[ tor-browser ].git.dasho

TrustedTypeUtils.h (13309B)
      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEUTILS_H_
      8 #define DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEUTILS_H_
      9 
     10 #include "js/TypeDecls.h"
     11 #include "mozilla/Assertions.h"
     12 #include "mozilla/Attributes.h"
     13 #include "mozilla/dom/DOMString.h"
     14 #include "mozilla/dom/SessionStoreUtils.h"
     15 #include "mozilla/dom/TrustedTypesBinding.h"
     16 #include "nsCycleCollectionParticipant.h"
     17 #include "nsISupportsImpl.h"
     18 #include "nsString.h"
     19 
     20 class nsIContentSecurityPolicy;
     21 class nsIPrincipal;
     22 
     23 namespace mozilla {
     24 
     25 class ErrorResult;
     26 
     27 template <typename T>
     28 class Maybe;
     29 
     30 namespace dom {
     31 
     32 class TrustedHTMLOrString;
     33 class TrustedScript;
     34 class TrustedScriptOrString;
     35 class TrustedScriptOrNullIsEmptyString;
     36 class FunctionOrTrustedScriptOrString;
     37 class TrustedScriptURL;
     38 class TrustedScriptURLOrString;
     39 class TrustedScriptURLOrUSVString;
     40 class OwningTrustedScriptURLOrString;
     41 class TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString;
     42 
     43 namespace TrustedTypeUtils {
     44 
     45 template <typename T>
     46 nsString GetTrustedTypeName() {
     47  if constexpr (std::is_same_v<T, TrustedHTML>) {
     48    return u"TrustedHTML"_ns;
     49  }
     50  if constexpr (std::is_same_v<T, TrustedScript>) {
     51    return u"TrustedScript"_ns;
     52  }
     53  MOZ_ASSERT((std::is_same_v<T, TrustedScriptURL>));
     54  return u"TrustedScriptURL"_ns;
     55 }
     56 
     57 enum class TrustedType : int8_t {
     58  TrustedHTML,
     59  TrustedScript,
     60  TrustedScriptURL,
     61 };
     62 nsString GetTrustedTypeName(TrustedType aTrustedType);
     63 
     64 void ReportSinkTypeMismatchViolations(nsIContentSecurityPolicy* aCSP,
     65                                      nsICSPEventListener* aCSPEventListener,
     66                                      const nsCString& aFileName,
     67                                      uint32_t aLine, uint32_t aColumn,
     68                                      const nsAString& aSink,
     69                                      const nsAString& aSinkGroup,
     70                                      const nsAString& aSource);
     71 
     72 bool CanSkipTrustedTypesEnforcement(const nsINode& aNode);
     73 
     74 // https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-compliant-string-algorithm
     75 //
     76 // May only run script if aInput is not a trusted type and if the trusted types
     77 // pref is set to `true`. If this changes, callees might require adjusting.
     78 //
     79 // @param aResultHolder Keeps the compliant string alive when necessary.
     80 // @return The compliant string if aError didn't fail.
     81 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
     82    const TrustedHTMLOrString& aInput, const nsAString& aSink,
     83    const nsAString& aSinkGroup, const nsINode& aNode,
     84    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
     85    ErrorResult& aError);
     86 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
     87    const TrustedHTMLOrNullIsEmptyString& aInput, const nsAString& aSink,
     88    const nsAString& aSinkGroup, const nsINode& aNode,
     89    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
     90    ErrorResult& aError);
     91 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
     92    const TrustedHTMLOrString& aInput, const nsAString& aSink,
     93    const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
     94    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
     95    ErrorResult& aError);
     96 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
     97    const TrustedScriptOrString& aInput, const nsAString& aSink,
     98    const nsAString& aSinkGroup, const nsINode& aNode,
     99    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    100    ErrorResult& aError);
    101 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
    102    const TrustedScriptOrNullIsEmptyString& aInput, const nsAString& aSink,
    103    const nsAString& aSinkGroup, const nsINode& aNode,
    104    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    105    ErrorResult& aError);
    106 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
    107    const FunctionOrTrustedScriptOrString& aInput, const nsAString& aSink,
    108    const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
    109    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    110    ErrorResult& aError);
    111 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
    112    const TrustedScriptURLOrString& aInput, const nsAString& aSink,
    113    const nsAString& aSinkGroup, const nsINode& aNode,
    114    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    115    ErrorResult& aError);
    116 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
    117    const TrustedScriptURLOrUSVString& aInput, const nsAString& aSink,
    118    const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
    119    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    120    ErrorResult& aError);
    121 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
    122    const TrustedScriptURLOrUSVString& aInput, const nsAString& aSink,
    123    const nsAString& aSinkGroup, const nsINode& aNode,
    124    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    125    ErrorResult& aError);
    126 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantString(
    127    const OwningTrustedScriptURLOrString& aInput, const nsAString& aSink,
    128    const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
    129    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    130    ErrorResult& aError);
    131 MOZ_CAN_RUN_SCRIPT const nsAString*
    132 GetTrustedTypesCompliantStringForTrustedHTML(const nsAString& aInput,
    133                                             const nsAString& aSink,
    134                                             const nsAString& aSinkGroup,
    135                                             const nsINode& aNode,
    136                                             nsIPrincipal* aPrincipalOrNull,
    137                                             Maybe<nsAutoString>& aResultHolder,
    138                                             ErrorResult& aError);
    139 MOZ_CAN_RUN_SCRIPT const nsAString*
    140 GetTrustedTypesCompliantStringForTrustedScript(
    141    const nsAString& aInput, const nsAString& aSink,
    142    const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
    143    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    144    ErrorResult& aError);
    145 
    146 MOZ_CAN_RUN_SCRIPT const nsAString*
    147 GetTrustedTypesCompliantStringForTrustedScript(
    148    const nsAString& aInput, const nsAString& aSink,
    149    const nsAString& aSinkGroup, const nsINode& aNode,
    150    Maybe<nsAutoString>& aResultHolder, ErrorResult& aError);
    151 
    152 // https://w3c.github.io/trusted-types/dist/spec/#abstract-opdef-process-value-with-a-default-policy
    153 template <typename ExpectedType>
    154 MOZ_CAN_RUN_SCRIPT void ProcessValueWithADefaultPolicy(
    155    nsIGlobalObject& aGlobalObject, const nsAString& aInput,
    156    const nsAString& aSink, ExpectedType** aResult, ErrorResult& aError);
    157 
    158 // https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute
    159 bool GetTrustedTypeDataForAttribute(const nsAtom* aElementName,
    160                                    int32_t aElementNamespaceID,
    161                                    nsAtom* aAttributeName,
    162                                    int32_t aAttributeNamespaceID,
    163                                    TrustedType& aTrustedType,
    164                                    nsAString& aSink);
    165 
    166 // https://w3c.github.io/trusted-types/dist/spec/#abstract-opdef-get-trusted-types-compliant-attribute-value
    167 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue(
    168    const nsINode& aElement, nsAtom* aAttributeName,
    169    int32_t aAttributeNamespaceID,
    170    const TrustedHTMLOrTrustedScriptOrTrustedScriptURLOrString& aNewValue,
    171    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    172    ErrorResult& aError);
    173 MOZ_CAN_RUN_SCRIPT const nsAString* GetTrustedTypesCompliantAttributeValue(
    174    const nsINode& aElement, nsAtom* aAttributeName,
    175    int32_t aAttributeNamespaceID, const nsAString& aNewValue,
    176    nsIPrincipal* aPrincipalOrNull, Maybe<nsAutoString>& aResultHolder,
    177    ErrorResult& aError);
    178 
    179 // https://html.spec.whatwg.org/multipage/webappapis.html#hostgetcodeforeval(argument)
    180 bool HostGetCodeForEval(JSContext* aCx, JS::Handle<JSObject*> aCode,
    181                        JS::MutableHandle<JSString*> aOutCode);
    182 
    183 // Implements steps 1 and 2 of EnsureCSPDoesNotBlockStringCompilation.
    184 // See https://w3c.github.io/webappsec-csp/#can-compile-strings
    185 MOZ_CAN_RUN_SCRIPT bool
    186 AreArgumentsTrustedForEnsureCSPDoesNotBlockStringCompilation(
    187    JSContext* aCx, JS::Handle<JSString*> aCodeString,
    188    JS::CompilationType aCompilationType,
    189    JS::Handle<JS::StackGCVector<JSString*>> aParameterStrings,
    190    JS::Handle<JSString*> aBodyString,
    191    JS::Handle<JS::StackGCVector<JS::Value>> aParameterArgs,
    192    JS::Handle<JS::Value> aBodyArg, nsIPrincipal* aPrincipalOrNull,
    193    ErrorResult& aError);
    194 
    195 // This is step 4 of require-trusted-types-for Pre-Navigation check. The return
    196 // value is the stringified version of convertedScriptSource, or nullptr if the
    197 // algorithm should return "Blocked".
    198 // https://w3c.github.io/trusted-types/dist/spec/#require-trusted-types-for-pre-navigation-check
    199 MOZ_CAN_RUN_SCRIPT const nsAString*
    200 GetConvertedScriptSourceForPreNavigationCheck(
    201    nsIGlobalObject& aGlobalObject, const nsAString& aEncodedScriptSource,
    202    const nsAString& aSink, Maybe<nsAutoString>& aResultHolder,
    203    ErrorResult& aError);
    204 
    205 }  // namespace TrustedTypeUtils
    206 
    207 }  // namespace dom
    208 
    209 }  // namespace mozilla
    210 
    211 #define DECL_TRUSTED_TYPE_CLASS(_class)                                     \
    212  class _class {                                                            \
    213   public:                                                                  \
    214    NS_INLINE_DECL_CYCLE_COLLECTING_NATIVE_REFCOUNTING(_class)              \
    215    NS_DECL_CYCLE_COLLECTION_NATIVE_CLASS(_class)                           \
    216                                                                            \
    217    /* Required for Web IDL binding. */                                     \
    218    bool WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto,      \
    219                    JS::MutableHandle<JSObject*> aObject);                  \
    220                                                                            \
    221    void Stringify(DOMString& aResult) const {                              \
    222      aResult.SetKnownLiveString(mData);                                    \
    223    }                                                                       \
    224                                                                            \
    225    void ToJSON(DOMString& aResult) const {                                 \
    226      aResult.SetKnownLiveString(mData);                                    \
    227    }                                                                       \
    228                                                                            \
    229    /* This is always unforged data, because it's only instantiated         \
    230       from the befriended `TrustedType*` classes and other trusted         \
    231       functions . */                                                       \
    232    const nsString mData;                                                   \
    233                                                                            \
    234   private:                                                                 \
    235    template <typename T, typename... Args>                                 \
    236    friend RefPtr<T> mozilla::MakeRefPtr(Args&&... aArgs);                  \
    237    friend mozilla::dom::TrustedTypePolicy;                                 \
    238    friend mozilla::dom::TrustedTypePolicyFactory;                          \
    239    template <typename ExpectedType>                                        \
    240    friend void                                                             \
    241    mozilla::dom::TrustedTypeUtils::ProcessValueWithADefaultPolicy(         \
    242        nsIGlobalObject& aGlobalObject, const nsAString&, const nsAString&, \
    243        ExpectedType**, ErrorResult&);                                      \
    244                                                                            \
    245    explicit _class(const nsAString& aData) : mData{aData} {                \
    246      MOZ_ASSERT(!aData.IsVoid());                                          \
    247    }                                                                       \
    248                                                                            \
    249    /* Required because the class is cycle-colleceted. */                   \
    250    ~_class() = default;                                                    \
    251  };
    252 
    253 #define IMPL_TRUSTED_TYPE_CLASS(_class)                                      \
    254  NS_IMPL_CYCLE_COLLECTION(_class)                                           \
    255                                                                             \
    256  bool _class::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto, \
    257                          JS::MutableHandle<JSObject*> aObject) {            \
    258    return _class##_Binding::Wrap(aCx, this, aGivenProto, aObject);          \
    259  }
    260 
    261 #endif  // DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEUTILS_H_
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE