diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs index ea515556b65..991d254dddc 100644 --- a/components/script/dom/document.rs +++ b/components/script/dom/document.rs @@ -4128,8 +4128,7 @@ impl Document { string = TrustedHTML::get_trusted_script_compliant_string( &self.global(), TrustedHTMLOrString::String(string.into()), - containing_class, - field, + &format!("{} {}", containing_class, field), can_gc, )? .as_ref() diff --git a/components/script/dom/element.rs b/components/script/dom/element.rs index d94d0e062c8..59335987d6d 100644 --- a/components/script/dom/element.rs +++ b/components/script/dom/element.rs @@ -3787,8 +3787,7 @@ impl ElementMethods for Element { let html = TrustedHTML::get_trusted_script_compliant_string( &self.owner_global(), html, - "Element", - "setHTMLUnsafe", + "Element setHTMLUnsafe", can_gc, )?; // Step 2. Let target be this's template contents if this is a template element; otherwise this. @@ -3844,8 +3843,7 @@ impl ElementMethods for Element { let value = TrustedHTML::get_trusted_script_compliant_string( &self.owner_global(), value.convert(), - "Element", - "innerHTML", + "Element innerHTML", can_gc, )?; // https://github.com/w3c/DOM-Parsing/issues/1 @@ -3902,8 +3900,7 @@ impl ElementMethods for Element { let value = TrustedHTML::get_trusted_script_compliant_string( &self.owner_global(), value.convert(), - "Element", - "outerHTML", + "Element outerHTML", can_gc, )?; let context_document = self.owner_document(); @@ -4118,8 +4115,7 @@ impl ElementMethods for Element { let text = TrustedHTML::get_trusted_script_compliant_string( &self.owner_global(), text, - "Element", - "insertAdjacentHTML", + "Element insertAdjacentHTML", can_gc, )?; let position = position.parse::()?; diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs index 0137f3c8ef1..444082d6da3 100644 --- a/components/script/dom/htmliframeelement.rs +++ b/components/script/dom/htmliframeelement.rs @@ -616,17 +616,15 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement { // Get Trusted Type compliant string algorithm with TrustedHTML, // this's relevant global object, the given value, "HTMLIFrameElement srcdoc", and "script". let element = self.upcast::(); - let local_name = &local_name!("srcdoc"); let value = TrustedHTML::get_trusted_script_compliant_string( &element.owner_global(), value, - "HTMLIFrameElement", - local_name, + "HTMLIFrameElement srcdoc", can_gc, )?; // Step 2: Set an attribute value given this, srcdoc's local name, and compliantString. element.set_attribute( - local_name, + &local_name!("srcdoc"), AttrValue::String(value.as_ref().to_owned()), can_gc, ); diff --git a/components/script/dom/shadowroot.rs b/components/script/dom/shadowroot.rs index 57a05bad583..7281d96452f 100644 --- a/components/script/dom/shadowroot.rs +++ b/components/script/dom/shadowroot.rs @@ -27,6 +27,9 @@ use crate::dom::bindings::codegen::Bindings::ShadowRootBinding::ShadowRoot_Bindi use crate::dom::bindings::codegen::Bindings::ShadowRootBinding::{ ShadowRootMode, SlotAssignmentMode, }; +use crate::dom::bindings::codegen::UnionTypes::{ + TrustedHTMLOrNullIsEmptyString, TrustedHTMLOrString, +}; use crate::dom::bindings::frozenarray::CachedFrozenArray; use crate::dom::bindings::inheritance::Castable; use crate::dom::bindings::num::Finite; @@ -46,6 +49,7 @@ use crate::dom::node::{ VecPreOrderInsertionHelper, }; use crate::dom::stylesheetlist::{StyleSheetList, StyleSheetListOwner}; +use crate::dom::trustedhtml::TrustedHTML; use crate::dom::types::EventTarget; use crate::dom::virtualmethods::{VirtualMethods, vtable_for}; use crate::dom::window::Window; @@ -459,18 +463,24 @@ impl ShadowRootMethods for ShadowRoot { } /// - fn GetInnerHTML(&self, can_gc: CanGc) -> Fallible { + fn GetInnerHTML(&self, can_gc: CanGc) -> Fallible { // ShadowRoot's innerHTML getter steps are to return the result of running fragment serializing // algorithm steps with this and true. self.upcast::() .fragment_serialization_algorithm(true, can_gc) + .map(TrustedHTMLOrNullIsEmptyString::NullIsEmptyString) } /// - fn SetInnerHTML(&self, value: DOMString, can_gc: CanGc) -> ErrorResult { - // TODO Step 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm + fn SetInnerHTML(&self, value: TrustedHTMLOrNullIsEmptyString, can_gc: CanGc) -> ErrorResult { + // Step 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm // with TrustedHTML, this's relevant global object, the given value, "ShadowRoot innerHTML", and "script". - let compliant_string = value; + let value = TrustedHTML::get_trusted_script_compliant_string( + &self.owner_global(), + value.convert(), + "ShadowRoot innerHTML", + can_gc, + )?; // Step 2. Let context be this's host. let context = self.Host(); @@ -480,7 +490,7 @@ impl ShadowRootMethods for ShadowRoot { // // NOTE: The spec doesn't strictly tell us to bail out here, but // we can't continue if parsing failed - let frag = context.parse_fragment(compliant_string, can_gc)?; + let frag = context.parse_fragment(value, can_gc)?; // Step 4. Replace all with fragment within this. Node::replace_all(Some(frag.upcast()), self.upcast(), can_gc); @@ -493,12 +503,22 @@ impl ShadowRootMethods for ShadowRoot { } /// - fn SetHTMLUnsafe(&self, html: DOMString, can_gc: CanGc) { + fn SetHTMLUnsafe(&self, value: TrustedHTMLOrString, can_gc: CanGc) -> ErrorResult { + // Step 1. Let compliantHTML be the result of invoking the + // Get Trusted Type compliant string algorithm with TrustedHTML, + // this's relevant global object, html, "ShadowRoot setHTMLUnsafe", and "script". + let value = TrustedHTML::get_trusted_script_compliant_string( + &self.owner_global(), + value, + "ShadowRoot setHTMLUnsafe", + can_gc, + )?; // Step 2. Unsafely set HTMl given this, this's shadow host, and complaintHTML let target = self.upcast::(); let context_element = self.Host(); - Node::unsafely_set_html(target, &context_element, html, can_gc); + Node::unsafely_set_html(target, &context_element, value, can_gc); + Ok(()) } // https://dom.spec.whatwg.org/#dom-shadowroot-onslotchange diff --git a/components/script/dom/trustedhtml.rs b/components/script/dom/trustedhtml.rs index c72e1d2d873..ce45ac60fd9 100644 --- a/components/script/dom/trustedhtml.rs +++ b/components/script/dom/trustedhtml.rs @@ -43,18 +43,16 @@ impl TrustedHTML { pub(crate) fn get_trusted_script_compliant_string( global: &GlobalScope, value: TrustedHTMLOrString, - containing_class: &str, - field: &str, + sink: &str, can_gc: CanGc, ) -> Fallible { match value { TrustedHTMLOrString::String(value) => { - let sink = format!("{} {}", containing_class, field); TrustedTypePolicyFactory::get_trusted_type_compliant_string( TrustedType::TrustedHTML, global, value, - &sink, + sink, "'script'", can_gc, ) diff --git a/components/script_bindings/webidls/ShadowRoot.webidl b/components/script_bindings/webidls/ShadowRoot.webidl index c331b8aceb1..c740e3c3795 100644 --- a/components/script_bindings/webidls/ShadowRoot.webidl +++ b/components/script_bindings/webidls/ShadowRoot.webidl @@ -25,9 +25,8 @@ ShadowRoot includes DocumentOrShadowRoot; // https://html.spec.whatwg.org/multipage/#dom-parsing-and-serialization partial interface ShadowRoot { - [CEReactions] undefined setHTMLUnsafe(DOMString html); + [CEReactions, Throws] undefined setHTMLUnsafe((TrustedHTML or DOMString) html); DOMString getHTML(optional GetHTMLOptions options = {}); - // [CEReactions] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML; - [CEReactions, Throws] attribute [LegacyNullToEmptyString] DOMString innerHTML; + [CEReactions, Throws] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML; }; diff --git a/tests/wpt/meta/trusted-types/block-string-assignment-to-ShadowRoot-innerHTML.html.ini b/tests/wpt/meta/trusted-types/block-string-assignment-to-ShadowRoot-innerHTML.html.ini deleted file mode 100644 index 57b499fd19c..00000000000 --- a/tests/wpt/meta/trusted-types/block-string-assignment-to-ShadowRoot-innerHTML.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[block-string-assignment-to-ShadowRoot-innerHTML.html] - [`shadowRoot.innerHTML = string` throws.] - expected: FAIL - - [`shadowRoot.innerHTML = null` throws.] - expected: FAIL - - [`shadowRoot.innerHTML = string` assigned via default policy (successful HTML transformation).] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/block-string-assignment-to-ShadowRoot-setHTMLUnsafe.html.ini b/tests/wpt/meta/trusted-types/block-string-assignment-to-ShadowRoot-setHTMLUnsafe.html.ini deleted file mode 100644 index 855ee5803f5..00000000000 --- a/tests/wpt/meta/trusted-types/block-string-assignment-to-ShadowRoot-setHTMLUnsafe.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[block-string-assignment-to-ShadowRoot-setHTMLUnsafe.html] - [`shadowRoot.setHTMLUnsafe(string)` assigned via default policy (successful HTML transformation).] - expected: FAIL - - [`shadowRoot.setHTMLUnsafe(string)` throws.] - expected: FAIL - - [`shadowRoot.setHTMLUnsafe(null)` throws.] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-ShadowRoot-innerHTML.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-ShadowRoot-innerHTML.html.ini deleted file mode 100644 index 52801930783..00000000000 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-ShadowRoot-innerHTML.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[trusted-types-reporting-for-ShadowRoot-innerHTML.html] - [Violation report for plain string.] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-ShadowRoot-setHTMLUnsafe.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-ShadowRoot-setHTMLUnsafe.html.ini deleted file mode 100644 index 79d9d1805d8..00000000000 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-ShadowRoot-setHTMLUnsafe.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[trusted-types-reporting-for-ShadowRoot-setHTMLUnsafe.html] - [Violation report for plain string.] - expected: FAIL