All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
We now check the sink of script.src for trusted types. This is the first
attribute that we check, other sinks will be implemented in follow-up
changes.
The algorithms currently hardcode various parts. That's because I need
to refactor a couple of algorithms already present in TrustedTypePolicy.
They use callbacks at the moment, which made sense for their initial
use. However, for these new algorithms they don't work. Therefore, I
will align them with the specification by taking in an enum. However,
since that's a bigger refactoring, I left that out of this PR (which is
already quite big).
The other trusted types support (createScript and createHTML) will also
be implemented separately.
Part of #36258
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Current implementation takes arguments for specifying values of
violation report, but is difficult to understand which value should be
passed. These changes create new builder for violation report to address
the issue.
Testing: These changes do not require tests because they just refactor
current code
Signed-off-by: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com>
* script: Add traits to allow converting between types that are not defined in the script crate.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* script: Rewrite all From/TryFrom implementations on generated WebIDL types to use new Convert/TryConvert traits.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* few cangc fixes
Signed-off-by: L Ashwin B <lashwinib@gmail.com>
* few cangc fixes
Signed-off-by: L Ashwin B <lashwinib@gmail.com>
---------
Signed-off-by: L Ashwin B <lashwinib@gmail.com>
* fix clone on copy warning in servoshell
Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com>
* Remove unecessary borrow in libservo
Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com>
* Ignore too many arguments warning on create_constellation()
Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com>
* fix explicit auto-deref warning
Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com>
* Autofix multiple clippy warnings in components/script
Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com>
---------
Signed-off-by: Ali Zein Yousuf <azy5030@gmail.com>
