Implement Trusted Type eval checks (#37834)

It implements the new codeForEvalGets callback to retrieve the
value for a trusted script object. Additionally, it implements
the new logic in can-compile-strings to call the policy
factory if required.

Note that parameter and argument checks aren't implemented yet,
as they require updates to binding generation (see TODO in
script_runtime).

Part of #36258

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

components/script/dom/htmlscriptelement.rs

@@ -606,8 +606,7 @@ impl HTMLScriptElement {
             *self.script_text.borrow_mut() = TrustedScript::get_trusted_script_compliant_string(
                 &self.owner_global(),
                 self.Text(),
-                "HTMLScriptElement",
+                "HTMLScriptElement text",
-                "text",
                 can_gc,
             )?;
         }
@@ -1475,8 +1474,7 @@ impl HTMLScriptElementMethods<crate::DomTypeHolder> for HTMLScriptElement {
         let value = TrustedScript::get_trusted_script_compliant_string(
             &self.owner_global(),
             input,
-            "HTMLScriptElement",
+            "HTMLScriptElement innerText",
-            "innerText",
             can_gc,
         )?;
         *self.script_text.borrow_mut() = value.clone();
@@ -1497,8 +1495,7 @@ impl HTMLScriptElementMethods<crate::DomTypeHolder> for HTMLScriptElement {
         let value = TrustedScript::get_trusted_script_compliant_string(
             &self.owner_global(),
             value,
-            "HTMLScriptElement",
+            "HTMLScriptElement text",
-            "text",
             can_gc,
         )?;
         // Step 2: Set this's script text value to the given value.
@@ -1523,8 +1520,7 @@ impl HTMLScriptElementMethods<crate::DomTypeHolder> for HTMLScriptElement {
         let value = TrustedScript::get_trusted_script_compliant_string(
             &self.owner_global(),
             value.unwrap_or(TrustedScriptOrString::String(DOMString::from(""))),
-            "HTMLScriptElement",
+            "HTMLScriptElement textContent",
-            "textContent",
             can_gc,
         )?;
         // Step 2: Set this's script text value to value.

components/script/dom/trustedscript.rs

@@ -4,6 +4,8 @@
 use std::fmt;
 
 use dom_struct::dom_struct;
+use js::jsapi::CompilationType;
+use js::rust::HandleValue;
 
 use crate::dom::bindings::codegen::Bindings::TrustedScriptBinding::TrustedScriptMethods;
 use crate::dom::bindings::codegen::UnionTypes::TrustedScriptOrString;
@@ -11,10 +13,11 @@ use crate::dom::bindings::error::Fallible;
 use crate::dom::bindings::reflector::{Reflector, reflect_dom_object};
 use crate::dom::bindings::root::DomRoot;
 use crate::dom::bindings::str::DOMString;
+use crate::dom::csp::CspReporting;
 use crate::dom::globalscope::GlobalScope;
 use crate::dom::trustedtypepolicy::TrustedType;
 use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory;
-use crate::script_runtime::CanGc;
+use crate::script_runtime::{CanGc, JSContext};
 
 #[dom_struct]
 pub struct TrustedScript {
@@ -39,18 +42,16 @@ impl TrustedScript {
     pub(crate) fn get_trusted_script_compliant_string(
         global: &GlobalScope,
         value: TrustedScriptOrString,
-        containing_class: &str,
+        sink: &str,
-        field: &str,
         can_gc: CanGc,
     ) -> Fallible<DOMString> {
         match value {
             TrustedScriptOrString::String(value) => {
-                let sink = format!("{} {}", containing_class, field);
                 TrustedTypePolicyFactory::get_trusted_type_compliant_string(
                     TrustedType::TrustedScript,
                     global,
                     value,
-                    &sink,
+                    sink,
                     "'script'",
                     can_gc,
                 )
@@ -59,6 +60,83 @@ impl TrustedScript {
             TrustedScriptOrString::TrustedScript(trusted_script) => Ok(trusted_script.data.clone()),
         }
     }
+
+    pub(crate) fn data(&self) -> DOMString {
+        self.data.clone()
+    }
+
+    /// <https://www.w3.org/TR/CSP/#can-compile-strings>
+    #[allow(clippy::too_many_arguments)]
+    pub(crate) fn can_compile_string_with_trusted_type(
+        cx: JSContext,
+        global: &GlobalScope,
+        code_string: DOMString,
+        compilation_type: CompilationType,
+        _parameter_strings: u8, //FIXME in bindings generation
+        body_string: DOMString,
+        _parameter_args: u8, //FIXME in bindings generation
+        body_arg: HandleValue,
+        can_gc: CanGc,
+    ) -> bool {
+        // Step 2.1. Let compilationSink be "Function" if compilationType is "FUNCTION",
+        // and "eval" otherwise.
+        let compilation_sink = if compilation_type == CompilationType::Function {
+            "Function"
+        } else {
+            "eval"
+        };
+        // Step 2.2. Let isTrusted be true if bodyArg implements TrustedScript,
+        // and false otherwise.
+        let is_trusted = match TrustedTypePolicyFactory::is_trusted_script(cx, body_arg) {
+            // Step 2.3. If isTrusted is true then:
+            Ok(trusted_script) => {
+                // Step 2.3.1. If bodyString is not equal to bodyArg’s data, set isTrusted to false.
+                body_string == trusted_script.data
+            },
+            _ => false,
+        };
+        // Step 2.4. If isTrusted is true, then:
+        // Step 2.4.1. Assert: parameterArgs’ [list/size=] is equal to [parameterStrings]' size.
+        // Step 2.4.2. For each index of the range 0 to |parameterArgs]' [list/size=]:
+        // Step 2.4.2.1. Let arg be parameterArgs[index].
+        // Step 2.4.2.2. If arg implements TrustedScript, then:
+        // Step 2.4.2.2.1. if parameterStrings[index] is not equal to arg’s data,
+        // set isTrusted to false.
+        // Step 2.4.2.3. Otherwise, set isTrusted to false.
+        // Step 2.5. Let sourceToValidate be a new TrustedScript object created in realm
+        // whose data is set to codeString if isTrusted is true, and codeString otherwise.
+        let source_string = if is_trusted {
+            // We don't need to call the compliant string algorithm, as it would immediately
+            // unroll the type as allowed by copying the data. This allows us to skip creating
+            // the DOM object.
+            code_string
+        } else {
+            // Step 2.6. Let sourceString be the result of executing the
+            // Get Trusted Type compliant string algorithm, with TrustedScript, realm,
+            // sourceToValidate, compilationSink, and 'script'.
+            match TrustedScript::get_trusted_script_compliant_string(
+                global,
+                TrustedScriptOrString::String(code_string.clone()),
+                compilation_sink,
+                can_gc,
+            ) {
+                // Step 2.7. If the algorithm throws an error, throw an EvalError.
+                Err(_) => {
+                    return false;
+                },
+                Ok(source_string) => {
+                    // Step 2.8. If sourceString is not equal to codeString, throw an EvalError.
+                    if source_string != code_string {
+                        return false;
+                    }
+                    source_string
+                },
+            }
+        };
+        global
+            .get_csp_list()
+            .is_js_evaluation_allowed(global, &source_string)
+    }
 }
 
 impl fmt::Display for TrustedScript {

components/script/dom/trustedtypepolicyfactory.rs

@@ -12,7 +12,7 @@ use script_bindings::conversions::SafeToJSValConvertible;
 use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyFactoryBinding::{
     TrustedTypePolicyFactoryMethods, TrustedTypePolicyOptions,
 };
-use crate::dom::bindings::conversions::root_from_object;
+use crate::dom::bindings::conversions::root_from_handlevalue;
 use crate::dom::bindings::error::{Error, Fallible};
 use crate::dom::bindings::reflector::{DomGlobal, Reflector, reflect_dom_object};
 use crate::dom::bindings::root::{DomRoot, MutNullableDom};
@@ -236,6 +236,15 @@ impl TrustedTypePolicyFactory {
         // Step 7: Assert: convertedInput is an instance of expectedType.
         // TODO(https://github.com/w3c/trusted-types/issues/566): Implement when spec is resolved
     }
+
+    /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-isscript>
+    #[allow(unsafe_code)]
+    pub(crate) fn is_trusted_script(
+        cx: JSContext,
+        value: HandleValue,
+    ) -> Result<DomRoot<TrustedScript>, ()> {
+        unsafe { root_from_handlevalue::<TrustedScript>(value, *cx) }
+    }
 }
 
 impl TrustedTypePolicyFactoryMethods<crate::DomTypeHolder> for TrustedTypePolicyFactory {
@@ -251,29 +260,17 @@ impl TrustedTypePolicyFactoryMethods<crate::DomTypeHolder> for TrustedTypePolicy
     /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-ishtml>
     #[allow(unsafe_code)]
     fn IsHTML(&self, cx: JSContext, value: HandleValue) -> bool {
-        if !value.get().is_object() {
+        unsafe { root_from_handlevalue::<TrustedHTML>(value, *cx).is_ok() }
-            return false;
-        }
-        rooted!(in(*cx) let object = value.to_object());
-        unsafe { root_from_object::<TrustedHTML>(object.get(), *cx).is_ok() }
     }
     /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-isscript>
     #[allow(unsafe_code)]
     fn IsScript(&self, cx: JSContext, value: HandleValue) -> bool {
-        if !value.get().is_object() {
+        TrustedTypePolicyFactory::is_trusted_script(cx, value).is_ok()
-            return false;
-        }
-        rooted!(in(*cx) let object = value.to_object());
-        unsafe { root_from_object::<TrustedScript>(object.get(), *cx).is_ok() }
     }
     /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-isscripturl>
     #[allow(unsafe_code)]
     fn IsScriptURL(&self, cx: JSContext, value: HandleValue) -> bool {
-        if !value.get().is_object() {
+        unsafe { root_from_handlevalue::<TrustedScriptURL>(value, *cx).is_ok() }
-            return false;
-        }
-        rooted!(in(*cx) let object = value.to_object());
-        unsafe { root_from_object::<TrustedScriptURL>(object.get(), *cx).is_ok() }
     }
     /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-emptyhtml>
     fn EmptyHTML(&self, can_gc: CanGc) -> DomRoot<TrustedHTML> {

components/script/script_runtime.rs

@@ -28,14 +28,15 @@ use js::glue::{
 use js::jsapi::{
     AsmJSOption, BuildIdCharVector, CompilationType, ContextOptionsRef, Dispatchable as JSRunnable,
     Dispatchable_MaybeShuttingDown, GCDescription, GCOptions, GCProgress, GCReason,
-    GetPromiseUserInputEventHandlingState, HandleObject, HandleString, HandleValue, Heap,
+    GetPromiseUserInputEventHandlingState, HandleObject, HandleString,
-    InitConsumeStreamCallback, InitDispatchToEventLoop, JS_AddExtraGCRootsTracer,
+    HandleValue as RawHandleValue, Heap, InitConsumeStreamCallback, InitDispatchToEventLoop,
-    JS_InitDestroyPrincipalsCallback, JS_InitReadPrincipalsCallback, JS_NewObject,
+    JS_AddExtraGCRootsTracer, JS_InitDestroyPrincipalsCallback, JS_InitReadPrincipalsCallback,
-    JS_SetGCCallback, JS_SetGCParameter, JS_SetGlobalJitCompilerOption,
+    JS_NewObject, JS_NewStringCopyN, JS_SetGCCallback, JS_SetGCParameter,
-    JS_SetOffthreadIonCompilationEnabled, JS_SetParallelParsingEnabled, JS_SetReservedSlot,
+    JS_SetGlobalJitCompilerOption, JS_SetOffthreadIonCompilationEnabled,
-    JS_SetSecurityCallbacks, JSCLASS_RESERVED_SLOTS_MASK, JSCLASS_RESERVED_SLOTS_SHIFT, JSClass,
+    JS_SetParallelParsingEnabled, JS_SetReservedSlot, JS_SetSecurityCallbacks,
-    JSClassOps, JSContext as RawJSContext, JSGCParamKey, JSGCStatus, JSJitCompilerOption, JSObject,
+    JSCLASS_RESERVED_SLOTS_MASK, JSCLASS_RESERVED_SLOTS_SHIFT, JSClass, JSClassOps,
-    JSSecurityCallbacks, JSTracer, JobQueue, MimeType, MutableHandleObject,
+    JSContext as RawJSContext, JSGCParamKey, JSGCStatus, JSJitCompilerOption, JSObject,
+    JSSecurityCallbacks, JSTracer, JobQueue, MimeType, MutableHandleObject, MutableHandleString,
     PromiseRejectionHandlingState, PromiseUserInputEventHandlingState, RuntimeCode,
     SetDOMCallbacks, SetGCSliceCallback, SetJobQueue, SetPreserveWrapperCallbacks,
     SetProcessBuildIdOp, SetPromiseRejectionTrackerCallback, StreamConsumer as JSStreamConsumer,
@@ -45,8 +46,8 @@ use js::panic::wrap_panic;
 pub(crate) use js::rust::ThreadSafeJSContext;
 use js::rust::wrappers::{GetPromiseIsHandled, JS_GetPromiseResult};
 use js::rust::{
-    Handle, HandleObject as RustHandleObject, IntoHandle, JSEngine, JSEngineHandle, ParentRuntime,
+    Handle, HandleObject as RustHandleObject, HandleValue, IntoHandle, JSEngine, JSEngineHandle,
-    Runtime as RustRuntime,
+    ParentRuntime, Runtime as RustRuntime,
 };
 use malloc_size_of::MallocSizeOfOps;
 use malloc_size_of_derive::MallocSizeOf;
@@ -62,7 +63,7 @@ use crate::dom::bindings::codegen::Bindings::PromiseBinding::PromiseJobCallback;
 use crate::dom::bindings::codegen::Bindings::ResponseBinding::Response_Binding::ResponseMethods;
 use crate::dom::bindings::codegen::Bindings::ResponseBinding::ResponseType as DOMResponseType;
 use crate::dom::bindings::conversions::{
-    get_dom_class, private_from_object, root_from_handleobject,
+    get_dom_class, private_from_object, root_from_handleobject, root_from_object,
 };
 use crate::dom::bindings::error::{Error, throw_dom_exception};
 use crate::dom::bindings::inheritance::Castable;
@@ -71,6 +72,7 @@ use crate::dom::bindings::refcounted::{
 };
 use crate::dom::bindings::reflector::{DomGlobal, DomObject};
 use crate::dom::bindings::root::trace_roots;
+use crate::dom::bindings::str::DOMString;
 use crate::dom::bindings::utils::DOM_CALLBACKS;
 use crate::dom::bindings::{principals, settings_stack};
 use crate::dom::csp::CspReporting;
@@ -80,6 +82,7 @@ use crate::dom::globalscope::GlobalScope;
 use crate::dom::promise::Promise;
 use crate::dom::promiserejectionevent::PromiseRejectionEvent;
 use crate::dom::response::Response;
+use crate::dom::trustedscript::TrustedScript;
 use crate::microtask::{EnqueuedPromiseCallback, Microtask, MicrotaskQueue};
 use crate::realms::{AlreadyInRealm, InRealm, enter_realm};
 use crate::script_module::EnsureModuleHooksInitialized;
@@ -98,7 +101,7 @@ static JOB_QUEUE_TRAPS: JobQueueTraps = JobQueueTraps {
 
 static SECURITY_CALLBACKS: JSSecurityCallbacks = JSSecurityCallbacks {
     contentSecurityPolicyAllows: Some(content_security_policy_allows),
-    codeForEvalGets: None, //TODO
+    codeForEvalGets: Some(code_for_eval_gets),
     subsumes: Some(principals::subsumes),
 };
 
@@ -468,16 +471,43 @@ unsafe extern "C" fn promise_rejection_tracker(
     })
 }
 
+#[allow(unsafe_code)]
+fn safely_convert_null_to_string(cx: JSContext, str_: HandleString) -> DOMString {
+    DOMString::from(match std::ptr::NonNull::new(*str_) {
+        None => "".to_owned(),
+        Some(str_) => unsafe { jsstr_to_string(*cx, str_) },
+    })
+}
+
+#[allow(unsafe_code)]
+unsafe extern "C" fn code_for_eval_gets(
+    cx: *mut RawJSContext,
+    code: HandleObject,
+    code_for_eval: MutableHandleString,
+) -> bool {
+    let cx = JSContext::from_ptr(cx);
+    if let Ok(trusted_script) = root_from_object::<TrustedScript>(code.get(), *cx) {
+        let script_string = trusted_script.data();
+        let new_string = JS_NewStringCopyN(
+            *cx,
+            script_string.as_ptr() as *const libc::c_char,
+            script_string.len(),
+        );
+        code_for_eval.set(new_string);
+    }
+    true
+}
+
 #[allow(unsafe_code)]
 unsafe extern "C" fn content_security_policy_allows(
     cx: *mut RawJSContext,
     runtime_code: RuntimeCode,
-    sample: HandleString,
+    code_string: HandleString,
-    _compilation_type: CompilationType,
+    compilation_type: CompilationType,
-    _parameter_strings: u8, //FIXME in bindings generation
+    parameter_strings: u8, //FIXME in bindings generation
-    _body_string: HandleString,
+    body_string: HandleString,
-    _parameter_args: u8, //FIXME in bindings generation
+    parameter_args: u8, //FIXME in bindings generation
-    _body_arg: HandleValue,
+    body_arg: RawHandleValue,
     can_compile_strings: *mut bool,
 ) -> bool {
     let mut allowed = false;
@@ -488,13 +518,17 @@ unsafe extern "C" fn content_security_policy_allows(
         let global = &GlobalScope::from_context(*cx, InRealm::Already(&in_realm_proof));
 
         allowed = match runtime_code {
-            RuntimeCode::JS => {
+            RuntimeCode::JS => TrustedScript::can_compile_string_with_trusted_type(
-                let source = std::ptr::NonNull::new(*sample)
+                cx,
-                    .map_or_else(String::new, |jsstr| jsstr_to_string(*cx, jsstr));
+                global,
-                global
+                safely_convert_null_to_string(cx, code_string),
-                    .get_csp_list()
+                compilation_type,
-                    .is_js_evaluation_allowed(global, &source)
+                parameter_strings,
-            },
+                safely_convert_null_to_string(cx, body_string),
+                parameter_args,
+                HandleValue::from_raw(body_arg),
+                CanGc::note(),
+            ),
             RuntimeCode::WASM => global.get_csp_list().is_wasm_evaluation_allowed(global),
         };
     });

tests/wpt/meta/content-security-policy/reporting/report-clips-sample.https.html.ini

@@ -1,10 +1,4 @@
 [report-clips-sample.https.html]
-  [Unsafe eval violation sample is clipped to 40 characters.]
-    expected: FAIL
-
-  [Unsafe indirect eval violation sample is clipped to 40 characters.]
-    expected: FAIL
-
   [Function constructor - the other kind of eval - is clipped.]
     expected: FAIL
 

tests/wpt/meta/trusted-types/DedicatedWorker-block-eval-function-constructor.html.ini

@@ -1,18 +0,0 @@
-[DedicatedWorker-block-eval-function-constructor.html]
-  [Blocked eval in DedicatedWorkerGlobalScope.]
-    expected: FAIL
-
-  [Blocked indirect eval in DedicatedWorkerGlobalScope.]
-    expected: FAIL
-
-  [Blocked Function constructor in DedicatedWorkerGlobalScope.]
-    expected: FAIL
-
-  [Blocked AsyncFunction constructor in DedicatedWorkerGlobalScope.]
-    expected: FAIL
-
-  [Blocked GeneratorFunction constructor in DedicatedWorkerGlobalScope.]
-    expected: FAIL
-
-  [Blocked AsyncGeneratorFunction constructor in DedicatedWorkerGlobalScope.]
-    expected: FAIL

tests/wpt/meta/trusted-types/DedicatedWorker-eval.html.ini

@@ -1,18 +0,0 @@
-[DedicatedWorker-eval.html]
-  [eval(string) in dedicated worker]
-    expected: FAIL
-
-  [indirect eval(string) in dedicated worker]
-    expected: FAIL
-
-  [eval(TrustedScript) in dedicated worker]
-    expected: FAIL
-
-  [indirect eval(TrustedScript) in dedicated worker]
-    expected: FAIL
-
-  [eval(string) with default policy mutation in dedicated worker]
-    expected: FAIL
-
-  [indirect eval(string) with default policy mutation in dedicated worker]
-    expected: FAIL

tests/wpt/meta/trusted-types/Window-block-eval-function-constructor.html.ini

@@ -1,18 +0,0 @@
-[Window-block-eval-function-constructor.html]
-  [Blocked eval in Window.]
-    expected: FAIL
-
-  [Blocked indirect eval in Window.]
-    expected: FAIL
-
-  [Blocked Function constructor in Window.]
-    expected: FAIL
-
-  [Blocked AsyncFunction constructor in Window.]
-    expected: FAIL
-
-  [Blocked GeneratorFunction constructor in Window.]
-    expected: FAIL
-
-  [Blocked AsyncGeneratorFunction constructor in Window.]
-    expected: FAIL

tests/wpt/meta/trusted-types/csp-block-eval.html.ini

@@ -1,3 +0,0 @@
-[csp-block-eval.html]
-  [eval with TrustedScript throws (script-src blocks).]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-csp-no-tt.html.ini

@@ -1,6 +0,0 @@
-[eval-csp-no-tt.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-csp-tt-default-policy-mutate.html.ini

@@ -1,18 +0,0 @@
-[eval-csp-tt-default-policy-mutate.html]
-  [eval of string where default policy mutates value throws.]
-    expected: FAIL
-
-  [indirect eval of string where default policy mutates value throws.]
-    expected: FAIL
-
-  [Function constructor with string where default policy mutates value throws.]
-    expected: FAIL
-
-  [AsyncFunction constructor with string where default policy mutates value throws.]
-    expected: FAIL
-
-  [GeneratorFunction constructor with string where default policy mutates value throws.]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor with string where default policy mutates value throws.]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-csp-tt-default-policy.html.ini

@@ -1,6 +0,0 @@
-[eval-csp-tt-default-policy.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-csp-tt-no-default-policy.html.ini

@@ -1,30 +1,3 @@
 [eval-csp-tt-no-default-policy.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL
-
-  [eval of string fails.]
-    expected: FAIL
-
-  [indirect eval of string fails.]
-    expected: FAIL
-
-  [Function constructor of string fails.]
-    expected: FAIL
-
-  [Function constructor of all strings fails.]
-    expected: FAIL
-
   [Function constructor of string and TrustedScript fails.]
     expected: FAIL
-
-  [AsyncFunction constructor of string fails.]
-    expected: FAIL
-
-  [GeneratorFunction constructor of string fails.]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor of string fails.]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-function-constructor-untrusted-arguments-and-applying-default-policy.html.ini

@@ -8,9 +8,6 @@
   [plain string at index 2 (default policy modifying the function text).]
     expected: FAIL
 
-  [plain string at index 3 (default policy modifying the function text).]
-    expected: FAIL
-
   [TrustedScript with forged toString() at index 0 (default policy modifying the function text).]
     expected: FAIL
 
@@ -19,6 +16,3 @@
 
   [TrustedScript with forged toString() at index 2 (default policy modifying the function text).]
     expected: FAIL
-
-  [TrustedScript with forged toString() at index 3 (default policy modifying the function text).]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-function-constructor-untrusted-arguments-and-default-policy-throwing.html.ini

@@ -1,6 +0,0 @@
-[eval-function-constructor-untrusted-arguments-and-default-policy-throwing.html]
-  [EvalError thrown if the callback of the default policy throws an error (eval).]
-    expected: FAIL
-
-  [EvalError thrown if the callback of the default policy throws an error (new Function).]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-function-constructor.html.ini

@@ -1,100 +1,4 @@
 [eval-function-constructor.html]
-  [Function constructor with mixed plain and trusted strings, mask #0]
-    expected: FAIL
-
-  [AsyncFunction constructor with mixed plain and trusted strings, mask #0]
-    expected: FAIL
-
-  [GeneratorFunction constructor with mixed plain and trusted strings, mask #0]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor with mixed plain and trusted strings, mask #0]
-    expected: FAIL
-
-  [Function constructor with mixed plain and trusted strings, mask #1]
-    expected: FAIL
-
-  [AsyncFunction constructor with mixed plain and trusted strings, mask #1]
-    expected: FAIL
-
-  [GeneratorFunction constructor with mixed plain and trusted strings, mask #1]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor with mixed plain and trusted strings, mask #1]
-    expected: FAIL
-
-  [Function constructor with mixed plain and trusted strings, mask #2]
-    expected: FAIL
-
-  [AsyncFunction constructor with mixed plain and trusted strings, mask #2]
-    expected: FAIL
-
-  [GeneratorFunction constructor with mixed plain and trusted strings, mask #2]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor with mixed plain and trusted strings, mask #2]
-    expected: FAIL
-
-  [Function constructor with mixed plain and trusted strings, mask #3]
-    expected: FAIL
-
-  [AsyncFunction constructor with mixed plain and trusted strings, mask #3]
-    expected: FAIL
-
-  [GeneratorFunction constructor with mixed plain and trusted strings, mask #3]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor with mixed plain and trusted strings, mask #3]
-    expected: FAIL
-
-  [Function constructor with mixed plain and trusted strings, mask #4]
-    expected: FAIL
-
-  [AsyncFunction constructor with mixed plain and trusted strings, mask #4]
-    expected: FAIL
-
-  [GeneratorFunction constructor with mixed plain and trusted strings, mask #4]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor with mixed plain and trusted strings, mask #4]
-    expected: FAIL
-
-  [Function constructor with mixed plain and trusted strings, mask #5]
-    expected: FAIL
-
-  [AsyncFunction constructor with mixed plain and trusted strings, mask #5]
-    expected: FAIL
-
-  [GeneratorFunction constructor with mixed plain and trusted strings, mask #5]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor with mixed plain and trusted strings, mask #5]
-    expected: FAIL
-
-  [Function constructor with mixed plain and trusted strings, mask #6]
-    expected: FAIL
-
-  [AsyncFunction constructor with mixed plain and trusted strings, mask #6]
-    expected: FAIL
-
-  [GeneratorFunction constructor with mixed plain and trusted strings, mask #6]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor with mixed plain and trusted strings, mask #6]
-    expected: FAIL
-
-  [Function constructor with mixed plain and trusted strings, mask #7]
-    expected: FAIL
-
-  [AsyncFunction constructor with mixed plain and trusted strings, mask #7]
-    expected: FAIL
-
-  [GeneratorFunction constructor with mixed plain and trusted strings, mask #7]
-    expected: FAIL
-
-  [AsyncGeneratorFunction constructor with mixed plain and trusted strings, mask #7]
-    expected: FAIL
-
   [Function constructor with mixed plain and trusted strings, mask #8]
     expected: FAIL
 
@@ -187,6 +91,3 @@
 
   [Function constructor with trusted strings, and a forged toString() for the one at index 2]
     expected: FAIL
-
-  [Function constructor with trusted strings, and a forged toString() for the one at index 3]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-no-csp-no-tt-default-policy.html.ini

@@ -1,6 +0,0 @@
-[eval-no-csp-no-tt-default-policy.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-no-csp-no-tt.html.ini

@@ -1,6 +0,0 @@
-[eval-no-csp-no-tt.html]
-  [eval of TrustedScript works.]
-    expected: FAIL
-
-  [indirect eval of TrustedScript works.]
-    expected: FAIL

tests/wpt/meta/trusted-types/eval-with-permissive-csp.html.ini

@@ -1,15 +0,0 @@
-[eval-with-permissive-csp.html]
-  [eval with plain string with Trusted Types and permissive CSP throws (no type).]
-    expected: FAIL
-
-  [indirect eval with plain string with Trusted Types and permissive CSP throws (no type).]
-    expected: FAIL
-
-  [Function constructor with plain string with Trusted Types and permissive CSP throws (no type).]
-    expected: FAIL
-
-  [eval with TrustedScript and permissive CSP works.]
-    expected: FAIL
-
-  [indirect eval with TrustedScript and permissive CSP works.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-eval-reporting-no-unsafe-eval.html.ini

@@ -1,6 +0,0 @@
-[trusted-types-eval-reporting-no-unsafe-eval.html]
-  [Trusted Type violation report: evaluating a string violates both script-src and trusted-types.]
-    expected: FAIL
-
-  [Trusted Type violation report: evaluating a Trusted Script violates script-src.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-eval-reporting-report-only.html.ini

@@ -1,6 +0,0 @@
-[trusted-types-eval-reporting-report-only.html]
-  [Trusted Type violation report: evaluating a string.]
-    expected: FAIL
-
-  [Trusted Type violation report: evaluating a Trusted Script.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-check-report-DedicatedWorker-sink-mismatch.html.ini

@@ -1,6 +1,3 @@
 [trusted-types-reporting-check-report-DedicatedWorker-sink-mismatch.html]
-  [Test report-uri works with require-trusted-types-for violation.]
-    expected: FAIL
-
   [Test number of sent reports.]
     expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-check-report-Window-sink-mismatch.html.ini

@@ -1,6 +1,3 @@
 [trusted-types-reporting-check-report-Window-sink-mismatch.html]
-  [Test report-uri works with require-trusted-types-for violation.]
-    expected: FAIL
-
   [Test number of sent reports.]
     expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-eval.html.ini

@@ -1,6 +0,0 @@
-[trusted-types-reporting-for-DedicatedWorker-eval.html]
-  [No violation reported for eval with TrustedScript.]
-    expected: FAIL
-
-  [Violation report for eval with plain string.]
-    expected: FAIL

tests/wpt/meta/trusted-types/trusted-types-reporting-for-Window-eval.html.ini

@@ -1,6 +0,0 @@
-[trusted-types-reporting-for-Window-eval.html]
-  [No violation reported for eval with TrustedScript.]
-    expected: FAIL
-
-  [Violation report for eval with plain string.]
-    expected: FAIL

tests/wpt/meta/trusted-types/tt-block-eval.html.ini

@@ -1,3 +0,0 @@
-[tt-block-eval.html]
-  [eval blocks if the default policy rejects a value.]
-    expected: FAIL