chromium/third_party/blink/renderer/core/trustedtypes/trusted_types_util.cc

// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "third_party/blink/renderer/core/trustedtypes/trusted_types_util.h"

#include "base/unguessable_token.h"
#include "third_party/blink/public/mojom/devtools/console_message.mojom-blink-forward.h"
#include "third_party/blink/public/mojom/reporting/reporting.mojom-blink.h"
#include "third_party/blink/public/platform/platform.h"
#include "third_party/blink/renderer/bindings/core/v8/script_value.h"
#include "third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.h"
#include "third_party/blink/renderer/bindings/core/v8/v8_union_string_trustedscript.h"
#include "third_party/blink/renderer/bindings/core/v8/v8_union_stringlegacynulltoemptystring_trustedscript.h"
#include "third_party/blink/renderer/bindings/core/v8/v8_union_trustedhtml_trustedscript_trustedscripturl.h"
#include "third_party/blink/renderer/core/execution_context/execution_context.h"
#include "third_party/blink/renderer/core/frame/csp/content_security_policy.h"
#include "third_party/blink/renderer/core/inspector/console_message.h"
#include "third_party/blink/renderer/core/inspector/exception_metadata.h"
#include "third_party/blink/renderer/core/inspector/identifiers_factory.h"
#include "third_party/blink/renderer/core/probe/core_probes.h"
#include "third_party/blink/renderer/core/script/script_element_base.h"
#include "third_party/blink/renderer/core/trustedtypes/trusted_html.h"
#include "third_party/blink/renderer/core/trustedtypes/trusted_script.h"
#include "third_party/blink/renderer/core/trustedtypes/trusted_script_url.h"
#include "third_party/blink/renderer/core/trustedtypes/trusted_type_policy.h"
#include "third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.h"
#include "third_party/blink/renderer/platform/bindings/exception_state.h"
#include "third_party/blink/renderer/platform/bindings/script_state.h"
#include "third_party/blink/renderer/platform/runtime_enabled_features.h"
#include "third_party/blink/renderer/platform/wtf/text/string_builder.h"

namespace blink {

namespace {

enum TrustedTypeViolationKind {};

// String to determine whether an incoming eval-ish call is comig from
// an actual eval or a Function constructor. The value is derived from
// from how JS builds up a string in the Function constructor, which in
// turn is defined in the TC39 spec.
const char* kAnonymousPrefix =;

const char kFunctionConstructorFailureConsoleMessage[] =;

const char kScriptExecutionTrustedTypeFailConsoleMessage[] =;

const char* GetMessage(TrustedTypeViolationKind kind) {}

String GetSamplePrefix(const ExceptionContext& exception_context,
                       const String& value) {}

const char* GetElementName(const ScriptElementBase::Type type) {}

HeapVector<ScriptValue> GetDefaultCallbackArgs(
    v8::Isolate* isolate,
    const char* type,
    const ExceptionContext& exception_context,
    const String& value = g_empty_string) {}

// Handle failure of a Trusted Type assignment.
//
// If trusted type assignment fails, we need to
// - report the violation via CSP
// - increment the appropriate counter,
// - raise a JavaScript exception (if enforced).
//
// Returns whether the failure should be enforced.
bool TrustedTypeFail(TrustedTypeViolationKind kind,
                     const ExecutionContext* execution_context,
                     ExceptionState& exception_state,
                     const String& value) {}

TrustedTypePolicy* GetDefaultPolicy(const ExecutionContext* execution_context) {}

// Functionally identical to TrustedTypesCheckForScript(const String&, ..), but
// to be called outside of regular script execution. This is required for both
// GetStringForScriptExecution & TrustedTypesCheckForJavascriptURLinNavigation,
// and has a number of additional parameters to enable proper error reporting
// for each case.
String GetStringFromScriptHelper(
    const String& script,
    ExecutionContext* context,
    // Parameters to customize error messages:
    const char* element_name_for_exception,
    const char* attribute_name_for_exception,
    TrustedTypeViolationKind violation_kind,
    TrustedTypeViolationKind violation_kind_when_default_policy_failed) {}

}  // namespace

bool RequireTrustedTypesCheck(const ExecutionContext* execution_context) {}

String TrustedTypesCheckForHTML(const String& html,
                                const ExecutionContext* execution_context,
                                ExceptionState& exception_state) {}

String TrustedTypesCheckForScript(const String& script,
                                  const ExecutionContext* execution_context,
                                  ExceptionState& exception_state) {}

String TrustedTypesCheckForScriptURL(const String& script_url,
                                     const ExecutionContext* execution_context,
                                     ExceptionState& exception_state) {}

String TrustedTypesCheckFor(SpecificTrustedType type,
                            const V8TrustedType* trusted,
                            const ExecutionContext* execution_context,
                            ExceptionState& exception_state) {}

String TrustedTypesCheckForScript(const V8UnionStringOrTrustedScript* value,
                                  const ExecutionContext* execution_context,
                                  ExceptionState& exception_state) {}

String TrustedTypesCheckForScript(
    const V8UnionStringLegacyNullToEmptyStringOrTrustedScript* value,
    const ExecutionContext* execution_context,
    ExceptionState& exception_state) {}

String TrustedTypesCheckFor(SpecificTrustedType type,
                            String trusted,
                            const ExecutionContext* execution_context,
                            ExceptionState& exception_state) {}

String CORE_EXPORT
GetStringForScriptExecution(const String& script,
                            const ScriptElementBase::Type type,
                            ExecutionContext* context) {}

String TrustedTypesCheckForJavascriptURLinNavigation(
    const String& javascript_url,
    ExecutionContext* context) {}

String TrustedTypesCheckForExecCommand(
    const String& html,
    const ExecutionContext* execution_context,
    ExceptionState& exception_state) {}

bool IsTrustedTypesEventHandlerAttribute(const QualifiedName& q_name) {}

String GetTrustedTypesLiteral(const ScriptValue& script_value,
                              ScriptState* script_state) {}

}  // namespace blink