226cf07 100644
--- a/components/script/dom/worker.rs
+++ b/components/script/dom/worker.rs
@@ -21,12 +21,12 @@ use crate::dom::abstractworker::{SimpleWorkerErrorHandler, WorkerScriptMsg};
 use crate::dom::bindings::cell::DomRefCell;
 use crate::dom::bindings::codegen::Bindings::MessagePortBinding::StructuredSerializeOptions;
 use crate::dom::bindings::codegen::Bindings::WorkerBinding::{WorkerMethods, WorkerOptions};
+use crate::dom::bindings::codegen::UnionTypes::TrustedScriptURLOrUSVString;
 use crate::dom::bindings::error::{Error, ErrorResult, Fallible};
 use crate::dom::bindings::inheritance::Castable;
 use crate::dom::bindings::refcounted::Trusted;
 use crate::dom::bindings::reflector::{DomGlobal, reflect_dom_object_with_proto};
 use crate::dom::bindings::root::DomRoot;
-use crate::dom::bindings::str::USVString;
 use crate::dom::bindings::structuredclone;
 use crate::dom::bindings::trace::{CustomTraceable, RootedTraceableBox};
 use crate::dom::dedicatedworkerglobalscope::{
@@ -35,6 +35,7 @@ use crate::dom::dedicatedworkerglobalscope::{
 use crate::dom::eventtarget::EventTarget;
 use crate::dom::globalscope::GlobalScope;
 use crate::dom::messageevent::MessageEvent;
+use crate::dom::trustedscripturl::TrustedScriptURL;
 use crate::dom::window::Window;
 use crate::dom::workerglobalscope::prepare_workerscope_init;
 use crate::realms::enter_realm;
@@ -162,11 +163,21 @@ impl WorkerMethods<crate::DomTypeHolder> for Worker {
         global: &GlobalScope,
         proto: Option<HandleObject>,
         can_gc: CanGc,
-        script_url: USVString,
+        script_url: TrustedScriptURLOrUSVString,
         worker_options: &WorkerOptions,
     ) -> Fallible<DomRoot<Worker>> {
+        // Step 1: Let compliantScriptURL be the result of invoking the
+        // Get Trusted Type compliant string algorithm with TrustedScriptURL,
+        // this's relevant global object, scriptURL, "Worker constructor", and "script".
+        let compliant_script_url = TrustedScriptURL::get_trusted_script_url_compliant_string(
+            global,
+            script_url,
+            "Worker",
+            "constructor",
+            can_gc,
+        )?;
         // Step 2-4.
-        let worker_url = match global.api_base_url().join(&script_url) {
+        let worker_url = match global.api_base_url().join(&compliant_script_url) {
             Ok(url) => url,
             Err(_) => return Err(Error::Syntax),
         };
diff --git a/components/script/dom/workerglobalscope.rs b/components/script/dom/workerglobalscope.rs
index 695119715e4..fa94dcc1d04 100644
--- a/components/script/dom/workerglobalscope.rs
+++ b/components/script/dom/workerglobalscope.rs
@@ -40,7 +40,9 @@ use crate::dom::bindings::codegen::Bindings::RequestBinding::RequestInit;
 use crate::dom::bindings::codegen::Bindings::VoidFunctionBinding::VoidFunction;
 use crate::dom::bindings::codegen::Bindings::WorkerBinding::WorkerType;
 use crate::dom::bindings::codegen::Bindings::WorkerGlobalScopeBinding::WorkerGlobalScopeMethods;
-use crate::dom::bindings::codegen::UnionTypes::{RequestOrUSVString, StringOrFunction};
+use crate::dom::bindings::codegen::UnionTypes::{
+    RequestOrUSVString, StringOrFunction, TrustedScriptURLOrUSVString,
+};
 use crate::dom::bindings::error::{Error, ErrorResult, Fallible, report_pending_exception};
 use crate::dom::bindings::inheritance::Castable;
 use crate::dom::bindings::reflector::DomObject;
@@ -53,6 +55,7 @@ use crate::dom::dedicatedworkerglobalscope::DedicatedWorkerGlobalScope;
 use crate::dom::globalscope::GlobalScope;
 use crate::dom::performance::Performance;
 use crate::dom::promise::Promise;
+use crate::dom::trustedscripturl::TrustedScriptURL;
 use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory;
 #[cfg(feature = "webgpu")]
 use crate::dom::webgpu::identityhub::IdentityHub;
@@ -281,9 +284,25 @@ impl WorkerGlobalScopeMethods<crate::DomTypeHolder> for WorkerGlobalScope {
     error_event_handler!(error, GetOnerror, SetOnerror);
 
     // https://html.spec.whatwg.org/multipage/#dom-workerglobalscope-importscripts
-    fn ImportScripts(&self, url_strings: Vec<DOMString>, can_gc: CanGc) -> ErrorResult {
+    fn ImportScripts(
+        &self,
+        url_strings: Vec<TrustedScriptURLOrUSVString>,
+        can_gc: CanGc,
+    ) -> ErrorResult {
+        // Step 1: Let urlStrings be « ».
         let mut urls = Vec::with_capacity(url_strings.len());
+        // Step 2: For each url of urls:
         for url in url_strings {
+            // Step 3: Append the result of invoking the Get Trusted Type compliant string algorithm
+            // with TrustedScriptURL, this's relevant global object, url, "WorkerGlobalScope importScripts",
+            // and "script" to urlStrings.
+            let url = TrustedScriptURL::get_trusted_script_url_compliant_string(
+                self.upcast::<GlobalScope>(),
+                url,
+                "WorkerGlobalScope",
+                "importScripts",
+                can_gc,
+            )?;
             let url = self.worker_url.borrow().join(&url);
             match url {
                 Ok(url) => urls.push(url),
diff --git a/components/script_bindings/webidls/Worker.webidl b/components/script_bindings/webidls/Worker.webidl
index ef535126606..5faa7a5ea3e 100644
--- a/components/script_bindings/webidls/Worker.webidl
+++ b/components/script_bindings/webidls/Worker.webidl
@@ -11,7 +11,7 @@ interface mixin AbstractWorker {
 // https://html.spec.whatwg.org/multipage/#worker
 [Exposed=(Window,Worker)]
 interface Worker : EventTarget {
-  [Throws] constructor(USVString scriptURL, optional WorkerOptions options = {});
+  [Throws] constructor((TrustedScriptURL or USVString) scriptURL, optional WorkerOptions options = {});
   undefined terminate();
 
   [Throws] undefined postMessage(any message, sequence<object> transfer);
diff --git a/components/script_bindings/webidls/WorkerGlobalScope.webidl b/components/script_bindings/webidls/WorkerGlobalScope.webidl
index 05301fb28e6..db02773392d 100644
--- a/components/script_bindings/webidls/WorkerGlobalScope.webidl
+++ b/components/script_bindings/webidls/WorkerGlobalScope.webidl
@@ -19,6 +19,6 @@ interface WorkerGlobalScope : GlobalScope {
 [Exposed=Worker]
 partial interface WorkerGlobalScope { // not obsolete
   [Throws]
-  undefined importScripts(DOMString... urls);
+  undefined importScripts((TrustedScriptURL or USVString)... urls);
   readonly attribute WorkerNavigator navigator;
 };
diff --git a/tests/wpt/meta/trusted-types/DedicatedWorker-constructor-from-DedicatedWorker.html.ini b/tests/wpt/meta/trusted-types/DedicatedWorker-constructor-from-DedicatedWorker.html.ini
deleted file mode 100644
index 87e1655ef2a..00000000000
--- a/tests/wpt/meta/trusted-types/DedicatedWorker-constructor-from-DedicatedWorker.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[DedicatedWorker-constructor-from-DedicatedWorker.html]
-  [Creating a Worker from a string should throw (dedicated worker scope)]
-    expected: FAIL
diff --git a/tests/wpt/meta/trusted-types/DedicatedWorker-constructor.https.html.ini b/tests/wpt/meta/trusted-types/DedicatedWorker-constructor.https.html.ini
deleted file mode 100644
index aee3766a47f..00000000000
--- a/tests/wpt/meta/trusted-types/DedicatedWorker-constructor.https.html.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-[DedicatedWorker-constructor.https.html]
-  [Block Worker creation via string]
-    expected: FAIL
-
-  [Create Worker via string with default policy.]
-    expected: FAIL
diff --git a/tests/wpt/meta/trusted-types/DedicatedWorker-importScripts.html.ini b/tests/wpt/meta/trusted-types/DedicatedWorker-importScripts.html.ini
deleted file mode 100644
index 65db633f602..00000000000
--- a/tests/wpt/meta/trusted-types/DedicatedWorker-importScripts.html.ini
+++ /dev/null
@@ -1,18 +0,0 @@
-[DedicatedWorker-importScripts.html]
-  [importScripts with untrusted URLs throws in dedicated worker]
-    expected: FAIL
-
-  [null is not a trusted script URL throws in dedicated worker]
-    expected: FAIL
-
-  [importScripts with two URLs, both strings, in dedicated worker]
-    expected: FAIL
-
-  [importScripts with two URLs, one trusted, in dedicated worker]
-    expected: FAIL
-
-  [importScripts with untrusted URLs and default policy works in dedicated worker]
-    expected: FAIL
-
-  [importScripts with one trusted and one untrusted URLs and default policy works in dedicated worker]
-    expected: FAIL
diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html.ini
deleted file mode 100644
index 316b249d12a..00000000000
--- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html]
-  [Violation report for Worker constructor with plain string.]
-    expected: FAIL
diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-importScripts.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-importScripts.html.ini
deleted file mode 100644
index d4731f55e66..00000000000
--- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-importScripts.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-DedicatedWorker-importScripts.html]
-  [Violation report for importScripts with plain string.]
-    expected: FAIL
diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-Window-DedicatedWorker-constructor.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-Window-DedicatedWorker-constructor.html.ini
deleted file mode 100644
index 05216e2b116..00000000000
--- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-Window-DedicatedWorker-constructor.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-Window-DedicatedWorker-constructor.html]
-  [Violation report for Worker constructor with plain string.]
-    expected: FAIL