From e57c1edc7fa990135aa095abc8e1354c65105b7f Mon Sep 17 00:00:00 2001 From: Luke Warlow Date: Thu, 14 Mar 2024 16:39:02 +0000 Subject: [PATCH 1/3] Update handling of timer functions --- spec/index.bs | 67 ++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/spec/index.bs b/spec/index.bs index e023b1be..911caf62 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -1249,17 +1249,9 @@ partial interface mixin WindowOrWorkerGlobalScope { To the [[HTML5#timer-initialisation-steps|timer initialization steps algorithm]], -add this step between 7.1 and 7.2: +change step 8.3.2 as follows: -1. If the first operation argument is not a {{Function}}, set the first operation argument to the result of executing - the [$Get Trusted Type compliant string$] algorithm, with - * |global| set to the [=this=] value's [=relevant global object=]. - * |input| set to the first method argument, and - * |expectedType| set to {{TrustedScript}}. - * |sink| set to `Window setInterval` if repeat is true, `Window setTimeout` otherwise. - * |sinkGroup| set to `'script'`. - - Note: This matches the logic that the extended attribute would apply. +1. Perform HostEnsureCanCompileStrings(realm, « », handler, false, handler, ~timer~, « », handler). If this throws an exception, catch it, report the exception, and abort these steps. Note: This makes sure that a {{TrustedScript}} is passed to timer functions in place of a string when Trusted Types are enforced, but @@ -1668,32 +1660,35 @@ The Trusted Types portion of this algorithm uses |calleeRealm| and its CSP setti Given a [[ECMA-262#realm|realm]] (|calleeRealm|), a list of strings (|parameterStrings|), a string (|bodyString|), a string (|source|), an enum (|compilationType|), a list of ECMAScript language values (|parameterArgs|), and an ECMAScript language value (|bodyArg|), this algorithm returns normally if compilation is allowed, and throws an "`EvalError`" if not: -1. Let |compilationSink| be `"Function"` if |compilationType| is `*FUNCTION*`, otherwise `"Eval"`. -1. Let |isTrusted| be `true`. -1. If |bodyArg| is not a {{TrustedScript}} object, set |isTrusted| to `false`. -1. If |isTrusted| is `true` then: - 1. If |bodyString| is not equal to |bodyArg|'s [=TrustedScript/[[Data]]=] internal slot, set |isTrusted| to `false`. -1. If |isTrusted| is `true`, then: - 1. For each |arg| in |parameterArgs|: - 1. Let |index| be the index of |arg| in |parameterArgs|. - 1. If |arg| is not a {{TrustedScript}} object, set |isTrusted| to `false`. - 1. If |isTrusted| is `true`, then: - 1. if |parameterStrings|[|index|] is not equal to |arg|'s [=TrustedScript/[[Data]]=] internal slot, set |isTrusted| to `false`. -1. If |isTrusted| is `true`, let |sourceToValidate| be a new instance of - the {{TrustedScript}} interface, with its [=TrustedScript/[[Data]]=] internal slot value - set to |source|. Otherwise, let |sourceToValidate| be |source|. - -1. Let |sourceString| be the result of executing the - [$Get Trusted Type compliant string$] algorithm, with: - * |calleeRealm| as |global|, - * |sourceToValidate| as |input|, - * |compilationSink| as |sink|, - * `'script'` as |sinkGroup|, - * {{TrustedScript}} as |expectedType|. - -1. If the algorithm throws an error, throw an {{EvalError}}. - -1. If |sourceString| is not equal to |source|, throw an {{EvalError}}. +1. If |compilationType| is `*TIMER*`, then: + 1. Let |sourceString| be |source|. +1. Else: + 1. Let |compilationSink| be `"Function"` if |compilationType| is `*FUNCTION*`, otherwise `"Eval"`. + 1. Let |isTrusted| be `true`. + 1. If |bodyArg| is not a {{TrustedScript}} object, set |isTrusted| to `false`. + 1. If |isTrusted| is `true` then: + 1. If |bodyString| is not equal to |bodyArg|'s [=TrustedScript/[[Data]]=] internal slot, set |isTrusted| to `false`. + 1. If |isTrusted| is `true`, then: + 1. For each |arg| in |parameterArgs|: + 1. Let |index| be the index of |arg| in |parameterArgs|. + 1. If |arg| is not a {{TrustedScript}} object, set |isTrusted| to `false`. + 1. If |isTrusted| is `true`, then: + 1. if |parameterStrings|[|index|] is not equal to |arg|'s [=TrustedScript/[[Data]]=] internal slot, set |isTrusted| to `false`. + 1. If |isTrusted| is `true`, let |sourceToValidate| be a new instance of + the {{TrustedScript}} interface, with its [=TrustedScript/[[Data]]=] internal slot value + set to |source|. Otherwise, let |sourceToValidate| be |source|. + + 1. Let |sourceString| be the result of executing the + [$Get Trusted Type compliant string$] algorithm, with: + * |calleeRealm| as |global|, + * |sourceToValidate| as |input|, + * |compilationSink| as |sink|, + * `'script'` as |sinkGroup|, + * {{TrustedScript}} as |expectedType|. + + 1. If the algorithm throws an error, throw an {{EvalError}}. + + 1. If |sourceString| is not equal to |source|, throw an {{EvalError}}. 1. Let |global| be a |calleeRealm|'s [=realm/global object=]. From 2c0de9fa079d0cd493074a669209db2bebe0a4a0 Mon Sep 17 00:00:00 2001 From: Luke Warlow Date: Tue, 26 Mar 2024 16:02:13 +0000 Subject: [PATCH 2/3] Perform EnsureCSPDoesNotBlockStringCompilation directly from timer initialisation. --- spec/index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/index.bs b/spec/index.bs index 911caf62..93b59ad8 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -1251,7 +1251,7 @@ partial interface mixin WindowOrWorkerGlobalScope { To the [[HTML5#timer-initialisation-steps|timer initialization steps algorithm]], change step 8.3.2 as follows: -1. Perform HostEnsureCanCompileStrings(realm, « », handler, false, handler, ~timer~, « », handler). If this throws an exception, catch it, report the exception, and abort these steps. +1. Perform HostEnsureCanCompileStringsEnsureCSPDoesNotBlockStringCompilation(realm, « », handler, false, handler, ~timer~, « », handler). If this throws an exception, catch it, report the exception, and abort these steps. Note: This makes sure that a {{TrustedScript}} is passed to timer functions in place of a string when Trusted Types are enforced, but From 84292f49674f097c8f4785b5d2ba0f52028e866c Mon Sep 17 00:00:00 2001 From: Luke Warlow Date: Wed, 27 Mar 2024 12:46:30 +0000 Subject: [PATCH 3/3] Move note to make it clearer, update spec step that is being patched as it's changed --- spec/index.bs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/index.bs b/spec/index.bs index 93b59ad8..535cdf28 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -1248,15 +1248,15 @@ partial interface mixin WindowOrWorkerGlobalScope { }; -To the [[HTML5#timer-initialisation-steps|timer initialization steps algorithm]], -change step 8.3.2 as follows: - -1. Perform HostEnsureCanCompileStringsEnsureCSPDoesNotBlockStringCompilation(realm, « », handler, false, handler, ~timer~, « », handler). If this throws an exception, catch it, report the exception, and abort these steps. - Note: This makes sure that a {{TrustedScript}} is passed to timer functions in place of a string when Trusted Types are enforced, but also unconditionally accepts any {{Function}} object. +To the [[HTML5#timer-initialisation-steps|timer initialization steps algorithm]], +change step 8.4.3 as follows: + +1. Perform HostEnsureCanCompileStringsEnsureCSPDoesNotBlockStringCompilation(realm, « », handler, false, handler, ~timer~, « », handler). If this throws an exception, catch it, report the exception, and abort these steps. + ### Enforcement in event handler content attributes ### {#enforcement-in-event-handler-content-attributes} This document modifies the