Implement Trusted Types for ShadowRoot (#38595)

Also make TrustedHTML work the same as TrustedScript by
only taking 1 `&str` to make things easier.

Part of #36258

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

components/script/dom/document.rs

@@ -4128,8 +4128,7 @@ impl Document {
             string = TrustedHTML::get_trusted_script_compliant_string(
                 &self.global(),
                 TrustedHTMLOrString::String(string.into()),
-                containing_class,
-                field,
+                &format!("{} {}", containing_class, field),
                 can_gc,
             )?
             .as_ref()

components/script/dom/element.rs

@@ -3787,8 +3787,7 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
         let html = TrustedHTML::get_trusted_script_compliant_string(
             &self.owner_global(),
             html,
-            "Element",
-            "setHTMLUnsafe",
+            "Element setHTMLUnsafe",
             can_gc,
         )?;
         // Step 2. Let target be this's template contents if this is a template element; otherwise this.
@@ -3844,8 +3843,7 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
         let value = TrustedHTML::get_trusted_script_compliant_string(
             &self.owner_global(),
             value.convert(),
-            "Element",
-            "innerHTML",
+            "Element innerHTML",
             can_gc,
         )?;
         // https://github.com/w3c/DOM-Parsing/issues/1
@@ -3902,8 +3900,7 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
         let value = TrustedHTML::get_trusted_script_compliant_string(
             &self.owner_global(),
             value.convert(),
-            "Element",
-            "outerHTML",
+            "Element outerHTML",
             can_gc,
         )?;
         let context_document = self.owner_document();
@@ -4118,8 +4115,7 @@ impl ElementMethods<crate::DomTypeHolder> for Element {
         let text = TrustedHTML::get_trusted_script_compliant_string(
             &self.owner_global(),
             text,
-            "Element",
-            "insertAdjacentHTML",
+            "Element insertAdjacentHTML",
             can_gc,
         )?;
         let position = position.parse::<AdjacentPosition>()?;

components/script/dom/htmliframeelement.rs

@@ -616,17 +616,15 @@ impl HTMLIFrameElementMethods<crate::DomTypeHolder> for HTMLIFrameElement {
         // Get Trusted Type compliant string algorithm with TrustedHTML,
         // this's relevant global object, the given value, "HTMLIFrameElement srcdoc", and "script".
         let element = self.upcast::<Element>();
-        let local_name = &local_name!("srcdoc");
         let value = TrustedHTML::get_trusted_script_compliant_string(
             &element.owner_global(),
             value,
-            "HTMLIFrameElement",
-            local_name,
+            "HTMLIFrameElement srcdoc",
             can_gc,
         )?;
         // Step 2: Set an attribute value given this, srcdoc's local name, and compliantString.
         element.set_attribute(
-            local_name,
+            &local_name!("srcdoc"),
             AttrValue::String(value.as_ref().to_owned()),
             can_gc,
         );

components/script/dom/shadowroot.rs

@@ -27,6 +27,9 @@ use crate::dom::bindings::codegen::Bindings::ShadowRootBinding::ShadowRoot_Bindi
 use crate::dom::bindings::codegen::Bindings::ShadowRootBinding::{
     ShadowRootMode, SlotAssignmentMode,
 };
+use crate::dom::bindings::codegen::UnionTypes::{
+    TrustedHTMLOrNullIsEmptyString, TrustedHTMLOrString,
+};
 use crate::dom::bindings::frozenarray::CachedFrozenArray;
 use crate::dom::bindings::inheritance::Castable;
 use crate::dom::bindings::num::Finite;
@@ -46,6 +49,7 @@ use crate::dom::node::{
     VecPreOrderInsertionHelper,
 };
 use crate::dom::stylesheetlist::{StyleSheetList, StyleSheetListOwner};
+use crate::dom::trustedhtml::TrustedHTML;
 use crate::dom::types::EventTarget;
 use crate::dom::virtualmethods::{VirtualMethods, vtable_for};
 use crate::dom::window::Window;
@@ -459,18 +463,24 @@ impl ShadowRootMethods<crate::DomTypeHolder> for ShadowRoot {
     }
 
     /// <https://html.spec.whatwg.org/multipage/#dom-shadowroot-innerhtml>
-    fn GetInnerHTML(&self, can_gc: CanGc) -> Fallible<DOMString> {
+    fn GetInnerHTML(&self, can_gc: CanGc) -> Fallible<TrustedHTMLOrNullIsEmptyString> {
         // ShadowRoot's innerHTML getter steps are to return the result of running fragment serializing
         // algorithm steps with this and true.
         self.upcast::<Node>()
             .fragment_serialization_algorithm(true, can_gc)
+            .map(TrustedHTMLOrNullIsEmptyString::NullIsEmptyString)
     }
 
     /// <https://html.spec.whatwg.org/multipage/#dom-shadowroot-innerhtml>
-    fn SetInnerHTML(&self, value: DOMString, can_gc: CanGc) -> ErrorResult {
-        // TODO Step 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm
+    fn SetInnerHTML(&self, value: TrustedHTMLOrNullIsEmptyString, can_gc: CanGc) -> ErrorResult {
+        // Step 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm
         // with TrustedHTML, this's relevant global object, the given value, "ShadowRoot innerHTML", and "script".
-        let compliant_string = value;
+        let value = TrustedHTML::get_trusted_script_compliant_string(
+            &self.owner_global(),
+            value.convert(),
+            "ShadowRoot innerHTML",
+            can_gc,
+        )?;
 
         // Step 2. Let context be this's host.
         let context = self.Host();
@@ -480,7 +490,7 @@ impl ShadowRootMethods<crate::DomTypeHolder> for ShadowRoot {
         //
         // NOTE: The spec doesn't strictly tell us to bail out here, but
         // we can't continue if parsing failed
-        let frag = context.parse_fragment(compliant_string, can_gc)?;
+        let frag = context.parse_fragment(value, can_gc)?;
 
         // Step 4. Replace all with fragment within this.
         Node::replace_all(Some(frag.upcast()), self.upcast(), can_gc);
@@ -493,12 +503,22 @@ impl ShadowRootMethods<crate::DomTypeHolder> for ShadowRoot {
     }
 
     /// <https://html.spec.whatwg.org/multipage/#dom-shadowroot-sethtmlunsafe>
-    fn SetHTMLUnsafe(&self, html: DOMString, can_gc: CanGc) {
+    fn SetHTMLUnsafe(&self, value: TrustedHTMLOrString, can_gc: CanGc) -> ErrorResult {
+        // Step 1. Let compliantHTML be the result of invoking the
+        // Get Trusted Type compliant string algorithm with TrustedHTML,
+        // this's relevant global object, html, "ShadowRoot setHTMLUnsafe", and "script".
+        let value = TrustedHTML::get_trusted_script_compliant_string(
+            &self.owner_global(),
+            value,
+            "ShadowRoot setHTMLUnsafe",
+            can_gc,
+        )?;
         // Step 2. Unsafely set HTMl given this, this's shadow host, and complaintHTML
         let target = self.upcast::<Node>();
         let context_element = self.Host();
 
-        Node::unsafely_set_html(target, &context_element, html, can_gc);
+        Node::unsafely_set_html(target, &context_element, value, can_gc);
+        Ok(())
     }
 
     // https://dom.spec.whatwg.org/#dom-shadowroot-onslotchange

components/script/dom/trustedhtml.rs

@@ -43,18 +43,16 @@ impl TrustedHTML {
     pub(crate) fn get_trusted_script_compliant_string(
         global: &GlobalScope,
         value: TrustedHTMLOrString,
-        containing_class: &str,
-        field: &str,
+        sink: &str,
         can_gc: CanGc,
     ) -> Fallible<DOMString> {
         match value {
             TrustedHTMLOrString::String(value) => {
-                let sink = format!("{} {}", containing_class, field);
                 TrustedTypePolicyFactory::get_trusted_type_compliant_string(
                     TrustedType::TrustedHTML,
                     global,
                     value,
-                    &sink,
+                    sink,
                     "'script'",
                     can_gc,
                 )

components/script_bindings/webidls/ShadowRoot.webidl

@@ -25,9 +25,8 @@ ShadowRoot includes DocumentOrShadowRoot;
 
 // https://html.spec.whatwg.org/multipage/#dom-parsing-and-serialization
 partial interface ShadowRoot {
-  [CEReactions] undefined setHTMLUnsafe(DOMString html);
+  [CEReactions, Throws] undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
   DOMString getHTML(optional GetHTMLOptions options = {});
 
-  // [CEReactions] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
-  [CEReactions, Throws] attribute [LegacyNullToEmptyString] DOMString innerHTML;
+  [CEReactions, Throws] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
 };

tests/wpt/meta/trusted-types/block-string-assignment-to-ShadowRoot-innerHTML.html.ini

@@ -1,9 +0,0 @@
-[block-string-assignment-to-ShadowRoot-innerHTML.html]
-  [`shadowRoot.innerHTML = string` throws.]
-    expected: FAIL
-
-  [`shadowRoot.innerHTML = null` throws.]
-    expected: FAIL
-
-  [`shadowRoot.innerHTML = string` assigned via default policy (successful HTML transformation).]
-    expected: FAIL

tests/wpt/meta/trusted-types/block-string-assignment-to-ShadowRoot-setHTMLUnsafe.html.ini

@@ -1,9 +0,0 @@
-[block-string-assignment-to-ShadowRoot-setHTMLUnsafe.html]
-  [`shadowRoot.setHTMLUnsafe(string)` assigned via default policy (successful HTML transformation).]
-    expected: FAIL
-
-  [`shadowRoot.setHTMLUnsafe(string)` throws.]
-    expected: FAIL
-
-  [`shadowRoot.setHTMLUnsafe(null)` throws.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-ShadowRoot-innerHTML.html.ini

@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-ShadowRoot-innerHTML.html]
-  [Violation report for plain string.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-ShadowRoot-setHTMLUnsafe.html.ini

@@ -1,3 +0,0 @@
-[trusted-types-reporting-for-ShadowRoot-setHTMLUnsafe.html]
-  [Violation report for plain string.]
-    expected: FAIL