diff --git a/components/script/dom/element.rs b/components/script/dom/element.rs index a73c5347d70..cb120f0b174 100644 --- a/components/script/dom/element.rs +++ b/components/script/dom/element.rs @@ -1996,6 +1996,15 @@ impl Element { .unwrap_or_else(|_| TrustedScriptURLOrUSVString::USVString(USVString(value.to_owned()))) } + pub(crate) fn get_trusted_html_attribute(&self, local_name: &LocalName) -> TrustedHTMLOrString { + assert_eq!(*local_name, local_name.to_ascii_lowercase()); + let value = match self.get_attribute(&ns!(), local_name) { + Some(attr) => (&**attr.value()).into(), + None => "".into(), + }; + TrustedHTMLOrString::String(value) + } + pub(crate) fn get_string_attribute(&self, local_name: &LocalName) -> DOMString { match self.get_attribute(&ns!(), local_name) { Some(x) => x.Value(), diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs index 0fbff86e44a..18116eee8ae 100644 --- a/components/script/dom/htmliframeelement.rs +++ b/components/script/dom/htmliframeelement.rs @@ -27,6 +27,8 @@ use crate::dom::attr::Attr; use crate::dom::bindings::cell::DomRefCell; use crate::dom::bindings::codegen::Bindings::HTMLIFrameElementBinding::HTMLIFrameElementMethods; use crate::dom::bindings::codegen::Bindings::WindowBinding::Window_Binding::WindowMethods; +use crate::dom::bindings::codegen::UnionTypes::TrustedHTMLOrString; +use crate::dom::bindings::error::Fallible; use crate::dom::bindings::inheritance::Castable; use crate::dom::bindings::reflector::DomGlobal; use crate::dom::bindings::root::{DomRoot, LayoutDom, MutNullableDom}; @@ -40,6 +42,7 @@ use crate::dom::eventtarget::EventTarget; use crate::dom::globalscope::GlobalScope; use crate::dom::htmlelement::HTMLElement; use crate::dom::node::{Node, NodeDamage, NodeTraits, UnbindContext}; +use crate::dom::trustedhtml::TrustedHTML; use crate::dom::virtualmethods::VirtualMethods; use crate::dom::windowproxy::WindowProxy; use crate::script_runtime::CanGc; @@ -595,10 +598,29 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement { make_url_setter!(SetSrc, "src"); // https://html.spec.whatwg.org/multipage/#dom-iframe-srcdoc - make_getter!(Srcdoc, "srcdoc"); + fn Srcdoc(&self) -> TrustedHTMLOrString { + let element = self.upcast::(); + element.get_trusted_html_attribute(&local_name!("srcdoc")) + } // https://html.spec.whatwg.org/multipage/#dom-iframe-srcdoc - make_setter!(SetSrcdoc, "srcdoc"); + fn SetSrcdoc(&self, value: TrustedHTMLOrString, can_gc: CanGc) -> Fallible<()> { + // Step 1: Let compliantString be the result of invoking the + // Get Trusted Type compliant string algorithm with TrustedHTML, + // this's relevant global object, the given value, "HTMLIFrameElement srcdoc", and "script". + let element = self.upcast::(); + let local_name = &local_name!("srcdoc"); + let value = TrustedHTML::get_trusted_script_compliant_string( + &element.owner_global(), + value, + "HTMLIFrameElement", + local_name, + can_gc, + )?; + // Step 2: Set an attribute value given this, srcdoc's local name, and compliantString. + element.set_attribute(local_name, AttrValue::String(value), can_gc); + Ok(()) + } // https://html.spec.whatwg.org/multipage/#dom-iframe-sandbox fn Sandbox(&self, can_gc: CanGc) -> DomRoot { diff --git a/components/script_bindings/codegen/Bindings.conf b/components/script_bindings/codegen/Bindings.conf index 875a9498078..92871bc54aa 100644 --- a/components/script_bindings/codegen/Bindings.conf +++ b/components/script_bindings/codegen/Bindings.conf @@ -371,7 +371,7 @@ DOMInterfaces = { }, 'HTMLIFrameElement': { - 'canGc': ['Sandbox'], + 'canGc': ['Sandbox', 'SetSrcdoc'], }, 'HTMLImageElement': { diff --git a/components/script_bindings/webidls/HTMLIFrameElement.webidl b/components/script_bindings/webidls/HTMLIFrameElement.webidl index 8ba58a20f33..b083f51c0f1 100644 --- a/components/script_bindings/webidls/HTMLIFrameElement.webidl +++ b/components/script_bindings/webidls/HTMLIFrameElement.webidl @@ -9,8 +9,8 @@ interface HTMLIFrameElement : HTMLElement { [CEReactions] attribute USVString src; - [CEReactions] - attribute DOMString srcdoc; + [CEReactions, SetterThrows] + attribute (TrustedHTML or DOMString) srcdoc; [CEReactions] attribute DOMString name; diff --git a/tests/wpt/meta/trusted-types/HTMLElement-generic.html.ini b/tests/wpt/meta/trusted-types/HTMLElement-generic.html.ini deleted file mode 100644 index ea201041595..00000000000 --- a/tests/wpt/meta/trusted-types/HTMLElement-generic.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[HTMLElement-generic.html] - [TT enabled: iframe.srcdoc\n = String on a\n connected element\n ] - expected: FAIL - - [TT enabled: iframe.srcdoc\n = String on a\n non-connected element\n ] - expected: FAIL - - [TT enabled: iframe.srcdoc\n = String on a\n connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL - - [TT enabled: iframe.srcdoc\n = String on a\n non-connected element\n after removing the "require-trusted-types-for 'script' directive] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini b/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini index 7ad472ef325..0df917b86be 100644 --- a/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini +++ b/tests/wpt/meta/trusted-types/block-string-assignment-to-Element-setAttribute.html.ini @@ -20,9 +20,6 @@ [div.onclick's mutationobservers receive the default policy's value.] expected: FAIL - [iframe.srcdoc accepts string and null after default policy was created.] - expected: FAIL - [div.onclick accepts string and null after default policy was created.] expected: FAIL diff --git a/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLElement-generic.html.ini b/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLElement-generic.html.ini deleted file mode 100644 index ed5b6d15978..00000000000 --- a/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLElement-generic.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[block-string-assignment-to-HTMLElement-generic.html] - [iframe.srcdoc accepts only TrustedHTML] - expected: FAIL - - [iframe.srcdoc accepts string and null after default policy was created] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html.ini b/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html.ini deleted file mode 100644 index e7747a96001..00000000000 --- a/tests/wpt/meta/trusted-types/block-string-assignment-to-HTMLIFrameElement-srcdoc.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[block-string-assignment-to-HTMLIFrameElement-srcdoc.html] - [`iframe.srcdoc = string` throws.] - expected: FAIL - - [`iframe.srcdoc = null` throws.] - expected: FAIL - - [`iframe.srcdoc = string` assigned via default policy (successful HTML transformation).] - expected: FAIL diff --git a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-HTMLIFrameElement-srcdoc.html.ini b/tests/wpt/meta/trusted-types/trusted-types-reporting-for-HTMLIFrameElement-srcdoc.html.ini deleted file mode 100644 index 9f2a73c0900..00000000000 --- a/tests/wpt/meta/trusted-types/trusted-types-reporting-for-HTMLIFrameElement-srcdoc.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[trusted-types-reporting-for-HTMLIFrameElement-srcdoc.html] - [Violation report for plain string.] - expected: FAIL