Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite metadata functions #457

Merged
merged 3 commits into from
Jun 12, 2024
Merged

Rewrite metadata functions #457

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
28f3d2d
Rewrite metadata functions
lukewarlow Feb 26, 2024
54bc99c
Add inline issue linking to github issue for event handlers.
lukewarlow Jun 12, 2024
21eb4b4
Fix build fail
lukewarlow Jun 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 58 additions & 34 deletions spec/index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -670,14 +670,24 @@ Its value is initially « ».
1. Set |localName| to |tagName| in [=ASCII lowercase=].
1. If |elementNs| is an empty string, set |elementNs| to [=HTML namespace=].
1. Let |interface| be the [=element interface=] for |localName| and |elementNs|.
1. If |interface| has an IDL <a spec="webidl">attribute</a> member which identifier is |attribute|, and
{{StringContext}} IDL extended attribute appears on that attribute, return
stringified {{StringContext}}'s identifier and abort further steps.

Note: This also takes into account all members of [=interface mixins=] that
|interface| [=includes=].

1. Return null.
1. Let |expectedType| be null.
1. Find the row in the following table, where the first column is "*" or |interface|'s name, and |property| is in the second column.
If a matching row is found, set |expectedType| to the value of the third column.

<table>
<thead>
<tr><th>Element<th>Property name<th>TrustedType
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like this table needs a baseVal property for the SVGAnimatedString type somehow, not sure on the specifics of that SVG integration (I also am not sure that baseVal is accounted for in Chromium if it is required in this list).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#521

<tbody>
<tr><td>{{HTMLIFrameElement}}<td>"srcdoc"<td>{{TrustedHTML}}
<tr><td>{{HTMLScriptElement}}<td>"innerText"<td>{{TrustedScript}}
<tr><td>{{HTMLScriptElement}}<td>"src"<td>{{TrustedScriptURL}}
<tr><td>{{HTMLScriptElement}}<td>"text"<td>{{TrustedScript}}
<tr><td>{{HTMLScriptElement}}<td>"textContent"<td>{{TrustedScript}}
<tr><td>"*"<td>"innerHTML"<td>{{TrustedHTML}}
<tr><td>"*"<td>"outerHTML"<td>{{TrustedHTML}}
lukewarlow marked this conversation as resolved.
Show resolved Hide resolved
</tbody>
</table>
1. Return |expectedType|.

<div class="example" id="get-property-type-example">
<xmp highlight="js">
Expand All @@ -699,12 +709,13 @@ Its value is initially « ».
1. If |elementNs| is an empty string, set |elementNs| to [=HTML namespace=].
1. If |attrNs| is an empty string, set |attrNs| to null.
1. Let |interface| be the [=element interface=] for |localName| and |elementNs|.
1. If |interface| does not have an IDL <a spec="webidl">attribute</a> that [=reflects=] a content attribute with
|localName| local name and |attrNs| namespace,
return undefined and abort further steps. Otherwise, let |idlAttribute| be that IDL <a spec="webidl">attribute</a>.
1. If {{StringContext}} IDL extended attribute appears on |idlAttribute|, return
stringified {{StringContext}}'s identifier and abort further steps.
1. Return null.
1. Let |expectedType| be null.
1. Set |attributeData| to the result of [$Get Trusted Type data for attribute$] algorithm, with the following arguments:
* |interface| as |element|
* |attribute|
* |attrNs|
1. If |attributeData| is not null, then set |expectedType| to the value of the third member of |attributeData|.
1. Return |expectedType|.

<div class="example" id="get-attribute-type-example">
<xmp highlight="js">
Expand Down Expand Up @@ -1070,26 +1081,16 @@ Given an {{HTMLScriptElement}} (|script|), this algorithm performs the following
## Get Trusted Types-compliant attribute value ## {#validate-attribute-mutation}
To <dfn abstract-op export>get Trusted Types-compliant attribute value</dfn> on {{Attr}} |attribute| with {{Element}} |element| and {{TrustedType}} or a string |newValue|, perform the following steps:

1. Let |expectedType| be null.
1. Let |sink| be null.
1. Find the row in the following table, where |element| is in the first column, and |attribute|'s <a for="Attr">namespace</a> and <a for="Attr">local name</a> match the values in the second and third column, respectively.
If a matching row is found, set |expectedType| and |sink| to the value of the fourth, and fifth column in that row, respectively.

<table>
<thead>
<tr><th>Element<th>Attribute namespace<th>Attribute local name<th>TrustedType<th>Sink
<tbody>
<tr><td>{{HTMLIFrameElement}}<td>null<td>"srcdoc"<td>{{TrustedHTML}}<td>"HTMLIFrameElement srcdoc"
<tr><td>{{HTMLScriptElement}}<td>null<td>"src"<td>{{TrustedScriptURL}}<td>"HTMLScriptElement src"
<tr><td>{{SVGScriptElement}}<td>null<td>"href"<td>{{TrustedScriptURL}}<td>"SVGScriptElement href"
<tr><td>{{SVGScriptElement}}<td><a>XLink namespace</a><td>"href"<td>{{TrustedScriptURL}}<td>"SVGScriptElement href"
</tbody>
</table>

1. If |expectedType| is null, then:
1. Set |attributeData| to the result of [$Get Trusted Type data for attribute$] algorithm, with the following arguments:
* |element|
* |attribute|'s <a for="Attr">local name</a> as |attribute|
* |attribute|'s <a for="Attr">namespace</a> as |attributeNs|
1. If |attributeData| is null, then:
1. If |newValue| is a string, return |newValue|.
1. <a>Assert</a>: |newValue| is {{TrustedHTML}} or {{TrustedScript}} or {{TrustedScriptURL}}.
1. Return |value|'s associated data.
1. Let |expectedType| be the value of the third member of |attributeData|.
1. Let |sink| be the value of the fourth member of |attributeData|.
1. Return the result of executing [$Get Trusted Type compliant string$] with the following arguments:
* |expectedType|
* |newValue| as |input|
Expand All @@ -1099,7 +1100,30 @@ To <dfn abstract-op export>get Trusted Types-compliant attribute value</dfn> on

If the algorithm threw an error, rethrow the error.

Issue: This algorithm should account for event handler attributes. See https://github.com/w3c/trusted-types/issues/474
## Get Trusted Type data for attribute ## {#get-trusted-type-data-for-attribute}
To <dfn abstract-op>Get Trusted Type data for attribute</dfn> given |element|, |attribute|, |attributeNs|, perform the following steps:

Issue: The [=event handler content attribute=] concept used below is ambiguous. This spec needs a better mechanism to identify event handler attributes. See [https://github.com/w3c/trusted-types/issues/520](https://github.com/w3c/trusted-types/issues/520).

1. Let |data| be null.
1. If |attributeNs| is null, and |attribute| is the name of an [=event handler content attribute=], then:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not really sure how you envision this lookup to work. There are many event handler content attributes that are not applicable to elements. And some only apply to a specific element.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are many event handler content attributes

I don't fully understand what you mean by this? What event handler content attribute doesn't apply to an element?
Do you mean legacy ones no longer applicable or something like that?

And some only apply to a specific element.

So for the purposes of trusted types I don't think we mind being overly restrictive here, it seems fine to consider them independent of the element (this is the case in Chromium's implementation)?

For context the plan in WebKit is to use HTMLElement::eventNameForEventHandlerAttribute with a null check.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

onreadystatechange?

I'm not sure we have a specification concept for eventNameForEventHandlerAttribute.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Chrome enforces the TT on that attribute for a div element for example, so that aspect is fine.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you clarify how that is fine?

How about onloadend?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To close the loop there's a discussion about just using on* pattern to block anything that resembles an event listener. WICG/sanitizer-api#226

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given we can't use the on* pattern what is the next best steps here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both Chrome and WebKit have a way to look up EventHandlers from IDL which gives us the coverage we need to ensure stuff is protected. Idk if that corresponds to the current spec text, or how we would spec that?

The key bit is that all sinks for a given browser are included in that browser, which the spec as written I think covers?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should have an actual list of event handler attributes we care about (those on elements), which would be a subset of all event handler attributes. That's also what the Sanitizer API would need.

I don't think we want to do something with event handler attributes that only have meaning on a non-element object.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have made a new issue to track this and added an inline issue in the spec referencing it. #520

1. Return ({{Element}}, null, |attribute|, {{TrustedScript}}, "Element " + |attribute|).
1. Find the row in the following table, where |element| is in the first column, |attributeNs| is in the second column,
and |attribute| is in the third column.
If a matching row is found, set |data| to that row.

<table>
<thead>
<tr><th>Element<th>Attribute namespace<th>Attribute local name<th>TrustedType<th>Sink
<tbody>
<tr><td>{{HTMLIFrameElement}}<td>null<td>"srcdoc"<td>{{TrustedHTML}}<td>"HTMLIFrameElement srcdoc"
<tr><td>{{HTMLScriptElement}}<td>null<td>"src"<td>{{TrustedScriptURL}}<td>"HTMLScriptElement src"
<tr><td>{{SVGScriptElement}}<td>null<td>"href"<td>{{TrustedScriptURL}}<td>"SVGScriptElement href"
<tr><td>{{SVGScriptElement}}<td><a>XLink namespace</a><td>"href"<td>{{TrustedScriptURL}}<td>"SVGScriptElement href"
</tbody>
</table>

1. Return |data|.

# Integrations # {#integrations}

Expand Down Expand Up @@ -1256,9 +1280,9 @@ abstract operation. User agents must use the following implementation:

### Validate the string in context ### {#html-validate-the-string-in-context}

This specification defines the <a>validate the string in context</a> algorithm in [[html#integration-with-idl]].
This specification defines the validate the string in context algorithm in [[html#integration-with-idl]].

When <a>validate the string in context</a> is invoked, with |platformObject|, |value|, |stringContext|, and |identifier| run these steps:
When validate the string in context is invoked, with |platformObject|, |value|, |stringContext|, and |identifier| run these steps:

1. If |platformObject|'s [=relevant global object=] has a [=Window/trusted type policy factory=]:

Expand Down
Loading