servo
diff --git a/‎components/script/dom/htmlscriptelement.rs‎
Lines changed: 4 additions & 8 deletions b/‎components/script/dom/htmlscriptelement.rs‎
Lines changed: 4 additions & 8 deletions
diff --git a/‎components/script/dom/trustedscript.rs‎
Lines changed: 83 additions & 5 deletions b/‎components/script/dom/trustedscript.rs‎
Lines changed: 83 additions & 5 deletions
diff --git a/‎components/script/dom/trustedtypepolicyfactory.rs‎
Lines changed: 13 additions & 16 deletions b/‎components/script/dom/trustedtypepolicyfactory.rs‎
Lines changed: 13 additions & 16 deletions
diff --git a/‎components/script/script_runtime.rs‎
Lines changed: 59 additions & 25 deletions b/‎components/script/script_runtime.rs‎
Lines changed: 59 additions & 25 deletions
diff --git a/‎tests/wpt/meta/content-security-policy/reporting/report-clips-sample.https.html.ini‎
Lines changed: 0 additions & 6 deletions b/‎tests/wpt/meta/content-security-policy/reporting/report-clips-sample.https.html.ini‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎tests/wpt/meta/trusted-types/DedicatedWorker-block-eval-function-constructor.html.ini‎
Lines changed: 0 additions & 18 deletions b/‎tests/wpt/meta/trusted-types/DedicatedWorker-block-eval-function-constructor.html.ini‎
Lines changed: 0 additions & 18 deletions
@@ -606,8 +606,7 @@ impl HTMLScriptElement {
             *self.script_text.borrow_mut() = TrustedScript::get_trusted_script_compliant_string(
                 &self.owner_global(),
                 self.Text(),
-                "HTMLScriptElement",
-                "text",
+                "HTMLScriptElement text",
                 can_gc,
             )?;
         }
@@ -1475,8 +1474,7 @@ impl HTMLScriptElementMethods<crate::DomTypeHolder> for HTMLScriptElement {
         let value = TrustedScript::get_trusted_script_compliant_string(
             &self.owner_global(),
             input,
-            "HTMLScriptElement",
-            "innerText",
+            "HTMLScriptElement innerText",
             can_gc,
         )?;
         *self.script_text.borrow_mut() = value.clone();
@@ -1497,8 +1495,7 @@ impl HTMLScriptElementMethods<crate::DomTypeHolder> for HTMLScriptElement {
         let value = TrustedScript::get_trusted_script_compliant_string(
             &self.owner_global(),
             value,
-            "HTMLScriptElement",
-            "text",
+            "HTMLScriptElement text",
             can_gc,
         )?;
         // Step 2: Set this's script text value to the given value.
@@ -1523,8 +1520,7 @@ impl HTMLScriptElementMethods<crate::DomTypeHolder> for HTMLScriptElement {
         let value = TrustedScript::get_trusted_script_compliant_string(
             &self.owner_global(),
             value.unwrap_or(TrustedScriptOrString::String(DOMString::from(""))),
-            "HTMLScriptElement",
-            "textContent",
+            "HTMLScriptElement textContent",
             can_gc,
         )?;
         // Step 2: Set this's script text value to value.
 
@@ -4,17 +4,20 @@
 use std::fmt;
 
 use dom_struct::dom_struct;
+use js::jsapi::CompilationType;
+use js::rust::HandleValue;
 
 use crate::dom::bindings::codegen::Bindings::TrustedScriptBinding::TrustedScriptMethods;
 use crate::dom::bindings::codegen::UnionTypes::TrustedScriptOrString;
 use crate::dom::bindings::error::Fallible;
 use crate::dom::bindings::reflector::{Reflector, reflect_dom_object};
 use crate::dom::bindings::root::DomRoot;
 use crate::dom::bindings::str::DOMString;
+use crate::dom::csp::CspReporting;
 use crate::dom::globalscope::GlobalScope;
 use crate::dom::trustedtypepolicy::TrustedType;
 use crate::dom::trustedtypepolicyfactory::TrustedTypePolicyFactory;
-use crate::script_runtime::CanGc;
+use crate::script_runtime::{CanGc, JSContext};
 
 #[dom_struct]
 pub struct TrustedScript {
@@ -39,18 +42,16 @@ impl TrustedScript {
     pub(crate) fn get_trusted_script_compliant_string(
         global: &GlobalScope,
         value: TrustedScriptOrString,
-        containing_class: &str,
-        field: &str,
+        sink: &str,
         can_gc: CanGc,
     ) -> Fallible<DOMString> {
         match value {
             TrustedScriptOrString::String(value) => {
-                let sink = format!("{} {}", containing_class, field);
                 TrustedTypePolicyFactory::get_trusted_type_compliant_string(
                     TrustedType::TrustedScript,
                     global,
                     value,
-                    &sink,
+                    sink,
                     "'script'",
                     can_gc,
                 )
@@ -59,6 +60,83 @@ impl TrustedScript {
             TrustedScriptOrString::TrustedScript(trusted_script) => Ok(trusted_script.data.clone()),
         }
     }
+
+    pub(crate) fn data(&self) -> DOMString {
+        self.data.clone()
+    }
+
+    /// <https://www.w3.org/TR/CSP/#can-compile-strings>
+    #[allow(clippy::too_many_arguments)]
+    pub(crate) fn can_compile_string_with_trusted_type(
+        cx: JSContext,
+        global: &GlobalScope,
+        code_string: DOMString,
+        compilation_type: CompilationType,
+        _parameter_strings: u8, //FIXME in bindings generation
+        body_string: DOMString,
+        _parameter_args: u8, //FIXME in bindings generation
+        body_arg: HandleValue,
+        can_gc: CanGc,
+    ) -> bool {
+        // Step 2.1. Let compilationSink be "Function" if compilationType is "FUNCTION",
+        // and "eval" otherwise.
+        let compilation_sink = if compilation_type == CompilationType::Function {
+            "Function"
+        } else {
+            "eval"
+        };
+        // Step 2.2. Let isTrusted be true if bodyArg implements TrustedScript,
+        // and false otherwise.
+        let is_trusted = match TrustedTypePolicyFactory::is_trusted_script(cx, body_arg) {
+            // Step 2.3. If isTrusted is true then:
+            Ok(trusted_script) => {
+                // Step 2.3.1. If bodyString is not equal to bodyArg’s data, set isTrusted to false.
+                body_string == trusted_script.data
+            },
+            _ => false,
+        };
+        // Step 2.4. If isTrusted is true, then:
+        // Step 2.4.1. Assert: parameterArgs’ [list/size=] is equal to [parameterStrings]' size.
+        // Step 2.4.2. For each index of the range 0 to |parameterArgs]' [list/size=]:
+        // Step 2.4.2.1. Let arg be parameterArgs[index].
+        // Step 2.4.2.2. If arg implements TrustedScript, then:
+        // Step 2.4.2.2.1. if parameterStrings[index] is not equal to arg’s data,
+        // set isTrusted to false.
+        // Step 2.4.2.3. Otherwise, set isTrusted to false.
+        // Step 2.5. Let sourceToValidate be a new TrustedScript object created in realm
+        // whose data is set to codeString if isTrusted is true, and codeString otherwise.
+        let source_string = if is_trusted {
+            // We don't need to call the compliant string algorithm, as it would immediately
+            // unroll the type as allowed by copying the data. This allows us to skip creating
+            // the DOM object.
+            code_string
+        } else {
+            // Step 2.6. Let sourceString be the result of executing the
+            // Get Trusted Type compliant string algorithm, with TrustedScript, realm,
+            // sourceToValidate, compilationSink, and 'script'.
+            match TrustedScript::get_trusted_script_compliant_string(
+                global,
+                TrustedScriptOrString::String(code_string.clone()),
+                compilation_sink,
+                can_gc,
+            ) {
+                // Step 2.7. If the algorithm throws an error, throw an EvalError.
+                Err(_) => {
+                    return false;
+                },
+                Ok(source_string) => {
+                    // Step 2.8. If sourceString is not equal to codeString, throw an EvalError.
+                    if source_string != code_string {
+                        return false;
+                    }
+                    source_string
+                },
+            }
+        };
+        global
+            .get_csp_list()
+            .is_js_evaluation_allowed(global, &source_string)
+    }
 }
 
 impl fmt::Display for TrustedScript {
 
@@ -12,7 +12,7 @@ use script_bindings::conversions::SafeToJSValConvertible;
 use crate::dom::bindings::codegen::Bindings::TrustedTypePolicyFactoryBinding::{
     TrustedTypePolicyFactoryMethods, TrustedTypePolicyOptions,
 };
-use crate::dom::bindings::conversions::root_from_object;
+use crate::dom::bindings::conversions::root_from_handlevalue;
 use crate::dom::bindings::error::{Error, Fallible};
 use crate::dom::bindings::reflector::{DomGlobal, Reflector, reflect_dom_object};
 use crate::dom::bindings::root::{DomRoot, MutNullableDom};
@@ -236,6 +236,15 @@ impl TrustedTypePolicyFactory {
         // Step 7: Assert: convertedInput is an instance of expectedType.
         // TODO(https://github.com/w3c/trusted-types/issues/566): Implement when spec is resolved
     }
+
+    /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-isscript>
+    #[allow(unsafe_code)]
+    pub(crate) fn is_trusted_script(
+        cx: JSContext,
+        value: HandleValue,
+    ) -> Result<DomRoot<TrustedScript>, ()> {
+        unsafe { root_from_handlevalue::<TrustedScript>(value, *cx) }
+    }
 }
 
 impl TrustedTypePolicyFactoryMethods<crate::DomTypeHolder> for TrustedTypePolicyFactory {
@@ -251,29 +260,17 @@ impl TrustedTypePolicyFactoryMethods<crate::DomTypeHolder> for TrustedTypePolicy
     /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-ishtml>
     #[allow(unsafe_code)]
     fn IsHTML(&self, cx: JSContext, value: HandleValue) -> bool {
-        if !value.get().is_object() {
-            return false;
-        }
-        rooted!(in(*cx) let object = value.to_object());
-        unsafe { root_from_object::<TrustedHTML>(object.get(), *cx).is_ok() }
+        unsafe { root_from_handlevalue::<TrustedHTML>(value, *cx).is_ok() }
     }
     /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-isscript>
     #[allow(unsafe_code)]
     fn IsScript(&self, cx: JSContext, value: HandleValue) -> bool {
-        if !value.get().is_object() {
-            return false;
-        }
-        rooted!(in(*cx) let object = value.to_object());
-        unsafe { root_from_object::<TrustedScript>(object.get(), *cx).is_ok() }
+        TrustedTypePolicyFactory::is_trusted_script(cx, value).is_ok()
     }
     /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-isscripturl>
     #[allow(unsafe_code)]
     fn IsScriptURL(&self, cx: JSContext, value: HandleValue) -> bool {
-        if !value.get().is_object() {
-            return false;
-        }
-        rooted!(in(*cx) let object = value.to_object());
-        unsafe { root_from_object::<TrustedScriptURL>(object.get(), *cx).is_ok() }
+        unsafe { root_from_handlevalue::<TrustedScriptURL>(value, *cx).is_ok() }
     }
     /// <https://www.w3.org/TR/trusted-types/#dom-trustedtypepolicyfactory-emptyhtml>
     fn EmptyHTML(&self, can_gc: CanGc) -> DomRoot<TrustedHTML> {
 
@@ -28,14 +28,15 @@ use js::glue::{
 use js::jsapi::{
     AsmJSOption, BuildIdCharVector, CompilationType, ContextOptionsRef, Dispatchable as JSRunnable,
     Dispatchable_MaybeShuttingDown, GCDescription, GCOptions, GCProgress, GCReason,
-    GetPromiseUserInputEventHandlingState, HandleObject, HandleString, HandleValue, Heap,
-    InitConsumeStreamCallback, InitDispatchToEventLoop, JS_AddExtraGCRootsTracer,
-    JS_InitDestroyPrincipalsCallback, JS_InitReadPrincipalsCallback, JS_NewObject,
-    JS_SetGCCallback, JS_SetGCParameter, JS_SetGlobalJitCompilerOption,
-    JS_SetOffthreadIonCompilationEnabled, JS_SetParallelParsingEnabled, JS_SetReservedSlot,
-    JS_SetSecurityCallbacks, JSCLASS_RESERVED_SLOTS_MASK, JSCLASS_RESERVED_SLOTS_SHIFT, JSClass,
-    JSClassOps, JSContext as RawJSContext, JSGCParamKey, JSGCStatus, JSJitCompilerOption, JSObject,
-    JSSecurityCallbacks, JSTracer, JobQueue, MimeType, MutableHandleObject,
+    GetPromiseUserInputEventHandlingState, HandleObject, HandleString,
+    HandleValue as RawHandleValue, Heap, InitConsumeStreamCallback, InitDispatchToEventLoop,
+    JS_AddExtraGCRootsTracer, JS_InitDestroyPrincipalsCallback, JS_InitReadPrincipalsCallback,
+    JS_NewObject, JS_NewStringCopyN, JS_SetGCCallback, JS_SetGCParameter,
+    JS_SetGlobalJitCompilerOption, JS_SetOffthreadIonCompilationEnabled,
+    JS_SetParallelParsingEnabled, JS_SetReservedSlot, JS_SetSecurityCallbacks,
+    JSCLASS_RESERVED_SLOTS_MASK, JSCLASS_RESERVED_SLOTS_SHIFT, JSClass, JSClassOps,
+    JSContext as RawJSContext, JSGCParamKey, JSGCStatus, JSJitCompilerOption, JSObject,
+    JSSecurityCallbacks, JSTracer, JobQueue, MimeType, MutableHandleObject, MutableHandleString,
     PromiseRejectionHandlingState, PromiseUserInputEventHandlingState, RuntimeCode,
     SetDOMCallbacks, SetGCSliceCallback, SetJobQueue, SetPreserveWrapperCallbacks,
     SetProcessBuildIdOp, SetPromiseRejectionTrackerCallback, StreamConsumer as JSStreamConsumer,
@@ -45,8 +46,8 @@ use js::panic::wrap_panic;
 pub(crate) use js::rust::ThreadSafeJSContext;
 use js::rust::wrappers::{GetPromiseIsHandled, JS_GetPromiseResult};
 use js::rust::{
-    Handle, HandleObject as RustHandleObject, IntoHandle, JSEngine, JSEngineHandle, <
4861
span class="pl-v x x-last">ParentRuntime,
-    Runtime as RustRuntime,
+    Handle, HandleObject as RustHandleObject, HandleValue, IntoHandle, JSEngine, JSEngineHandle,
+    ParentRuntime, Runtime as RustRuntime,
 };
 use malloc_size_of::MallocSizeOfOps;
 use malloc_size_of_derive::MallocSizeOf;
@@ -62,7 +63,7 @@ use crate::dom::bindings::codegen::Bindings::PromiseBinding::PromiseJobCallback;
 use crate::dom::bindings::codegen::Bindings::ResponseBinding::Response_Binding::ResponseMethods;
 use crate::dom::bindings::codegen::Bindings::ResponseBinding::ResponseType as DOMResponseType;
 use crate::dom::bindings::conversions::{
-    get_dom_class, private_from_object, root_from_handleobject,
+    get_dom_class, private_from_object, root_from_handleobject, root_from_object,
 };
 use crate::dom::bindings::error::{Error, throw_dom_exception};
 use crate::dom::bindings::inheritance::Castable;
@@ -71,6 +72,7 @@ use crate::dom::bindings::refcounted::{
 };
 use crate::dom::bindings::reflector::{DomGlobal, DomObject};
 use crate::dom::bindings::root::trace_roots;
+use crate::dom::bindings::str::DOMString;
 use crate::dom::bindings::utils::DOM_CALLBACKS;
 use crate::dom::bindings::{principals, settings_stack};
 use crate::dom::csp::CspReporting;
@@ -80,6 +82,7 @@ use crate::dom::globalscope::GlobalScope;
 use crate::dom::promise::Promise;
 use crate::dom::promiserejectionevent::PromiseRejectionEvent;
 use crate::dom::response::Response;
+use crate::dom::trustedscript::TrustedScript;
 use crate::microtask::{EnqueuedPromiseCallback, Microtask, MicrotaskQueue};
 use crate::realms::{AlreadyInRealm, InRealm, enter_realm};
 use crate::script_module::EnsureModuleHooksInitialized;
@@ -98,7 +101,7 @@ static JOB_QUEUE_TRAPS: JobQueueTraps = JobQueueTraps {
 
 static SECURITY_CALLBACKS: JSSecurityCallbacks = JSSecurityCallbacks {
     contentSecurityPolicyAllows: Some(content_security_policy_allows),
-    codeForEvalGets: None, //TODO
+    codeForEvalGets: Some(code_for_eval_gets),
     subsumes: Some(principals::subsumes),
 };
 
@@ -468,16 +471,43 @@ unsafe extern "C" fn promise_rejection_tracker(
     })
 }
 
+#[allow(unsafe_code)]
+fn safely_convert_null_to_string(cx: JSContext, str_: HandleString) -> DOMString {
+    DOMString::from(match std::ptr::NonNull::new(*str_) {
+        None => "".to_owned(),
+        Some(str_) => unsafe { jsstr_to_string(*cx, str_) },
+    })
+}
+
+#[allow(unsafe_code)]
+unsafe extern "C" fn code_for_eval_gets(
+    cx: *mut RawJSContext,
+    code: HandleObject,
+    code_for_eval: MutableHandleString,
+) -> bool {
+    let cx = JSContext::from_ptr(cx);
+    if let Ok(trusted_script) = root_from_object::<TrustedScript>(code.get(), *cx) {
+        let script_string = trusted_script.data();
+        let new_string = JS_NewStringCopyN(
+            *cx,
+            script_string.as_ptr() as *const libc::c_char,
+            script_string.len(),
+        );
+        code_for_eval.set(new_string);
+    }
+    true
+}
+
 #[allow(unsafe_code)]
 unsafe extern "C" fn content_security_policy_allows(
     cx: *mut RawJSContext,
     runtime_code: RuntimeCode,
-    sample: HandleString,
-    _compilation_type: CompilationType,
-    _parameter_strings: u8, //FIXME in bindings generation
-    _body_string: HandleString,
-    _parameter_args: u8, //FIXME in bindings generation
-    _body_arg: HandleValue,
+    code_string: HandleString,
+    compilation_type: CompilationType,
+    parameter_strings: u8, //FIXME in bindings generation
+    body_string: HandleString,
+    parameter_args: u8, //FIXME in bindings generation
+    body_arg: RawHandleValue,
     can_compile_strings: *mut bool,
 ) -> bool {
     let mut allowed = false;
@@ -488,13 +518,17 @@ unsafe extern "C" fn content_security_policy_allows(
         let global = &GlobalScope::from_context(*cx, InRealm::Already(&in_realm_proof));
 
         allowed = match runtime_code {
-            RuntimeCode::JS => {
-                let source = std::ptr::NonNull::new(*sample)
-                    .map_or_else(String::new, |jsstr| jsstr_to_string(*cx, jsstr));
-                global
-                    .get_csp_list()
-                    .is_js_evaluation_allowed(global, &source)
-            },
+            RuntimeCode::JS => TrustedScript::can_compile_string_with_trusted_type(
+                cx,
+                global,
+                safely_convert_null_to_string(cx, code_string),
+                compilation_type,
+                parameter_strings,
+                safely_convert_null_to_string(cx, body_string),
+                parameter_args,
+                HandleValue::from_raw(body_arg),
+                CanGc::note(),
+            ),
             RuntimeCode::WASM => global.get_csp_list().is_wasm_evaluation_allowed(global),
         };
     });
 
@@ -1,10 +1,4 @@
 [report-clips-sample.https.html]
-  [Unsafe eval violation sample is clipped to 40 characters.]
-    expected: FAIL
-
-  [Unsafe indirect eval violation sample is clipped to 40 characters.]
-    expected: FAIL
-
   [Function constructor - the other kind of eval - is clipped.]
     expected: FAIL