Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-29 17:18:23 +01:00
Code Issues Projects Releases Packages Wiki Activity

script: Implement trusted types for DOMParser.parseFromString (#38872)

Browse source 
Part of #36258

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe 2025-08-27 08:10:16 +02:00 committed by GitHub
parent 4e85353472
commit d94929dbed
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 41 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

39
components/script/dom/domparser.rs
View file

@ -14,12 +14,13 @@ use crate::dom::bindings::codegen::Bindings::DOMParserBinding::SupportedType::{
}; };
use crate::dom::bindings::codegen::Bindings::DocumentBinding::DocumentReadyState; use crate::dom::bindings::codegen::Bindings::DocumentBinding::DocumentReadyState;
use crate::dom::bindings::codegen::Bindings::WindowBinding::WindowMethods; use crate::dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
use crate::dom::bindings::codegen::UnionTypes::TrustedHTMLOrString;
use crate::dom::bindings::error::Fallible; use crate::dom::bindings::error::Fallible;
use crate::dom::bindings::reflector::{Reflector, reflect_dom_object_with_proto}; use crate::dom::bindings::reflector::{Reflector, reflect_dom_object_with_proto};
use crate::dom::bindings::root::{Dom, DomRoot}; use crate::dom::bindings::root::{Dom, DomRoot};
use crate::dom::bindings::str::DOMString;
use crate::dom::document::{Document, DocumentSource, HasBrowsingContext, IsHTMLDocument}; use crate::dom::document::{Document, DocumentSource, HasBrowsingContext, IsHTMLDocument};
use crate::dom::servoparser::ServoParser; use crate::dom::servoparser::ServoParser;
use crate::dom::trustedhtml::TrustedHTML;
use crate::dom::window::Window; use crate::dom::window::Window;
use crate::script_runtime::CanGc; use crate::script_runtime::CanGc;
@ -60,10 +61,19 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
/// <https://html.spec.whatwg.org/multipage/#dom-domparser-parsefromstring> /// <https://html.spec.whatwg.org/multipage/#dom-domparser-parsefromstring>
fn ParseFromString( fn ParseFromString(
&self, &self,
s: DOMString, s: TrustedHTMLOrString,
ty: DOMParserBinding::SupportedType, ty: DOMParserBinding::SupportedType,
can_gc: CanGc, can_gc: CanGc,
) -> Fallible<DomRoot<Document>> { ) -> Fallible<DomRoot<Document>> {
// Step 1. Let compliantString be the result of invoking the
// Get Trusted Type compliant string algorithm with TrustedHTML,
// this's relevant global object, string, "DOMParser parseFromString", and "script".
let compliant_string = TrustedHTML::get_trusted_script_compliant_string(
self.window.as_global_scope(),
s,
"DOMParser parseFromString",
can_gc,
)?;
let url = self.window.get_url(); let url = self.window.get_url();
let content_type = ty let content_type = ty
.as_str() .as_str()
@ -71,8 +81,11 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
.expect("Supported type is not a MIME type"); .expect("Supported type is not a MIME type");
let doc = self.window.Document(); let doc = self.window.Document();
let loader = DocumentLoader::new(&doc.loader()); let loader = DocumentLoader::new(&doc.loader());
match ty { // Step 3. Switch on type:
let document = match ty {
Text_html => { Text_html => {
// Step 2. Let document be a new Document, whose content type is type
// and URL is this's relevant global object's associated Document's URL.
let document = Document::new( let document = Document::new(
&self.window, &self.window,
HasBrowsingContext::No, HasBrowsingContext::No,
@ -93,11 +106,13 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
doc.has_trustworthy_ancestor_or_current_origin(), doc.has_trustworthy_ancestor_or_current_origin(),
can_gc, can_gc,
); );
ServoParser::parse_html_document(&document, Some(s), url, can_gc); // Step switch-1. Parse HTML from a string given document and compliantString.
document.set_ready_state(DocumentReadyState::Complete, can_gc); ServoParser::parse_html_document(&document, Some(compliant_string), url, can_gc);
Ok(document) document
}, },
Text_xml | Application_xml | Application_xhtml_xml | Image_svg_xml => { Text_xml | Application_xml | Application_xhtml_xml | Image_svg_xml => {
// Step 2. Let document be a new Document, whose content type is type
// and URL is this's relevant global object's associated Document's URL.
let document = Document::new( let document = Document::new(
&self.window, &self.window,
HasBrowsingContext::No, HasBrowsingContext::No,
@ -118,10 +133,14 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
doc.has_trustworthy_ancestor_or_current_origin(), doc.has_trustworthy_ancestor_or_current_origin(),
can_gc, can_gc,
); );
ServoParser::parse_xml_document(&document, Some(s), url, can_gc); // Step switch-1. Create an XML parser parser, associated with document,
document.set_ready_state(DocumentReadyState::Complete, can_gc); // and with XML scripting support disabled.
Ok(document) ServoParser::parse_xml_document(&document, Some(compliant_string), url, can_gc);
document
}, },
} };
// Step 4. Return document.
document.set_ready_state(DocumentReadyState::Complete, can_gc);
Ok(document)
} }
} }

11
components/script/dom/servoparser/mod.rs
View file

@ -165,12 +165,18 @@ impl ServoParser {
self.can_write() self.can_write()
} }
/// <https://html.spec.whatwg.org/multipage/#parse-html-from-a-string>
pub(crate) fn parse_html_document( pub(crate) fn parse_html_document(
document: &Document, document: &Document,
input: Option<DOMString>, input: Option<DOMString>,
url: ServoUrl, url: ServoUrl,
can_gc: CanGc, can_gc: CanGc,
) { ) {
// Step 1. Set document's type to "html".
//
// Set by callers of this function and asserted here
assert!(document.is_html_document());
// Step 2. Create an HTML parser parser, associated with document.
let parser = if pref!(dom_servoparser_async_html_tokenizer_enabled) { let parser = if pref!(dom_servoparser_async_html_tokenizer_enabled) {
ServoParser::new( ServoParser::new(
document, document,
@ -191,7 +197,10 @@ impl ServoParser {
can_gc, can_gc,
) )
}; };
// Step 3. Place html into the input stream for parser. The encoding confidence is irrelevant.
// Step 4. Start parser and let it run until it has consumed all the
// characters just inserted into the input stream.
//
// Set as the document's current parser and initialize with `input`, if given. // Set as the document's current parser and initialize with `input`, if given.
if let Some(input) = input { if let Some(input) = input {
parser.parse_complete_string_chunk(String::from(input), can_gc); parser.parse_complete_string_chunk(String::from(input), can_gc);

4
components/script_bindings/webidls/DOMParser.webidl
View file

@ -17,6 +17,6 @@ enum SupportedType {
[Exposed=Window] [Exposed=Window]
interface DOMParser { interface DOMParser {
[Throws] constructor(); [Throws] constructor();
[Throws] [NewObject, Throws]
Document parseFromString(DOMString str, SupportedType type); Document parseFromString((TrustedHTML or DOMString) string, SupportedType type);
}; };

9
tests/wpt/meta/trusted-types/block-string-assignment-to-DOMParser-parseFromString.html.ini vendored
View file

@ -1,9 +0,0 @@
[block-string-assignment-to-DOMParser-parseFromString.html]
[`document.innerText = string` throws.]
expected: FAIL
['document.innerText = null' throws]
expected: FAIL
['document.innerText = string' assigned via default policy (successful HTML transformation).]
expected: FAIL

3
tests/wpt/meta/trusted-types/trusted-types-reporting-for-DOMParser-parseFromString.html.ini vendored
View file

@ -1,3 +0,0 @@
[trusted-types-reporting-for-DOMParser-parseFromString.html]
[Violation report for plain string.]
expected: FAIL