Re-implement Trusted Types script enforcement using booleans

https://bugs.webkit.org/show_bug.cgi?id=276426

Reviewed by NOBODY (OOPS!).

Scripts now have two boolean flags rather than storing a duplicate of their contents.

Spec PR: w3c/trusted-types#533

* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-innerText-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-innerText.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-appendChild-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-appendChild.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-innerHTML-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-innerHTML.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-nodeValue-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-nodeValue.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-src-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot-expected.txt.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-src.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot.html.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-text-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-text.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-textContent-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-textContent.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-Node-multiple-arguments-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/block-text-node-insertion-into-script-element-expected.txt:
* Source/WebCore/dom/CharacterData.cpp:
(WebCore::canUseSetDataOptimization):
* Source/WebCore/dom/ScriptElement.cpp:
(WebCore::ScriptElement::childrenChanged):
(WebCore::ScriptElement::prepareScript):
(WebCore::ScriptElement::finishParsingChildren): Deleted.
(WebCore::ScriptElement::setTrustedScriptText): Deleted.
* Source/WebCore/dom/ScriptElement.h:
(WebCore::ScriptElement::setChangedByTrustedSink):
* Source/WebCore/html/HTMLScriptElement.cpp:
(WebCore::HTMLScriptElement::setTextContent):
(WebCore::HTMLScriptElement::setInnerText):
(WebCore::HTMLScriptElement::finishParsingChildren): Deleted.
* Source/WebCore/html/HTMLScriptElement.h:
* Source/WebCore/svg/SVGScriptElement.cpp:
(WebCore::SVGScriptElement::finishParsingChildren): Deleted.
* Source/WebCore/svg/SVGScriptElement.h:

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-innerText-expected.txt

@@ -0,0 +1,6 @@
+
+PASS Script set via .innerText executes on a connected HTMLScriptElement.
+PASS Script set via .innerText executes on an unconnected HTMLScriptElement.
+FAIL Multi-line script set via .innerText executes on a connected HTMLScriptElement. assert_equals: expected (number) 1 but got (undefined) undefined
+FAIL Multi-line script set via .innerText executes on an unconnected HTMLScriptElement. assert_equals: expected (number) 1 but got (undefined) undefined
+

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-innerText.html

@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<script>
+  const policy = trustedTypes.createPolicy("testpolicy", {
+      createScript: x => x});
+  promise_test(t => {
+    const s = document.createElement("script");
+    document.body.appendChild(s);
+    s.innerText = policy.createScript("window.postMessage('hello');");
+    return new Promise(resolve => {
+      window.addEventListener("message", e => {
+        if (e.data == "hello") resolve();
+      });
+    });
+  }, "Script set via .innerText executes on a connected HTMLScriptElement.");
+  promise_test(t => {
+    const s = document.createElement("script");
+    s.innerText= policy.createScript("window.postMessage('world');");
+    document.body.appendChild(s);
+    return new Promise(resolve => {
+      window.addEventListener("message", e => {
+        if (e.data == "world") resolve();
+      });
+    });
+  }, "Script set via .innerText executes on an unconnected HTMLScriptElement.");
+
+  test(t => {
+    const s = document.createElement("script");
+    document.body.appendChild(s);
+    s.innerText = policy.createScript("const a = 1;\nwindow.a=a;");
+    assert_equals(window.a, 1);
+  }, "Multi-line script set via .innerText executes on a connected HTMLScriptElement.");
+
+  test(t => {
+    const s = document.createElement("script");
+    document.body.appendChild(s);
+    s.innerText = policy.createScript("const b = 1;\nwindow.b=b;");
+    assert_equals(window.b, 1);
+  }, "Multi-line script set via .innerText executes on an unconnected HTMLScriptElement.");
+
+</script>
+</body>
+</html>

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-appendChild-expected.txt

@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: This requires a TrustedScript value else it violates the following Content Security Policy directive: "require-trusted-types-for 'script'"
+
+PASS Test TT application when manipulating <script> elements with appendChild during loading.
+

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-appendChild.html

@@ -0,0 +1,73 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<script>
+  // This policy allows document.write to work as that's not relevant to what's actually being tested here.
+  trustedTypes.createPolicy('default', {createHTML: s => s});
+  promise_test(t => {
+    document.write(`<script>window.postMessage("first script element executed", "*");`);
+    var manipulator = _ => {
+      let script = document.body.getElementsByTagName("script")[1];
+      if (script) {
+        script.appendChild(document.createTextNode('/*byapi*/'));
+        document.write('<\/script><script>window.parent.postMessage("second script element executed", "*");<\/script>');
+      } else {
+        t.step_timeout(manipulator, 50);
+      }
+    }
+    manipulator();
+
+    // Now we'll wait for the postMessages to arrive. We expect the iframe's
+    // first message to be blocked by Trusted Types, since the manipulator
+    // above should have manipulated it (while loading). The second one should
+    // pass.
+    return new Promise((resolve, reject) => {
+      window.addEventListener("message", e => {
+        if (e.data.includes("first")) {
+          reject("First message should have been blocked: " + e.data);
+        } else if (e.data.includes("second")) {
+          resolve();
+        } else {
+          reject("Unknown message: " + e.data);
+        }
+      });
+    });
+  }, "Test TT application when manipulating <script> elements with appendChild during loading.");
+
+//  promise_test(t => {
+//    document.write(`<script>window.postMessage("first script element executed", "*");`);
+//    var manipulator = _ => {
+//      let script = document.body.getElementsByTagName("script")[1];
+//      if (script) {
+//        script.innerHTML = script.innerHTML;
+//        document.write('<\/script><script>window.parent.postMessage("second script element executed", "*");<\/script>');
+//      } else {
+//        t.step_timeout(manipulator, 50);
+//      }
+//    }
+//    manipulator();
+//
+//    // Now we'll wait for the postMessages to arrive. We expect the iframe's
+//    // first message to be blocked by Trusted Types, since the manipulator
+//    // above should have manipulated it (while loading). The second one should
+//    // pass.
+//    return new Promise((resolve, reject) => {
+//      window.addEventListener("message", e => {
+//        if (e.data.includes("first")) {
+//          reject("First message should have been blocked: " + e.data);
+//        } else if (e.data.includes("second")) {
+//          resolve();
+//        } else {
+//          reject("Unknown message: " + e.data);
+//        }
+//      });
+//    });
+//  }, "Test TT application when manipulating <script> elements with .innerHTML during loading.");
+</script>
+</body>
+</html>

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-innerHTML-expected.txt

@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: This requires a TrustedScript value else it violates the following Content Security Policy directive: "require-trusted-types-for 'script'"
+
+PASS Test TT application when manipulating <script> elements with .innerHTML during loading.
+

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-innerHTML.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<script>
+  trustedTypes.createPolicy('default', {createHTML: s => s});
+  promise_test(t => {
+    document.write(`<script>window.postMessage("first script element executed", "*");`);
+    var manipulator = _ => {
+      let script = document.body.getElementsByTagName("script")[1];
+      if (script) {
+        script.innerHTML = script.innerHTML + '/*byapi*/';
+        document.write('<\/script><script>window.parent.postMessage("second script element executed", "*");<\/script>');
+      } else {
+        t.step_timeout(manipulator, 50);
+      }
+    }
+    manipulator();
+
+    // Now we'll wait for the postMessages to arrive. We expect the iframe's
+    // first message to be blocked by Trusted Types, since the manipulator
+    // above should have manipulated it (while loading). The second one should
+    // pass.
+    return new Promise((resolve, reject) => {
+      window.addEventListener("message", e => {
+        if (e.data.includes("first")) {
+          reject("First message should have been blocked: " + e.data);
+        } else if (e.data.includes("second")) {
+          resolve();
+        } else {
+          reject("Unknown message: " + e.data);
+        }
+      });
+    });
+  }, "Test TT application when manipulating <script> elements with .innerHTML during loading.");
+</script>
+</body>
+</html>

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-nodeValue-expected.txt

@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: This requires a TrustedScript value else it violates the following Content Security Policy directive: "require-trusted-types-for 'script'"
+
+PASS Test TT application when manipulating <script> elements with .innerHTML during loading.
+

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-midparse-nodeValue.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<script>
+  trustedTypes.createPolicy('default', {createHTML: s => s});
+  promise_test(t => {
+    document.write(`<script>window.postMessage("first script element executed", "*");`);
+    var manipulator = _ => {
+      let script = document.body.getElementsByTagName("script")[1];
+      if (script) {
+        script.firstChild.nodeValue = script.firstChild.nodeValue;
+        document.write('<\/script><script>window.parent.postMessage("second script element executed", "*");<\/script>');
+      } else {
+        t.step_timeout(manipulator, 50);
+      }
+    }
+    manipulator();
+
+    // Now we'll wait for the postMessages to arrive. We expect the iframe's
+    // first message to be blocked by Trusted Types, since the manipulator
+    // above should have manipulated it (while loading). The second one should
+    // pass.
+    return new Promise((resolve, reject) => {
+      window.addEventListener("message", e => {
+        if (e.data.includes("first")) {
+          reject("First message should have been blocked: " + e.data);
+        } else if (e.data.includes("second")) {
+          resolve();
+        } else {
+          reject("Unknown message: " + e.data);
+        }
+      });
+    });
+  }, "Test TT application when manipulating <script> elements with .innerHTML during loading.");
+</script>
+</body>
+</html>

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot-expected.txt → LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-src-expected.txt

@@ -1,12 +1,6 @@
-CONSOLE MESSAGE: This requires a TrustedScript value else it violates the following Content Security Policy directive: "require-trusted-types-for 'script'"
 CONSOLE MESSAGE: This requires a TrustedScriptURL value else it violates the following Content Security Policy directive: "require-trusted-types-for 'script'"
 CONSOLE MESSAGE: This requires a TrustedScriptURL value else it violates the following Content Security Policy directive: "require-trusted-types-for 'script'"
 
-PASS Test TT application when manipulating <script> elements during loading.
-PASS Script set via .textContent executes on a connected HTMLScriptElement.
-PASS Script set via .textContent executes on an unconnected HTMLScriptElement.
-PASS Script set via .innerText executes on a connected HTMLScriptElement.
-PASS Script set via .innerText executes on an unconnected HTMLScriptElement.
 PASS Setting .src to a plain string should throw an exception and not modify the script state, on an unconnected script element.
 PASS Setting .src to a TrustedScriptURL should work and should execute the referenced script instead of the script body, on an unconnected script element.
 PASS Setting .src to a plain string should throw an exception and not modify the script state, on a connected script element.

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-internal-slot.html → LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-src.html

@@ -7,84 +7,8 @@
 </head>
 <body>
 <script>
-  // This policy allows document.write to work as that's not relevant to what's actually being tested here.
-  trustedTypes.createPolicy('default', {createHTML: s => s});
-  promise_test(t => {
-    document.write(`<script>window.postMessage("first script element executed", "*");`);
-    var manipulator = _ => {
-      let script = document.body.getElementsByTagName("script")[1];
-      if (script) {
-        script.appendChild(document.createTextNode('/*byapi*/'));
-        document.write('<\/script><script>window.parent.postMessage("second script element executed", "*");<\/script>');
-      } else {
-        t.step_timeout(manipulator, 50);
-      }
-    }
-    manipulator();
-
-    // Now we'll wait for the postMessages to arrive. We expect the iframe's
-    // first message to be blocked by Trusted Types, since the manipulator
-    // above should have manipulated it (while loading). The second one should
-    // pass.
-    return new Promise((resolve, reject) => {
-      window.addEventListener("message", e => {
-        if (e.data.includes("first")) {
-          reject("First message should have been blocked: " + e.data);
-        } else if (e.data.includes("second")) {
-          resolve();
-        } else {
-          reject("Unknown message: " + e.data);
-        }
-      });
-    });
-  }, "Test TT application when manipulating <script> elements during loading.");
-
-  // Test that a script set via textContent or innerTest actually executes
-  // (and not only doesn't throw an exception, which it wouldn't do due to the
-  // "internal slot" mechanism).
   const policy = trustedTypes.createPolicy("testpolicy", {
       createScript: x => x, createScriptURL: x => x});
-  promise_test(t => {
-    const s = document.createElement("script");
-    document.body.appendChild(s);
-    s.textContent = policy.createScript("window.postMessage('hello');");
-    return new Promise(resolve => {
-      window.addEventListener("message", e => {
-        if (e.data == "hello") resolve();
-      });
-    });
-  }, "Script set via .textContent executes on a connected HTMLScriptElement.");
-  promise_test(t => {
-    const s = document.createElement("script");
-    s.textContent = policy.createScript("window.postMessage('world');");
-    document.body.appendChild(s);
-    return new Promise(resolve => {
-      window.addEventListener("message", e => {
-        if (e.data == "world") resolve();
-      });
-    });
-  }, "Script set via .textContent executes on an unconnected HTMLScriptElement.");
-  promise_test(t => {
-    const s = document.createElement("script");
-    document.body.appendChild(s);
-    s.innerText = policy.createScript("window.postMessage('hello');");
-    return new Promise(resolve => {
-      window.addEventListener("message", e => {
-        if (e.data == "hello") resolve();
-      });
-    });
-  }, "Script set via .innerText executes on a connected HTMLScriptElement.");
-  promise_test(t => {
-    const s = document.createElement("script");
-    s.innerText= policy.createScript("window.postMessage('world');");
-    document.body.appendChild(s);
-    return new Promise(resolve => {
-      window.addEventListener("message", e => {
-        if (e.data == "world") resolve();
-      });
-    });
-  }, "Script set via .innerText executes on an unconnected HTMLScriptElement.");
-
   // Test that interactions between the script content, the .src attribute, and
   // exceptions still work correctly with TT and the "internal slot" thingy.
   promise_test(t => {
@@ -146,7 +70,6 @@
       });
     });
   },  "Setting .src to a TrustedScriptURL should work and should execute the referenced script instead of the script body, on a onnected script element.");
-
 </script>
 </body>
 </html>

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-text-expected.txt

@@ -0,0 +1,4 @@
+
+PASS Script set via .text executes on a connected HTMLScriptElement.
+PASS Script set via .text executes on an unconnected HTMLScriptElement.
+

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-text.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<script>
+  const policy = trustedTypes.createPolicy("testpolicy", {
+      createScript: x => x});
+  promise_test(t => {
+    const s = document.createElement("script");
+    document.body.appendChild(s);
+    s.text = policy.createScript("window.postMessage('hello');");
+    return new Promise(resolve => {
+      window.addEventListener("message", e => {
+        if (e.data == "hello") resolve();
+      });
+    });
+  }, "Script set via .text executes on a connected HTMLScriptElement.");
+  promise_test(t => {
+    const s = document.createElement("script");
+    s.text = policy.createScript("window.postMessage('world');");
+    document.body.appendChild(s);
+    return new Promise(resolve => {
+      window.addEventListener("message", e => {
+        if (e.data == "world") resolve();
+      });
+    });
+  }, "Script set via .text executes on an unconnected HTMLScriptElement.");
+
+</script>
+</body>
+</html>

LayoutTests/imported/w3c/web-platform-tests/trusted-types/HTMLScriptElement-textContent-expected.txt

@@ -0,0 +1,8 @@
+CONSOLE MESSAGE: This requires a TrustedScript value else it violates the following Content Security Policy directive: "require-trusted-types-for 'script'"
+CONSOLE MESSAGE: This requires a TrustedScript value else it violates the following Content Security Policy directive: "require-trusted-types-for 'script'"
+
+PASS Script set via .textContent executes on a connected HTMLScriptElement.
+PASS Script set via .textContent executes on an unconnected HTMLScriptElement.
+PASS Script set via .textContent and then set via innerHTML doesn't execute.
+PASS Script set via .textContent and then set via nodeValue doesn't execute.
+