Update Trusted Types enforcement for document.write/writeln #10328
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
One thing to note is that the behaviour difference for default policy call is actually aligning with the shipping implementation (Chromium) |
lukewarlow
force-pushed
the
tt-document-write
branch
from
424f608
to
8290d72
Compare
lukewarlow
commented
May 7, 2024
annevk
reviewed
May 7, 2024
lukewarlow
force-pushed
the
tt-document-write
branch
from
8290d72
to
2dc877c
Compare
annevk
reviewed
May 7, 2024
|
Thanks for the reviews so far hopefully it's looking like you expect now. Definitely cleaner than the first draft. |
annevk
reviewed
May 7, 2024
There was a problem hiding this comment.
Yeah this looks good, thanks. Although now I wonder if we should have a shared operation as they are essentially copies? Maybe pass text to the document write steps and add an argument for a trailing LF? I guess @otherdaniel should agree to this as well at least.
lukewarlow
added a commit
to lukewarlow/WebKit
that referenced
this pull request
May 7, 2024
https://bugs.webkit.org/show_bug.cgi?id=273819 Reviewed by NOBODY (OOPS!). This patch switches document.write and writeln to use a union IDL type and single call to default policy. This brings it close to chromium behaviour. See whatwg/html#10328 * LayoutTests/imported/w3c/web-platform-tests/trusted-types/Document-write-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/trusted-types/Document-write.html: * LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write.html: * Source/WebCore/dom/Document+HTML.idl: * Source/WebCore/dom/Document.cpp: (WebCore::Document::write): (WebCore::Document::writeln): * Source/WebCore/dom/Document.h:
|
Thanks! We're happy with this, too. |
|
@annevk am I okay to say this has webkit implementor interest? The webkit pr itself is being merged but I can do follow ups to change it. Mainly want it in to move away from the IDL attribute. |
webkit-commit-queue
pushed a commit
to lukewarlow/WebKit
that referenced
this pull request
May 8, 2024
https://bugs.webkit.org/show_bug.cgi?id=273819 Reviewed by Ryosuke Niwa. This patch switches document.write and writeln to use a union IDL type and single call to default policy. This brings it close to chromium behaviour. See whatwg/html#10328 * LayoutTests/imported/w3c/web-platform-tests/trusted-types/Document-write-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/trusted-types/Document-write.html: * LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write.html: * Source/WebCore/dom/Document+HTML.idl: * Source/WebCore/dom/Document.cpp: (WebCore::Document::write): (WebCore::Document::writeln): * Source/WebCore/dom/Document.h: Canonical link: https://commits.webkit.org/278501@main
|
I think the deduplication still needs to happen. As for implementer interest, it's a bit tricky. WebKit hasn't established a position as of yet in part due to the many outstanding issues with Trusted Types. This refactoring on its own seems okay, but I would not want that to be taken as WebKit being okay with it in general. |
|
I've refactored this to move things into the document write steps. |
zcorpan
reviewed
May 15, 2024
lukewarlow
force-pushed
the
tt-document-write
branch
from
b97d4a0
to
b7dbca8
Compare
zcorpan
approved these changes
May 15, 2024
lukewarlow
added a commit
to lukewarlow/WebKit
that referenced
this pull request
May 24, 2024
https://bugs.webkit.org/show_bug.cgi?id=273819 Reviewed by NOBODY (OOPS!). This patch switches document.write and writeln to use a union IDL type and single call to default policy. See whatwg/html#10328 * LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write-expected.txt: * Source/WebCore/dom/DOMImplementation.cpp: (WebCore::DOMImplementation::createHTMLDocument): * Source/WebCore/dom/Document+HTML.idl: * Source/WebCore/dom/Document.cpp: (WebCore::Document::write): (WebCore::Document::writeln): * Source/WebCore/dom/Document.h: * Source/WebKitLegacy/mac/DOM/DOMHTMLDocument.mm: (-[DOMHTMLDocument write:]): (-[DOMHTMLDocument writeln:]):
lukewarlow
added a commit
to lukewarlow/WebKit
that referenced
this pull request
May 28, 2024
https://bugs.webkit.org/show_bug.cgi?id=273819 Reviewed by NOBODY (OOPS!). This patch switches document.write and writeln to use a union IDL type and single call to default policy. See whatwg/html#10328 * LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write-expected.txt: * Source/WebCore/dom/DOMImplementation.cpp: (WebCore::DOMImplementation::createHTMLDocument): * Source/WebCore/dom/Document+HTML.idl: * Source/WebCore/dom/Document.cpp: (WebCore::Document::write): (WebCore::Document::writeln): * Source/WebCore/dom/Document.h: * Source/WebKitLegacy/mac/DOM/DOMHTMLDocument.mm: (-[DOMHTMLDocument write:]): (-[DOMHTMLDocument writeln:]):
lukewarlow
added a commit
to lukewarlow/WebKit
that referenced
this pull request
May 28, 2024
https://bugs.webkit.org/show_bug.cgi?id=273819 Reviewed by NOBODY (OOPS!). This patch switches document.write and writeln to use a union IDL type and single call to default policy. See whatwg/html#10328 * LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write-expected.txt: * Source/WebCore/dom/DOMImplementation.cpp: (WebCore::DOMImplementation::createHTMLDocument): * Source/WebCore/dom/Document+HTML.idl: * Source/WebCore/dom/Document.cpp: (WebCore::Document::write): (WebCore::Document::writeln): * Source/WebCore/dom/Document.h: * Source/WebKitLegacy/mac/DOM/DOMHTMLDocument.mm: (-[DOMHTMLDocument write:]): (-[DOMHTMLDocument writeln:]):
5 tasks
This changes from using HTMLString to a TrustedHTML or DOMString union. This also changes the timing of the default policy call.
lukewarlow
force-pushed
the
tt-document-write
branch
from
b7dbca8
to
ae1f8f1
Compare
|
No need for any change to MDN here as far as I can tell. Everything seems in order, so merging. |
lukewarlow
added a commit
to lukewarlow/WebKit
that referenced
this pull request
May 29, 2024
https://bugs.webkit.org/show_bug.cgi?id=273819 Reviewed by NOBODY (OOPS!). This patch switches document.write and writeln to use a union IDL type and single call to default policy. See whatwg/html#10328 * LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-string-assignment-to-Document-write-expected.txt: * Source/WebCore/dom/DOMImplementation.cpp: (WebCore::DOMImplementation::createHTMLDocument): * Source/WebCore/dom/Document+HTML.idl: * Source/WebCore/dom/Document.cpp: (WebCore::Document::trustedWrite): (WebCore::Document::write): (WebCore::Document::writeln): * Source/WebCore/dom/Document.h: * Source/WebKitLegacy/mac/DOM/DOMHTMLDocument.mm: (-[DOMHTMLDocument write:]): (-[DOMHTMLDocument writeln:]):
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update Trusted Types enforcement for document.write/writeln
This changes from using HTMLString to a TrustedHTML or DOMString union.
This also changes the timing of the default policy call.
(See WHATWG Working Mode: Changes for more details.)
/dom.html ( diff )
/dynamic-markup-insertion.html ( diff )
/infrastructure.html ( diff )