1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-12 01:43:43 +01:00
Commit graph

3 commits

Author SHA1 Message Date
Tim van der Lippe
576c7445b8
Use DOMString for internal data of Trusted Types ()
This avoids various conversions back and forth between DOMString and
String. By using DOMString consistently, we avoid these
double-conversions. The only caveat are the USVString which are
initially passed into
TrustedScriptURL.

Part of 

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-06-15 14:12:33 +00:00
Tim van der Lippe
4164f76769
Implement all trusted sinks in HTMLScriptElement ()
As a follow-up to the recent introduction of `script.src`
as trusted sink, this PR refactors machinery to also
support `TrustedScript`. In doing so, all trusted sinks
in `HTMLScriptElement` are now covered.

Instead of calling the callbacks in `policy.createX`,
we now have a `TrustedType` enum that specifies which callback
to invoke. Unfortunately we still have the `USVString` vs
`DOMString` problem, which is why we need to `.map` twice
to retrieve the backing `String` and avoid two different
types.

Additionally, I saw that `script.text` should have called
the "String replace all" algorithm rather than setting the
child contents. So that's also now fixed.

Part of 
Requires 

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-03 08:35:46 +00:00
Tim van der Lippe
b87bf0b806
Stub out Trusted Types interfaces ()
Some methods are implemented fully, while others are implemented
partly. With these implementations, there are no observed crashes
when running the trusted-types web-platform-tests.

Most notably, the tests/wpt/tests/trusted-types/idlharness.window.js
is now fully passing.

Part of 

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-04-05 13:08:56 +00:00