Implement trusted types url setter (#36596)

We now check the sink of script.src for trusted types. This is the first attribute that we check, other sinks will be implemented in follow-up changes. The algorithms currently hardcode various parts. That's because I need to refactor a couple of algorithms already present in TrustedTypePolicy. They use callbacks at the moment, which made sense for their initial use. However, for these new algorithms they don't work. Therefore, I will align them with the specification by taking in an enum. However, since that's a bigger refactoring, I left that out of this PR (which is already quite big). The other trusted types support (createScript and createHTML) will also be implemented separately. Part of #36258 --------- Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com> Co-authored-by: Josh Matthews <josh@joshmatthews.net>
2025-07-22 23:03:42 +01:00 · 2025-04-21 08:56:40 +02:00 · 2025-04-21 08:56:40 +02:00 · 6bb087e381
commit 6bb087e381
parent fee2ea34af
27 changed files with 233 additions and 74 deletions
--- a/components/script/dom/trustedscripturl.rs
+++ b/components/script/dom/trustedscripturl.rs
@ -2,6 +2,8 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */

+use std::fmt;
+
 use dom_struct::dom_struct;

 use crate::dom::bindings::codegen::Bindings::TrustedScriptURLBinding::TrustedScriptURLMethods;
@ -32,6 +34,13 @@ impl TrustedScriptURL {
    }
 }

+impl fmt::Display for TrustedScriptURL {
+    #[inline]
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        f.write_str(&self.data)
+    }
+}
+
 impl TrustedScriptURLMethods<crate::DomTypeHolder> for TrustedScriptURL {
    /// <https://www.w3.org/TR/trusted-types/#trustedscripturl-stringification-behavior>
    fn Stringifier(&self) -> DOMString {