LibWeb: Amend ShadowRoot to make it compatible with TrustedTypes

2025-12-06 00:19:53 +01:00 · 2025-08-11 00:01:41 +02:00 · 2025-08-11 00:01:41 +02:00 · 33285467a8
commit 33285467a8
parent db41ea8117
4 changed files with 34 additions and 17 deletions
--- a/Libraries/LibWeb/DOM/ShadowRoot.cpp
+++ b/Libraries/LibWeb/DOM/ShadowRoot.cpp
@ -13,6 +13,8 @@
 #include <LibWeb/HTML/HTMLTemplateElement.h>
 #include <LibWeb/HTML/Parser/HTMLParser.h>
 #include <LibWeb/Layout/BlockContainer.h>
+#include <LibWeb/TrustedTypes/RequireTrustedTypesForDirective.h>
+#include <LibWeb/TrustedTypes/TrustedTypePolicy.h>

 namespace Web::DOM {

@ -63,22 +65,29 @@ EventTarget* ShadowRoot::get_parent(Event const& event)
 }

 // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-shadowroot-innerhtml
-WebIDL::ExceptionOr<String> ShadowRoot::inner_html() const
+WebIDL::ExceptionOr<TrustedTypes::TrustedHTMLOrString> ShadowRoot::inner_html() const
 {
-    return TRY(serialize_fragment(HTML::RequireWellFormed::Yes)).to_utf8_but_should_be_ported_to_utf16();
+    return TRY(serialize_fragment(HTML::RequireWellFormed::Yes));
 }

 // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-shadowroot-innerhtml
-WebIDL::ExceptionOr<void> ShadowRoot::set_inner_html(StringView value)
+WebIDL::ExceptionOr<void> ShadowRoot::set_inner_html(TrustedTypes::TrustedHTMLOrString const& value)
 {
-    // FIXME: 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global object, the given value, "ShadowRoot innerHTML", and "script".
+    // 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with
+    //    TrustedHTML, this's relevant global object, the given value, "ShadowRoot innerHTML", and "script".
+    auto const compliant_string = TRY(TrustedTypes::get_trusted_type_compliant_string(
+        TrustedTypes::TrustedTypeName::TrustedHTML,
+        HTML::relevant_global_object(*this),
+        value,
+        TrustedTypes::InjectionSink::ShadowRootinnerHTML,
+        TrustedTypes::Script.to_string()));

    // 2. Let context be this's host.
    auto context = this->host();
    VERIFY(context);

-    // 3. Let fragment be the result of invoking the fragment parsing algorithm steps with context and compliantString. FIXME: Use compliantString instead of markup.
-    auto fragment = TRY(context->parse_fragment(value));
+    // 3. Let fragment be the result of invoking the fragment parsing algorithm steps with context and compliantString.
+    auto fragment = TRY(context->parse_fragment(compliant_string.to_utf8_but_should_be_ported_to_utf16()));

    // 4. Replace all with fragment within this.
    this->replace_all(fragment);
@ -110,12 +119,19 @@ WebIDL::ExceptionOr<String> ShadowRoot::get_html(GetHTMLOptions const& options)
 }

 // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-shadowroot-sethtmlunsafe
-WebIDL::ExceptionOr<void> ShadowRoot::set_html_unsafe(StringView html)
+WebIDL::ExceptionOr<void> ShadowRoot::set_html_unsafe(TrustedTypes::TrustedHTMLOrString const& html)
 {
-    // FIXME: 1. Let compliantHTML be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global object, html, "ShadowRoot setHTMLUnsafe", and "script".
+    // 1. Let compliantHTML be the result of invoking the Get Trusted Type compliant string algorithm with
+    //    TrustedHTML, this's relevant global object, html, "ShadowRoot setHTMLUnsafe", and "script".
+    auto const compliant_html = TRY(TrustedTypes::get_trusted_type_compliant_string(
+        TrustedTypes::TrustedTypeName::TrustedHTML,
+        HTML::relevant_global_object(*this),
+        html,
+        TrustedTypes::InjectionSink::ShadowRootsetHTMLUnsafe,
+        TrustedTypes::Script.to_string()));

-    // 3. Unsafe set HTML given this, this's shadow host, and compliantHTML. FIXME: Use compliantHTML.
-    TRY(unsafely_set_html(*this->host(), html));
+    // 2. Unsafely set HTML given this, this's shadow host, and compliantHTML.
+    TRY(unsafely_set_html(*this->host(), compliant_html.to_utf8_but_should_be_ported_to_utf16()));

    return {};
 }
--- a/Libraries/LibWeb/DOM/ShadowRoot.h
+++ b/Libraries/LibWeb/DOM/ShadowRoot.h
@ -45,10 +45,10 @@ public:
    // ^EventTarget
    virtual EventTarget* get_parent(Event const&) override;

-    WebIDL::ExceptionOr<String> inner_html() const;
-    WebIDL::ExceptionOr<void> set_inner_html(StringView);
+    WebIDL::ExceptionOr<TrustedTypes::TrustedHTMLOrString> inner_html() const;
+    WebIDL::ExceptionOr<void> set_inner_html(TrustedTypes::TrustedHTMLOrString const&);

-    WebIDL::ExceptionOr<void> set_html_unsafe(StringView);
+    WebIDL::ExceptionOr<void> set_html_unsafe(TrustedTypes::TrustedHTMLOrString const&);

    WebIDL::ExceptionOr<String> get_html(GetHTMLOptions const&) const;

--- a/Libraries/LibWeb/DOM/ShadowRoot.idl
+++ b/Libraries/LibWeb/DOM/ShadowRoot.idl
@ -1,6 +1,7 @@
 #import <DOM/DocumentFragment.idl>
 #import <DOM/DocumentOrShadowRoot.idl>
 #import <DOM/Element.idl>
+#import <TrustedTypes/TrustedHTML.idl>

 // https://dom.spec.whatwg.org/#shadowroot
 [Exposed=Window]
@ -15,12 +16,10 @@ interface ShadowRoot : DocumentFragment {

    // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-parsing-and-serialization

-    // FIXME: [CEReactions] undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
-    [CEReactions] undefined setHTMLUnsafe(DOMString html);
+    [CEReactions] undefined setHTMLUnsafe((TrustedHTML or Utf16DOMString) html);
    DOMString getHTML(optional GetHTMLOptions options = {});

-    // FIXME: [CEReactions] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
-    [CEReactions, LegacyNullToEmptyString] attribute DOMString innerHTML;
+    [CEReactions, LegacyNullToEmptyString] attribute (TrustedHTML or Utf16DOMString) innerHTML;
 };

 ShadowRoot includes DocumentOrShadowRoot;
--- a/Libraries/LibWeb/TrustedTypes/InjectionSink.h
+++ b/Libraries/LibWeb/TrustedTypes/InjectionSink.h
@ -34,6 +34,8 @@ namespace Web::TrustedTypes {
    __ENUMERATE_INJECTION_SINKS(Locationhref, "Location href")                                     \
    __ENUMERATE_INJECTION_SINKS(RangecreateContextualFragment, "Range createContextualFragment")   \
    __ENUMERATE_INJECTION_SINKS(ServiceWorkerContainerregister, "ServiceWorkerContainer register") \
+    __ENUMERATE_INJECTION_SINKS(ShadowRootinnerHTML, "ShadowRoot innerHTML")                       \
+    __ENUMERATE_INJECTION_SINKS(ShadowRootsetHTMLUnsafe, "ShadowRoot setHTMLUnsafe")               \
    __ENUMERATE_INJECTION_SINKS(SharedWorkerconstructor, "SharedWorker constructor")               \
    __ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href")                     \
    __ENUMERATE_INJECTION_SINKS(Workerconstructor, "Worker constructor")                           \