script: Implement document's active sandboxing flag set (#39079)

Implements document's active sandboxing flags. These are currently populated only from CSP-derived sandboxing flags for a new document, when defined in the CSP. Testing: 1 new pass, and some new wpt's are added to test points in the spec where these flags influence behaviour. Signed-off-by: Shane Handley <shanehandley@fastmail.com>
2025-09-30 08:39:16 +01:00 · 2025-09-05 15:02:23 +10:00 · 2025-09-05 15:02:23 +10:00 · 989c0d8994
commit 989c0d8994
parent f722419861
10 changed files with 156 additions and 15 deletions
--- a/components/script/dom/document.rs
+++ b/components/script/dom/document.rs
@ -19,6 +19,7 @@ use canvas_traits::canvas::CanvasId;
 use canvas_traits::webgl::{WebGLContextId, WebGLMsg};
 use chrono::Local;
 use constellation_traits::{NavigationHistoryBehavior, ScriptToConstellationMessage};
+use content_security_policy::sandboxing_directive::SandboxingFlagSet;
 use content_security_policy::{CspList, PolicyDisposition};
 use cookie::Cookie;
 use cssparser::match_ignore_ascii_case;
@ -569,6 +570,10 @@ pub(crate) struct Document {
    /// The global custom element reaction stack for this script thread.
    #[conditional_malloc_size_of]
    custom_element_reaction_stack: Rc<CustomElementReactionStack>,
+    #[no_trace]
+    #[ignore_malloc_size_of = "type from external crate"]
+    /// <https://html.spec.whatwg.org/multipage/#active-sandboxing-flag-set>,
+    active_sandboxing_flag_set: Cell<SandboxingFlagSet>,
 }

 #[allow(non_snake_case)]
@ -3439,6 +3444,7 @@ impl Document {
            waiting_on_canvas_image_updates: Cell::new(false),
            current_canvas_epoch: RefCell::new(Epoch(0)),
            custom_element_reaction_stack,
+            active_sandboxing_flag_set: Cell::new(SandboxingFlagSet::empty()),
        }
    }

@ -4416,6 +4422,14 @@ impl Document {
    pub(crate) fn custom_element_reaction_stack(&self) -> Rc<CustomElementReactionStack> {
        self.custom_element_reaction_stack.clone()
    }
+
+    pub(crate) fn has_active_sandboxing_flag(&self, flag: SandboxingFlagSet) -> bool {
+        self.active_sandboxing_flag_set.get().contains(flag)
+    }
+
+    pub(crate) fn set_active_sandboxing_flag_set(&self, flags: SandboxingFlagSet) {
+        self.active_sandboxing_flag_set.set(flags)
+    }
 }

 #[allow(non_snake_case)]
@ -4537,16 +4551,20 @@ impl DocumentMethods<crate::DomTypeHolder> for Document {
        }
    }

-    // https://html.spec.whatwg.org/multipage/#dom-document-domain
+    /// <https://html.spec.whatwg.org/multipage/#dom-document-domain>
    fn SetDomain(&self, value: DOMString) -> ErrorResult {
        // Step 1.
        if !self.has_browsing_context {
            return Err(Error::Security);
        }

-        // TODO: Step 2. "If this Document object's active sandboxing
-        // flag set has its sandboxed document.domain browsing context
-        // flag set, then throw a "SecurityError" DOMException."
+        // Step 2. If this Document object's active sandboxing flag set has its sandboxed
+        // document.domain browsing context flag set, then throw a "SecurityError" DOMException.
+        if self.has_active_sandboxing_flag(
+            SandboxingFlagSet::SANDBOXED_DOCUMENT_DOMAIN_BROWSING_CONTEXT_FLAG,
+        ) {
+            return Err(Error::Security);
+        }

        // Steps 3-4.
        let effective_domain = match self.origin.effective_domain() {