Move CSP code into one entrypoint (#37604)

This refactoring moves various CSP-related methods away from GlobalScope and Document into a dedicated entrypoint. It also reduces the amount of imports of the CSP crate, so that types are consolidated into this one entrypoint. That way, we control how CSP code interacts with the script crate. For reviewing purposes, I split up the refactoring into separate distinct commits that all move 1 method(group) into the new file. Testing: no change in behavior, only a build improvement + code cleanup --------- Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
2025-08-04 21:20:23 +01:00 · 2025-06-24 10:50:30 +02:00 · 2025-06-24 10:50:30 +02:00 · fc20d8b2e1
commit fc20d8b2e1
parent 2265570c88
29 changed files with 424 additions and 289 deletions
--- a/components/script/dom/document.rs
+++ b/components/script/dom/document.rs
@ -2,7 +2,6 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */

-use std::borrow::Cow;
 use std::cell::{Cell, RefCell};
 use std::cmp::Ordering;
 use std::collections::hash_map::Entry::{Occupied, Vacant};
@ -22,7 +21,7 @@ use canvas_traits::canvas::CanvasId;
 use canvas_traits::webgl::{self, WebGLContextId, WebGLMsg};
 use chrono::Local;
 use constellation_traits::{NavigationHistoryBehavior, ScriptToConstellationMessage};
-use content_security_policy::{self as csp, CspList, PolicyDisposition};
+use content_security_policy::{CspList, PolicyDisposition};
 use cookie::Cookie;
 use cssparser::match_ignore_ascii_case;
 use data_url::mime::Mime;
@ -4306,30 +4305,6 @@ impl Document {
        self.policy_container.borrow().csp_list.clone()
    }

-    /// <https://www.w3.org/TR/CSP/#should-block-inline>
-    pub(crate) fn should_elements_inline_type_behavior_be_blocked(
-        &self,
-        el: &Element,
-        type_: csp::InlineCheckType,
-        source: &str,
-    ) -> csp::CheckResult {
-        let (result, violations) = match self.get_csp_list() {
-            None => {
-                return csp::CheckResult::Allowed;
-            },
-            Some(csp_list) => {
-                let element = csp::Element {
-                    nonce: el.nonce_value_if_nonceable().map(Cow::Owned),
-                };
-                csp_list.should_elements_inline_type_behavior_be_blocked(&element, type_, source)
-            },
-        };
-
-        self.global().report_csp_violations(violations, Some(el));
-
-        result
-    }
-
    /// Prevent any JS or layout from running until the corresponding call to
    /// `remove_script_and_layout_blocker`. Used to isolate periods in which
    /// the DOM is in an unstable state and should not be exposed to arbitrary