Bug 1925468 - Factor out "Get Trusted Type Data For Attribute". r=smaug

fred-wang · fred-wang · commit daa3d11166f4 · 2024-11-27T09:56:35.000Z
This patch introduces TrustedTypeUtils::GetTrustedTypeDataForAttribute to implement the corresponding algorithm from the spec: https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute It is currently only used by TrustedTypePolicyFactory::GetAttributeType but "Get Trusted Types-compliant attribute value" will use it to when we implement trusted types for setAttribute/setAttributeNS. https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation Differential Revision: https://phabricator.services.mozilla.com/D227926
diff --git a/dom/security/trusted-types/TrustedTypePolicyFactory.cpp b/dom/security/trusted-types/TrustedTypePolicyFactory.cpp
@@ -204,49 +204,48 @@ void TrustedTypePolicyFactory::GetAttributeType(const nsAString& aTagName,
                                                 const nsAString& aElementNs,
                                                 const nsAString& aAttrNs,
                                                 DOMString& aResult) {
+  // We first determine the namespace IDs for the element and attribute.
+  // Currently, GetTrustedTypeDataForAttribute() only test a few of them so use
+  // direct string comparisons instead of relying on
+  // nsNameSpaceManager::GetNameSpaceID().
+
+  // GetTrustedTypeDataForAttribute() can only return true for empty or XLink
+  // attribute namespaces, so don't bother calling it for other namespaces.
+  int32_t attributeNamespaceID = kNameSpaceID_Unknown;
+  if (aAttrNs.IsEmpty()) {
+    attributeNamespaceID = kNameSpaceID_None;
+  } else if (nsGkAtoms::nsuri_xlink->Equals(aAttrNs)) {
+    attributeNamespaceID = kNameSpaceID_XLink;
+  } else {
+    aResult.SetNull();
+    return;
+  }
+
+  // GetTrustedTypeDataForAttribute() only test HTML or SVG element namespaces,
+  // for testing event handler attributes the element namespace does not matter.
+  int32_t elementNamespaceID = kNameSpaceID_Unknown;
+  if (aElementNs.IsEmpty() || nsGkAtoms::nsuri_xhtml->Equals(aElementNs)) {
+    elementNamespaceID = kNameSpaceID_XHTML;
+  } else if (nsGkAtoms::nsuri_svg->Equals(aElementNs)) {
+    elementNamespaceID = kNameSpaceID_SVG;
+  }
+
   nsAutoString attribute;
   nsContentUtils::ASCIIToLower(aAttribute, attribute);
   RefPtr<nsAtom> attributeAtom = NS_Atomize(attribute);
 
-  // The spec is not really clear about which "event handler content attributes"
-  // we should consider, so we just include everything but XUL's specific ones.
-  // See https://github.com/w3c/trusted-types/issues/520.
-  if (aAttrNs.IsEmpty() &&
-      nsContentUtils::IsEventAttributeName(
-          attributeAtom, EventNameType_All & ~EventNameType_XUL)) {
-    // Event handler content attribute.
-    aResult.SetKnownLiveString(GetTrustedTypeName<TrustedScript>());
+  nsAutoString localName;
+  nsContentUtils::ASCIIToLower(aTagName, localName);
+  RefPtr<nsAtom> elementAtom = NS_Atomize(localName);
+
+  TrustedType trustedType;
+  nsAutoString unusedSink;
+  if (GetTrustedTypeDataForAttribute(elementAtom, elementNamespaceID,
+                                     attributeAtom, attributeNamespaceID,
+                                     trustedType, unusedSink)) {
+    aResult.SetKnownLiveString(GetTrustedTypeName(trustedType));
     return;
   }
-  if (aElementNs.IsEmpty() ||
-      aElementNs == nsDependentAtomString(nsGkAtoms::nsuri_xhtml)) {
-    if (nsContentUtils::EqualsIgnoreASCIICase(
-            aTagName, nsDependentAtomString(nsGkAtoms::iframe))) {
-      // HTMLIFrameElement
-      if (aAttrNs.IsEmpty() && attributeAtom == nsGkAtoms::srcdoc) {
-        aResult.SetKnownLiveString(GetTrustedTypeName<TrustedHTML>());
-        return;
-      }
-    } else if (nsContentUtils::EqualsIgnoreASCIICase(
-                   aTagName, nsDependentAtomString(nsGkAtoms::script))) {
-      // HTMLScriptElement
-      if (aAttrNs.IsEmpty() && attributeAtom == nsGkAtoms::src) {
-        aResult.SetKnownLiveString(GetTrustedTypeName<TrustedScriptURL>());
-        return;
-      }
-    }
-  } else if (aElementNs == nsDependentAtomString(nsGkAtoms::nsuri_svg)) {
-    if (nsContentUtils::EqualsIgnoreASCIICase(
-            aTagName, nsDependentAtomString(nsGkAtoms::script))) {
-      // SVGScriptElement
-      if ((aAttrNs.IsEmpty() ||
-           aAttrNs == nsDependentAtomString(nsGkAtoms::nsuri_xlink)) &&
-          attributeAtom == nsGkAtoms::href) {
-        aResult.SetKnownLiveString(GetTrustedTypeName<TrustedScriptURL>());
-        return;
-      }
-    }
-  }
 
   aResult.SetNull();
 }
@@ -263,8 +262,7 @@ void TrustedTypePolicyFactory::GetPropertyType(const nsAString& aTagName,
                                                const nsAString& aElementNs,
                                                DOMString& aResult) {
   RefPtr<nsAtom> propertyAtom = NS_Atomize(aProperty);
-  if (aElementNs.IsEmpty() ||
-      aElementNs == nsDependentAtomString(nsGkAtoms::nsuri_xhtml)) {
+  if (aElementNs.IsEmpty() || nsGkAtoms::nsuri_xhtml->Equals(aElementNs)) {
     if (nsContentUtils::EqualsIgnoreASCIICase(
             aTagName, nsDependentAtomString(nsGkAtoms::iframe))) {
       // HTMLIFrameElement
diff --git a/dom/security/trusted-types/TrustedTypeUtils.cpp b/dom/security/trusted-types/TrustedTypeUtils.cpp
@@ -34,6 +34,20 @@
 
 namespace mozilla::dom::TrustedTypeUtils {
 
+nsString GetTrustedTypeName(TrustedType aTrustedType) {
+  switch (aTrustedType) {
+    case TrustedType::TrustedHTML:
+      return GetTrustedTypeName<TrustedHTML>();
+      break;
+    case TrustedType::TrustedScript:
+      return GetTrustedTypeName<TrustedScript>();
+      break;
+    case TrustedType::TrustedScriptURL:
+      return GetTrustedTypeName<TrustedScriptURL>();
+      break;
+  }
+}
+
 // https://w3c.github.io/trusted-types/dist/spec/#abstract-opdef-does-sink-type-require-trusted-types
 static bool DoesSinkTypeRequireTrustedTypes(nsIContentSecurityPolicy* aCSP,
                                             const nsAString& aSinkGroup) {
@@ -373,4 +387,50 @@ IMPL_GET_TRUSTED_TYPES_COMPLIANT_STRING(TrustedScriptOrNullIsEmptyString,
 IMPL_GET_TRUSTED_TYPES_COMPLIANT_STRING(TrustedScriptURLOrString,
                                         TrustedScriptURL);
 
+bool GetTrustedTypeDataForAttribute(const nsAtom* aElementName,
+                                    int32_t aElementNamespaceID,
+                                    nsAtom* aAttributeName,
+                                    int32_t aAttributeNamespaceID,
+                                    TrustedType& aTrustedType,
+                                    nsAString& aSink) {
+  // The spec is not really clear about which "event handler content attributes"
+  // we should consider, so we just include everything but XUL's specific ones.
+  // See https://github.com/w3c/trusted-types/issues/520.
+  if (aAttributeNamespaceID == kNameSpaceID_None &&
+      nsContentUtils::IsEventAttributeName(
+          aAttributeName, EventNameType_All & ~EventNameType_XUL)) {
+    aTrustedType = TrustedType::TrustedScript;
+    return true;
+  }
+  if (aElementNamespaceID == kNameSpaceID_XHTML) {
+    if (aElementName == nsGkAtoms::iframe) {
+      // HTMLIFrameElement
+      if (aAttributeNamespaceID == kNameSpaceID_None &&
+          aAttributeName == nsGkAtoms::srcdoc) {
+        aTrustedType = TrustedType::TrustedHTML;
+        return true;
+      }
+    } else if (aElementName == nsGkAtoms::script) {
+      // HTMLScriptElement
+      if (aAttributeNamespaceID == kNameSpaceID_None &&
+          aAttributeName == nsGkAtoms::src) {
+        aTrustedType = TrustedType::TrustedScriptURL;
+        return true;
+      }
+    }
+  } else if (aElementNamespaceID == kNameSpaceID_SVG) {
+    if (aElementName == nsGkAtoms::script) {
+      // SVGScriptElement
+      if ((aAttributeNamespaceID == kNameSpaceID_None ||
+           aAttributeNamespaceID == kNameSpaceID_XLink) &&
+          aAttributeName == nsGkAtoms::href) {
+        aTrustedType = TrustedType::TrustedScriptURL;
+        return true;
+      }
+    }
+  }
+
+  return false;
+}
+
 }  // namespace mozilla::dom::TrustedTypeUtils
diff --git a/dom/security/trusted-types/TrustedTypeUtils.h b/dom/security/trusted-types/TrustedTypeUtils.h
@@ -48,6 +48,13 @@ nsString GetTrustedTypeName() {
   return u"TrustedScriptURL"_ns;
 }
 
+enum class TrustedType : int8_t {
+  TrustedHTML,
+  TrustedScript,
+  TrustedScriptURL,
+};
+nsString GetTrustedTypeName(TrustedType aTrustedType);
+
 // https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-compliant-string-algorithm
 //
 // May only run script if aInput is not a trusted type and if the trusted types
@@ -82,6 +89,14 @@ MOZ_CAN_RUN_SCRIPT void ProcessValueWithADefaultPolicy(
     const Document& aDocument, const nsAString& aInput, const nsAString& aSink,
     ExpectedType** aResult, ErrorResult& aError);
 
+// https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute
+bool GetTrustedTypeDataForAttribute(const nsAtom* aElementName,
+                                    int32_t aElementNamespaceID,
+                                    nsAtom* aAttributeName,
+                                    int32_t aAttributeNamespaceID,
+                                    TrustedType& aTrustedType,
+                                    nsAString& aSink);
+
 }  // namespace TrustedTypeUtils
 
 }  // namespace dom
