Remove Trusted Types enforcement from toggleAttribute

https://bugs.webkit.org/show_bug.cgi?id=275352

Reviewed by Darin Adler.

The DOM spec PR no longer enforced Trusted Types within toggleAttribute so this removes that from the implementation.

See whatwg/dom#1268

* LayoutTests/imported/w3c/web-platform-tests/trusted-types/Element-toggleAttribute-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/Element-toggleAttribute.html: Added.
* Source/WebCore/dom/Element.cpp:
(WebCore::Element::toggleAttribute):

Canonical link: https://commits.webkit.org/279950@main

LayoutTests/imported/w3c/web-platform-tests/trusted-types/Element-toggleAttribute-expected.txt

@@ -0,0 +1,5 @@
+
+
+PASS TT should not interfere with toggleAttribute on an event handler
+PASS TT should not interfere with toggleAttribute on an iframe srcdoc
+

LayoutTests/imported/w3c/web-platform-tests/trusted-types/Element-toggleAttribute.html

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<div>
+  <p id="p" onclick="alert(1)"></p>
+  <iframe id="iframe" srcdoc="abc"></iframe>
+</div>
+<script>
+  // Regression test for crbug.com/341057803.
+  // This tests that TT doesn't interfere with regular DOM behaviour, and so
+  // these tests should pass on any browser, whether they support TT or not.
+
+  test(t => {
+    const elem = document.getElementById("p");
+    elem.toggleAttribute("onclick");
+    assert_false(elem.hasAttribute("onclick"));
+    elem.toggleAttribute("onclick");
+    assert_true(elem.hasAttribute("onclick"));
+  }, "TT should not interfere with toggleAttribute on an event handler");
+
+  test(t => {
+    const elem = document.getElementById("iframe");
+    elem.toggleAttribute("srcdoc");
+    assert_false(elem.hasAttribute("srcdoc"));
+    elem.toggleAttribute("srcdoc");
+    assert_true(elem.hasAttribute("srcdoc"));
+  }, "TT should not interfere with toggleAttribute on an iframe srcdoc");
+</script>
+</body>

Source/WebCore/dom/Element.cpp

@@ -2008,19 +2008,7 @@ ExceptionOr<bool> Element::toggleAttribute(const AtomString& qualifiedName, std:
     unsigned index = elementData() ? elementData()->findAttributeIndexByName(caseAdjustedQualifiedName, false) : ElementData::attributeNotFound;
     if (index == ElementData::attributeNotFound) {
         if (!force || *force) {
-            auto name = QualifiedName { nullAtom(), caseAdjustedQualifiedName, nullAtom() };
-            if (!document().scriptExecutionContext()->settingsValues().trustedTypesEnabled)
-                setAttributeInternal(index, name, emptyAtom(), InSynchronizationOfLazyAttribute::No);
-            else {
-                auto attributeTypeAndSink = trustedTypeForAttribute(nodeName(), name.localName().convertToASCIILowercase(), this->namespaceURI(), name.namespaceURI());
-                auto attributeValue = trustedTypesCompliantAttributeValue(attributeTypeAndSink.attributeType, emptyAtom(), this, attributeTypeAndSink.sink);
-
-                if (attributeValue.hasException())
-                    return attributeValue.releaseException();
-
-                index = validateAttributeIndex(index, name);
-                setAttributeInternal(index, name, AtomString(attributeValue.releaseReturnValue()), InSynchronizationOfLazyAttribute::No);
-            }
+            setAttributeInternal(index, QualifiedName { nullAtom(), caseAdjustedQualifiedName, nullAtom() }, emptyAtom(), InSynchronizationOfLazyAttribute::No);
             return true;
         }
         return false;