Bug 1882498: add web API stubs for Trusted Types guarded behind a new pref. r=smaug,peterv

The TODOs corresponding to the stubs will be implemented in separate
patches.

Differential Revision: https://phabricator.services.mozilla.com/D202930

dom/base/nsGlobalWindowInner.cpp

@@ -167,6 +167,7 @@
 #include "mozilla/dom/TimeoutHandler.h"
 #include "mozilla/dom/TimeoutManager.h"
 #include "mozilla/dom/ToJSValue.h"
+#include "mozilla/dom/TrustedTypePolicyFactory.h"
 #include "mozilla/dom/VRDisplay.h"
 #include "mozilla/dom/VRDisplayEvent.h"
 #include "mozilla/dom/VRDisplayEventBinding.h"
@@ -1284,6 +1285,8 @@ void nsGlobalWindowInner::FreeInnerObjects() {
     mWebTaskScheduler = nullptr;
   }
 
+  mTrustedTypePolicyFactory = nullptr;
+
   mSharedWorkers.Clear();
 
 #ifdef MOZ_WEBSPEECH
@@ -1379,6 +1382,8 @@ NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INTERNAL(nsGlobalWindowInner)
 
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mWebTaskScheduler)
 
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mTrustedTypePolicyFactory)
+
 #ifdef MOZ_WEBSPEECH
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mSpeechSynthesis)
 #endif
@@ -1483,6 +1488,8 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsGlobalWindowInner)
     NS_IMPL_CYCLE_COLLECTION_UNLINK(mWebTaskScheduler)
   }
 
+  NS_IMPL_CYCLE_COLLECTION_UNLINK(mTrustedTypePolicyFactory)
+
 #ifdef MOZ_WEBSPEECH
   NS_IMPL_CYCLE_COLLECTION_UNLINK(mSpeechSynthesis)
 #endif
@@ -7606,6 +7613,14 @@ JS::loader::ModuleLoaderBase* nsGlobalWindowInner::GetModuleLoader(
   return loader->GetModuleLoader();
 }
 
+TrustedTypePolicyFactory* nsGlobalWindowInner::TrustedTypes() {
+  if (!mTrustedTypePolicyFactory) {
+    mTrustedTypePolicyFactory = MakeRefPtr<TrustedTypePolicyFactory>(this);
+  }
+
+  return mTrustedTypePolicyFactory;
+}
+
 nsIURI* nsPIDOMWindowInner::GetDocumentURI() const {
   return mDoc ? mDoc->GetDocumentURI() : mDocumentURI.get();
 }

dom/base/nsGlobalWindowInner.h

@@ -127,6 +127,7 @@ class WebTaskScheduler;
 class WebTaskSchedulerMainThread;
 class SpeechSynthesis;
 class Timeout;
+class TrustedTypePolicyFactory;
 class VisualViewport;
 class VRDisplay;
 enum class VRDisplayEventReason : uint8_t;
@@ -1254,11 +1255,15 @@ class nsGlobalWindowInner final : public mozilla::dom::EventTarget,
   virtual JS::loader::ModuleLoaderBase* GetModuleLoader(
       JSContext* aCx) override;
 
+  mozilla::dom::TrustedTypePolicyFactory* TrustedTypes();
+
  private:
   RefPtr<mozilla::dom::ContentMediaController> mContentMediaController;
 
   RefPtr<mozilla::dom::WebTaskSchedulerMainThread> mWebTaskScheduler;
 
+  RefPtr<mozilla::dom::TrustedTypePolicyFactory> mTrustedTypePolicyFactory;
+
  protected:
   // Whether we need to care about orientation changes.
   bool mHasOrientationChangeListeners : 1;

dom/bindings/Bindings.conf

@@ -1006,6 +1006,18 @@ DOMInterfaces = {
     'wrapperCache': False,
 },
 
+'TrustedHTML': {
+    'wrapperCache': False,
+},
+
+'TrustedScript': {
+    'wrapperCache': False,
+},
+
+'TrustedScriptURL': {
+    'wrapperCache': False,
+},
+
 'UserInteraction': {
     'nativeType': 'mozilla::telemetry::UserInteractionStopwatch',
     'headerFile': 'mozilla/telemetry/Stopwatch.h',

dom/security/moz.build

@@ -9,7 +9,7 @@ with Files("*"):
 
 TEST_DIRS += ["test"]
 
-DIRS += ["featurepolicy", "sanitizer"]
+DIRS += ["featurepolicy", "sanitizer", "trusted-types"]
 
 EXPORTS.mozilla.dom += [
     "CSPEvalChecker.h",

dom/security/trusted-types/TrustedHTML.cpp

@@ -0,0 +1,13 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/TrustedHTML.h"
+
+namespace mozilla::dom {
+
+IMPL_TRUSTED_TYPE_CLASS(TrustedHTML)
+
+}  // namespace mozilla::dom

dom/security/trusted-types/TrustedHTML.h

@@ -0,0 +1,19 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DOM_SECURITY_TRUSTED_TYPES_TRUSTEDHTML_H_
+#define DOM_SECURITY_TRUSTED_TYPES_TRUSTEDHTML_H_
+
+#include "mozilla/dom/TrustedTypeUtils.h"
+
+namespace mozilla::dom {
+
+// https://w3c.github.io/trusted-types/dist/spec/#trusted-html
+DECL_TRUSTED_TYPE_CLASS(TrustedHTML)
+
+}  // namespace mozilla::dom
+
+#endif  // DOM_SECURITY_TRUSTED_TYPES_TRUSTEDHTML_H_

dom/security/trusted-types/TrustedScript.cpp

@@ -0,0 +1,13 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/TrustedScript.h"
+
+namespace mozilla::dom {
+
+IMPL_TRUSTED_TYPE_CLASS(TrustedScript)
+
+}  // namespace mozilla::dom

dom/security/trusted-types/TrustedScript.h

@@ -0,0 +1,19 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DOM_SECURITY_TRUSTED_TYPES_TRUSTEDSCRIPT_H_
+#define DOM_SECURITY_TRUSTED_TYPES_TRUSTEDSCRIPT_H_
+
+#include "mozilla/dom/TrustedTypeUtils.h"
+
+namespace mozilla::dom {
+
+// https://w3c.github.io/trusted-types/dist/spec/#trusted-script
+DECL_TRUSTED_TYPE_CLASS(TrustedScript)
+
+}  // namespace mozilla::dom
+
+#endif  // DOM_SECURITY_TRUSTED_TYPES_TRUSTEDSCRIPT_H_

dom/security/trusted-types/TrustedScriptURL.cpp

@@ -0,0 +1,14 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/TrustedScriptURL.h"
+
+namespace mozilla::dom {
+
+// https://w3c.github.io/trusted-types/dist/spec/#trused-script-url
+IMPL_TRUSTED_TYPE_CLASS(TrustedScriptURL)
+
+}  // namespace mozilla::dom

dom/security/trusted-types/TrustedScriptURL.h

@@ -0,0 +1,18 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DOM_SECURITY_TRUSTED_TYPES_TRUSTEDSCRIPTURL_H_
+#define DOM_SECURITY_TRUSTED_TYPES_TRUSTEDSCRIPTURL_H_
+
+#include "mozilla/dom/TrustedTypeUtils.h"
+
+namespace mozilla::dom {
+
+DECL_TRUSTED_TYPE_CLASS(TrustedScriptURL)
+
+}  // namespace mozilla::dom
+
+#endif  // DOM_SECURITY_TRUSTED_TYPES_TRUSTEDSCRIPTURL_H_

dom/security/trusted-types/TrustedTypePolicy.cpp

@@ -0,0 +1,43 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/TrustedTypePolicy.h"
+
+#include "mozilla/AlreadyAddRefed.h"
+#include "mozilla/dom/TrustedTypePolicyFactory.h"
+#include "mozilla/dom/TrustedTypesBinding.h"
+
+namespace mozilla::dom {
+
+NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(TrustedTypePolicy, mParentObject)
+
+JSObject* TrustedTypePolicy::WrapObject(JSContext* aCx,
+                                        JS::Handle<JSObject*> aGivenProto) {
+  return TrustedTypePolicy_Binding::Wrap(aCx, this, aGivenProto);
+}
+
+UniquePtr<TrustedHTML> TrustedTypePolicy::CreateHTML(
+    JSContext* aJSContext, const nsAString& aInput,
+    const Sequence<JS::Value>& aArguments) const {
+  // TODO: implement the spec.
+  return MakeUnique<TrustedHTML>();
+}
+
+UniquePtr<TrustedScript> TrustedTypePolicy::CreateScript(
+    JSContext* aJSContext, const nsAString& aInput,
+    const Sequence<JS::Value>& aArguments) const {
+  // TODO: implement the spec.
+  return MakeUnique<TrustedScript>();
+}
+
+UniquePtr<TrustedScriptURL> TrustedTypePolicy::CreateScriptURL(
+    JSContext* aJSContext, const nsAString& aInput,
+    const Sequence<JS::Value>& aArguments) const {
+  // TODO: implement the spec.
+  return MakeUnique<TrustedScriptURL>();
+}
+
+}  // namespace mozilla::dom

dom/security/trusted-types/TrustedTypePolicy.h

@@ -0,0 +1,72 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEPOLICY_H_
+#define DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEPOLICY_H_
+
+#include "js/TypeDecls.h"
+#include "js/Value.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/dom/BindingDeclarations.h"
+#include "mozilla/dom/DOMString.h"
+#include "mozilla/dom/TrustedHTML.h"
+#include "mozilla/dom/TrustedScript.h"
+#include "mozilla/dom/TrustedScriptURL.h"
+#include "nsISupportsImpl.h"
+#include "nsStringFwd.h"
+#include "nsWrapperCache.h"
+
+namespace mozilla::dom {
+
+class TrustedTypePolicyFactory;
+
+// https://w3c.github.io/trusted-types/dist/spec/#trusted-type-policy
+class TrustedTypePolicy : public nsWrapperCache {
+ public:
+  NS_INLINE_DECL_CYCLE_COLLECTING_NATIVE_REFCOUNTING(TrustedTypePolicy)
+  NS_DECL_CYCLE_COLLECTION_NATIVE_WRAPPERCACHE_CLASS(TrustedTypePolicy)
+
+  explicit TrustedTypePolicy(TrustedTypePolicyFactory* aParentObject)
+      : mParentObject{aParentObject} {}
+
+  // Required for Web IDL binding.
+  TrustedTypePolicyFactory* GetParentObject() const { return mParentObject; }
+
+  // Required for Web IDL binding.
+  JSObject* WrapObject(JSContext* aCx,
+                       JS::Handle<JSObject*> aGivenProto) override;
+
+  // https://w3c.github.io/trusted-types/dist/spec/#trustedtypepolicy-name
+  void GetName(DOMString& aResult) const {
+    // TODO: impl.
+  }
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicy-createhtml
+  UniquePtr<TrustedHTML> CreateHTML(
+      JSContext* aJSContext, const nsAString& aInput,
+      const Sequence<JS::Value>& aArguments) const;
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicy-createscript
+  UniquePtr<TrustedScript> CreateScript(
+      JSContext* aJSContext, const nsAString& aInput,
+      const Sequence<JS::Value>& aArguments) const;
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicy-createscripturl
+  UniquePtr<TrustedScriptURL> CreateScriptURL(
+      JSContext* aJSContext, const nsAString& aInput,
+      const Sequence<JS::Value>& aArguments) const;
+
+ private:
+  // Required because this class is ref-counted.
+  virtual ~TrustedTypePolicy() = default;
+
+  RefPtr<TrustedTypePolicyFactory> mParentObject;
+};
+
+}  // namespace mozilla::dom
+
+#endif  // DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEPOLICY_H_

dom/security/trusted-types/TrustedTypePolicyFactory.cpp

@@ -0,0 +1,50 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/TrustedTypePolicyFactory.h"
+
+#include "mozilla/AlreadyAddRefed.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/dom/TrustedTypePolicy.h"
+
+namespace mozilla::dom {
+
+NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(TrustedTypePolicyFactory, mGlobalObject)
+
+JSObject* TrustedTypePolicyFactory::WrapObject(
+    JSContext* aCx, JS::Handle<JSObject*> aGivenProto) {
+  return TrustedTypePolicyFactory_Binding::Wrap(aCx, this, aGivenProto);
+}
+
+already_AddRefed<TrustedTypePolicy> TrustedTypePolicyFactory::CreatePolicy(
+    const nsAString& aPolicyName,
+    const TrustedTypePolicyOptions& aPolicyOptions) {
+  // TODO: implement the spec.
+  return MakeRefPtr<TrustedTypePolicy>(this).forget();
+}
+
+UniquePtr<TrustedHTML> TrustedTypePolicyFactory::EmptyHTML() {
+  // Preserving the wrapper ensures:
+  // ```
+  //  const e = trustedTypes.emptyHTML;
+  //  e === trustedTypes.emptyHTML;
+  // ```
+  // which comes with the cost of keeping the factory, one per global, alive.
+  // An additional benefit is it saves the cost of re-instantiating potentially
+  // multiple emptyHML objects. Both, the JS- and the C++-objects.
+  dom::PreserveWrapper(this);
+
+  return MakeUnique<TrustedHTML>();
+}
+
+UniquePtr<TrustedScript> TrustedTypePolicyFactory::EmptyScript() {
+  // See the explanation in `EmptyHTML()`.
+  dom::PreserveWrapper(this);
+
+  return MakeUnique<TrustedScript>();
+}
+
+}  // namespace mozilla::dom

dom/security/trusted-types/TrustedTypePolicyFactory.h

@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEPOLICYFACTORY_H_
+#define DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEPOLICYFACTORY_H_
+
+#include "js/TypeDecls.h"
+#include "mozilla/dom/TrustedHTML.h"
+#include "mozilla/dom/TrustedScript.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/UniquePtr.h"
+#include "nsIGlobalObject.h"
+#include "nsISupportsImpl.h"
+#include "nsStringFwd.h"
+#include "nsWrapperCache.h"
+
+template <typename T>
+struct already_AddRefed;
+
+class DOMString;
+
+namespace mozilla::dom {
+
+class TrustedTypePolicy;
+
+// https://w3c.github.io/trusted-types/dist/spec/#trusted-type-policy-factory
+class TrustedTypePolicyFactory : public nsWrapperCache {
+ public:
+  NS_INLINE_DECL_CYCLE_COLLECTING_NATIVE_REFCOUNTING(TrustedTypePolicyFactory)
+  NS_DECL_CYCLE_COLLECTION_NATIVE_WRAPPERCACHE_CLASS(TrustedTypePolicyFactory)
+
+  explicit TrustedTypePolicyFactory(nsIGlobalObject* aGlobalObject)
+      : mGlobalObject{aGlobalObject} {}
+
+  // Required for Web IDL binding.
+  nsIGlobalObject* GetParentObject() const { return mGlobalObject; }
+
+  // Required for Web IDL binding.
+  JSObject* WrapObject(JSContext* aCx,
+                       JS::Handle<JSObject*> aGivenProto) override;
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-createpolicy
+  already_AddRefed<TrustedTypePolicy> CreatePolicy(
+      const nsAString& aPolicyName,
+      const TrustedTypePolicyOptions& aPolicyOptions);
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-ishtml
+  bool IsHTML(JSContext* aJSContext,
+              const JS::Handle<JS::Value>& aValue) const {
+    // TODO: impl.
+    return false;
+  }
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-isscript
+  bool IsScript(JSContext* aJSContext,
+                const JS::Handle<JS::Value>& aValue) const {
+    // TODO: impl.
+    return false;
+  }
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-isscripturl
+  bool IsScriptURL(JSContext* aJSContext,
+                   const JS::Handle<JS::Value>& aValue) const {
+    // TODO: impl.
+    return false;
+  }
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-emptyhtml
+  UniquePtr<TrustedHTML> EmptyHTML();
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-emptyscript
+  UniquePtr<TrustedScript> EmptyScript();
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-getattributetype
+  void GetAttributeType(const nsAString& aTagName, const nsAString& aAttribute,
+                        const nsAString& aElementNs, const nsAString& aAttrNs,
+                        DOMString& aResult) {
+    // TODO: impl.
+  }
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-getpropertytype
+  void GetPropertyType(const nsAString& aTagName, const nsAString& aProperty,
+                       const nsAString& aElementNs, DOMString& aResult) {
+    // TODO: impl
+  }
+
+  // https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-defaultpolicy
+  TrustedTypePolicy* GetDefaultPolicy() const {
+    // TODO: impl
+    return nullptr;
+  }
+
+ private:
+  // Required because this class is ref-counted.
+  virtual ~TrustedTypePolicyFactory() = default;
+
+  RefPtr<nsIGlobalObject> mGlobalObject;
+};
+
+}  // namespace mozilla::dom
+
+#endif  // DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEPOLICYFACTORY_H_

dom/security/trusted-types/TrustedTypeUtils.h

@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEUTILS_H_
+#define DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEUTILS_H_
+
+#include "mozilla/dom/DOMString.h"
+#include "mozilla/dom/NonRefcountedDOMObject.h"
+#include "mozilla/dom/TrustedTypesBinding.h"
+#include "nsStringFwd.h"
+
+#define DECL_TRUSTED_TYPE_CLASS(_class)                                \
+  class _class : public mozilla::dom::NonRefcountedDOMObject {         \
+   public:                                                             \
+    /* Required for Web IDL binding. */                                \
+    bool WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto, \
+                    JS::MutableHandle<JSObject*> aObject);             \
+                                                                       \
+    void Stringify(nsAString& aResult) const { /* TODO: impl. */       \
+    }                                                                  \
+                                                                       \
+    void ToJSON(DOMString& aResult) const { /* TODO: impl. */          \
+    }                                                                  \
+  };
+
+#define IMPL_TRUSTED_TYPE_CLASS(_class)                                      \
+  bool _class::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto, \
+                          JS::MutableHandle<JSObject*> aObject) {            \
+    return _class##_Binding::Wrap(aCx, this, aGivenProto, aObject);          \
+  }
+
+#endif  // DOM_SECURITY_TRUSTED_TYPES_TRUSTEDTYPEUTILS_H_

dom/security/trusted-types/moz.build

@@ -0,0 +1,27 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "DOM: Security")
+
+EXPORTS.mozilla.dom += [
+    "TrustedHTML.h",
+    "TrustedScript.h",
+    "TrustedScriptURL.h",
+    "TrustedTypePolicy.h",
+    "TrustedTypePolicyFactory.h",
+    "TrustedTypeUtils.h",
+]
+
+UNIFIED_SOURCES += [
+    "TrustedHTML.cpp",
+    "TrustedScript.cpp",
+    "TrustedScriptURL.cpp",
+    "TrustedTypePolicy.cpp",
+    "TrustedTypePolicyFactory.cpp",
+]
+
+FINAL_LIBRARY = "xul"

dom/webidl/TrustedTypes.webidl

@@ -0,0 +1,64 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * The origin of this IDL file is
+ * <https://w3c.github.io/trusted-types/dist/spec/>.
+ */
+
+[Exposed=(Window,Worker), Pref="dom.security.trusted_types.enabled"]
+interface TrustedHTML {
+  stringifier;
+  DOMString toJSON();
+};
+
+[Exposed=(Window,Worker), Pref="dom.security.trusted_types.enabled"]
+interface TrustedScript {
+  stringifier;
+  DOMString toJSON();
+};
+
+[Exposed=(Window,Worker), Pref="dom.security.trusted_types.enabled"]
+interface TrustedScriptURL {
+  stringifier;
+  USVString toJSON();
+};
+
+[Exposed=(Window,Worker), Pref="dom.security.trusted_types.enabled"]
+interface TrustedTypePolicy {
+  readonly attribute DOMString name;
+  [NewObject] TrustedHTML createHTML(DOMString input, any... arguments);
+  [NewObject] TrustedScript createScript(DOMString input, any... arguments);
+  [NewObject] TrustedScriptURL createScriptURL(DOMString input, any... arguments);
+};
+
+dictionary TrustedTypePolicyOptions {
+   CreateHTMLCallback createHTML;
+   CreateScriptCallback createScript;
+   CreateScriptURLCallback createScriptURL;
+};
+
+callback CreateHTMLCallback = DOMString? (DOMString input, any... arguments);
+callback CreateScriptCallback = DOMString? (DOMString input, any... arguments);
+callback CreateScriptURLCallback = USVString? (DOMString input, any... arguments);
+
+[Exposed=(Window,Worker), Pref="dom.security.trusted_types.enabled"]
+interface TrustedTypePolicyFactory {
+    TrustedTypePolicy createPolicy(DOMString policyName , optional TrustedTypePolicyOptions policyOptions = {});
+    boolean isHTML(any value);
+    boolean isScript(any value);
+    boolean isScriptURL(any value);
+    [Pure, StoreInSlot] readonly attribute TrustedHTML emptyHTML;
+    [Pure, StoreInSlot] readonly attribute TrustedScript emptyScript;
+    DOMString? getAttributeType(
+      DOMString tagName,
+      DOMString attribute,
+      optional DOMString elementNs = "",
+      optional DOMString attrNs = "");
+    DOMString? getPropertyType(
+        DOMString tagName,
+        DOMString property,
+        optional DOMString elementNs = "");
+    readonly attribute TrustedTypePolicy? defaultPolicy;
+};

dom/webidl/WindowOrWorkerGlobalScope.webidl

@@ -85,3 +85,10 @@ partial interface mixin WindowOrWorkerGlobalScope {
   [Replaceable, Pref="dom.enable_web_task_scheduling", SameObject]
   readonly attribute Scheduler scheduler;
 };
+
+
+// https://w3c.github.io/trusted-types/dist/spec/#extensions-to-the-windoworworkerglobalscope-interface
+partial interface mixin WindowOrWorkerGlobalScope {
+  [Pref="dom.security.trusted_types.enabled"]
+  readonly attribute TrustedTypePolicyFactory trustedTypes;
+};

dom/webidl/moz.build

@@ -976,6 +976,7 @@ WEBIDL_FILES = [
     "TransformStreamDefaultController.webidl",
     "TransitionEvent.webidl",
     "TreeWalker.webidl",
+    "TrustedTypes.webidl",
     "UDPMessageEvent.webidl",
     "UDPSocket.webidl",
     "UIEvent.webidl",

dom/workers/WorkerScope.cpp

@@ -404,6 +404,7 @@ NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(WorkerGlobalScope,
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mCrypto)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPerformance)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mWebTaskScheduler)
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mTrustedTypePolicyFactory)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mLocation)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mNavigator)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mFontFaceSet)
@@ -420,6 +421,7 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(WorkerGlobalScope,
     tmp->mWebTaskScheduler->Disconnect();
     NS_IMPL_CYCLE_COLLECTION_UNLINK(mWebTaskScheduler)
   }
+  NS_IMPL_CYCLE_COLLECTION_UNLINK(mTrustedTypePolicyFactory)
   NS_IMPL_CYCLE_COLLECTION_UNLINK(mLocation)
   NS_IMPL_CYCLE_COLLECTION_UNLINK(mNavigator)
   NS_IMPL_CYCLE_COLLECTION_UNLINK(mFontFaceSet)
@@ -868,6 +870,14 @@ void WorkerGlobalScope::StorageAccessPermissionGranted() {
   mCacheStorage = nullptr;
 }
 
+TrustedTypePolicyFactory* WorkerGlobalScope::TrustedTypes() {
+  if (!mTrustedTypePolicyFactory) {
+    mTrustedTypePolicyFactory = MakeRefPtr<TrustedTypePolicyFactory>(this);
+  }
+
+  return mTrustedTypePolicyFactory;
+}
+
 bool WorkerGlobalScope::WindowInteractionAllowed() const {
   AssertIsOnWorkerThread();
   return mWindowInteractionsAllowed > 0;

dom/workers/WorkerScope.h

@@ -22,6 +22,7 @@
 #include "mozilla/dom/ImageBitmapSource.h"
 #include "mozilla/dom/PerformanceWorker.h"
 #include "mozilla/dom/SafeRefPtr.h"
+#include "mozilla/dom/TrustedTypePolicyFactory.h"
 #include "mozilla/dom/WorkerPrivate.h"
 #include "nsCOMPtr.h"
 #include "nsCycleCollectionParticipant.h"
@@ -352,6 +353,8 @@ class WorkerGlobalScope : public WorkerGlobalScopeBase {
   MOZ_CAN_RUN_SCRIPT_BOUNDARY
   virtual void OnVsync(const VsyncEvent& aVsync) {}
 
+  TrustedTypePolicyFactory* TrustedTypes();
+
  protected:
   ~WorkerGlobalScope();
 
@@ -376,6 +379,7 @@ class WorkerGlobalScope : public WorkerGlobalScopeBase {
   RefPtr<cache::CacheStorage> mCacheStorage;
   RefPtr<DebuggerNotificationManager> mDebuggerNotificationManager;
   RefPtr<WebTaskSchedulerWorker> mWebTaskScheduler;
+  RefPtr<TrustedTypePolicyFactory> mTrustedTypePolicyFactory;
   uint32_t mWindowInteractionsAllowed = 0;
   bool mIsEligibleForMessaging{true};
 };

modules/libpref/init/StaticPrefList.yaml

@@ -3708,6 +3708,13 @@
   value: false
   mirror: always
 
+# If and only if true, support for Trusted Types
+# (https://w3c.github.io/trusted-types/dist/spec/) is enabled.
+- name: dom.security.trusted_types.enabled
+  type: RelaxedAtomicBool
+  value: False
+  mirror: always
+
 # If true, all content requests will get upgraded to HTTPS://
 # (some Firefox functionality requests, like OCSP will not be affected)
 - name: dom.security.https_only_mode

testing/web-platform/meta/trusted-types/Window-TrustedTypes.html.ini

@@ -1,6 +1,2 @@
 [Window-TrustedTypes.html]
-  [factory = window.trustedTypes]
-    expected: FAIL
-
-  [factory construction fails]
-    expected: FAIL
+  prefs: [dom.security.trusted_types.enabled:true]

testing/web-platform/meta/trusted-types/idlharness.window.js.ini

@@ -1,264 +1,2 @@
 [idlharness.window.html]
-  [TrustedHTML interface: existence and properties of interface object]
-    expected: FAIL
-
-  [TrustedHTML interface object length]
-    expected: FAIL
-
-  [TrustedHTML interface object name]
-    expected: FAIL
-
-  [TrustedHTML interface: existence and properties of interface prototype object]
-    expected: FAIL
-
-  [TrustedHTML interface: existence and properties of interface prototype object's "constructor" property]
-    expected: FAIL
-
-  [TrustedHTML interface: existence and properties of interface prototype object's @@unscopables property]
-    expected: FAIL
-
-  [TrustedHTML interface: stringifier]
-    expected: FAIL
-
-  [TrustedHTML interface: operation toJSON()]
-    expected: FAIL
-
-  [TrustedHTML must be primary interface of window.trustedTypes.createPolicy("SomeName1", { createHTML: s => s }).createHTML("A string")]
-    expected: FAIL
-
-  [Stringification of window.trustedTypes.createPolicy("SomeName1", { createHTML: s => s }).createHTML("A string")]
-    expected: FAIL
-
-  [TrustedHTML interface: window.trustedTypes.createPolicy("SomeName1", { createHTML: s => s }).createHTML("A string") must inherit property "toJSON()" with the proper type]
-    expected: FAIL
-
-  [TrustedHTML interface: toJSON operation on window.trustedTypes.createPolicy("SomeName1", { createHTML: s => s }).createHTML("A string")]
-    expected: FAIL
-
-  [TrustedScript interface: existence and properties of interface object]
-    expected: FAIL
-
-  [TrustedScript interface object length]
-    expected: FAIL
-
-  [TrustedScript interface object name]
-    expected: FAIL
-
-  [TrustedScript interface: existence and properties of interface prototype object]
-    expected: FAIL
-
-  [TrustedScript interface: existence and properties of interface prototype object's "constructor" property]
-    expected: FAIL
-
-  [TrustedScript interface: existence and properties of interface prototype object's @@unscopables property]
-    expected: FAIL
-
-  [TrustedScript interface: stringifier]
-    expected: FAIL
-
-  [TrustedScript interface: operation toJSON()]
-    expected: FAIL
-
-  [TrustedScript must be primary interface of window.trustedTypes.createPolicy("SomeName2", { createScript: s => s }).createScript("A string")]
-    expected: FAIL
-
-  [Stringification of window.trustedTypes.createPolicy("SomeName2", { createScript: s => s }).createScript("A string")]
-    expected: FAIL
-
-  [TrustedScript interface: window.trustedTypes.createPolicy("SomeName2", { createScript: s => s }).createScript("A string") must inherit property "toJSON()" with the proper type]
-    expected: FAIL
-
-  [TrustedScript interface: toJSON operation on window.trustedTypes.createPolicy("SomeName2", { createScript: s => s }).createScript("A string")]
-    expected: FAIL
-
-  [TrustedScriptURL interface: existence and properties of interface object]
-    expected: FAIL
-
-  [TrustedScriptURL interface object length]
-    expected: FAIL
-
-  [TrustedScriptURL interface object name]
-    expected: FAIL
-
-  [TrustedScriptURL interface: existence and properties of interface prototype object]
-    expected: FAIL
-
-  [TrustedScriptURL interface: existence and properties of interface prototype object's "constructor" property]
-    expected: FAIL
-
-  [TrustedScriptURL interface: existence and properties of interface prototype object's @@unscopables property]
-    expected: FAIL
-
-  [TrustedScriptURL interface: stringifier]
-    expected: FAIL
-
-  [TrustedScriptURL interface: operation toJSON()]
-    expected: FAIL
-
-  [TrustedScriptURL must be primary interface of window.trustedTypes.createPolicy("SomeName3", { createScriptURL: s => s }).createScriptURL("A string")]
-    expected: FAIL
-
-  [Stringification of window.trustedTypes.createPolicy("SomeName3", { createScriptURL: s => s }).createScriptURL("A string")]
-    expected: FAIL
-
-  [TrustedScriptURL interface: window.trustedTypes.createPolicy("SomeName3", { createScriptURL: s => s }).createScriptURL("A string") must inherit property "toJSON()" with the proper type]
-    expected: FAIL
-
-  [TrustedScriptURL interface: toJSON operation on window.trustedTypes.createPolicy("SomeName3", { createScriptURL: s => s }).createScriptURL("A string")]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: existence and properties of interface object]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface object length]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface object name]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: existence and properties of interface prototype object]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: existence and properties of interface prototype object's "constructor" property]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: existence and properties of interface prototype object's @@unscopables property]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: operation createPolicy(DOMString, optional TrustedTypePolicyOptions)]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: operation isHTML(any)]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: operation isScript(any)]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: operation isScriptURL(any)]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: attribute emptyHTML]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: attribute emptyScript]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: operation getAttributeType(DOMString, DOMString, optional DOMString, optional DOMString)]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: operation getPropertyType(DOMString, DOMString, optional DOMString)]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: attribute defaultPolicy]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory must be primary interface of window.trustedTypes]
-    expected: FAIL
-
-  [Stringification of window.trustedTypes]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "createPolicy(DOMString, optional TrustedTypePolicyOptions)" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: calling createPolicy(DOMString, optional TrustedTypePolicyOptions) on window.trustedTypes with too few arguments must throw TypeError]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "isHTML(any)" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: calling isHTML(any) on window.trustedTypes with too few arguments must throw TypeError]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "isScript(any)" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: calling isScript(any) on window.trustedTypes with too few arguments must throw TypeError]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "isScriptURL(any)" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: calling isScriptURL(any) on window.trustedTypes with too few arguments must throw TypeError]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "emptyHTML" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "emptyScript" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "getAttributeType(DOMString, DOMString, optional DOMString, optional DOMString)" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: calling getAttributeType(DOMString, DOMString, optional DOMString, optional DOMString) on window.trustedTypes with too few arguments must throw TypeError]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "getPropertyType(DOMString, DOMString, optional DOMString)" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: calling getPropertyType(DOMString, DOMString, optional DOMString) on window.trustedTypes with too few arguments must throw TypeError]
-    expected: FAIL
-
-  [TrustedTypePolicyFactory interface: window.trustedTypes must inherit property "defaultPolicy" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: existence and properties of interface object]
-    expected: FAIL
-
-  [TrustedTypePolicy interface object length]
-    expected: FAIL
-
-  [TrustedTypePolicy interface object name]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: existence and properties of interface prototype object]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: existence and properties of interface prototype object's "constructor" property]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: existence and properties of interface prototype object's @@unscopables property]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: attribute name]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: operation createHTML(DOMString, any...)]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: operation createScript(DOMString, any...)]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: operation createScriptURL(DOMString, any...)]
-    expected: FAIL
-
-  [TrustedTypePolicy must be primary interface of window.trustedTypes.createPolicy("SomeName", { createHTML: s => s })]
-    expected: FAIL
-
-  [Stringification of window.trustedTypes.createPolicy("SomeName", { createHTML: s => s })]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must inherit property "name" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must inherit property "createHTML(DOMString, any...)" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: calling createHTML(DOMString, any...) on window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) with too few arguments must throw TypeError]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must inherit property "createScript(DOMString, any...)" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: calling createScript(DOMString, any...) on window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) with too few arguments must throw TypeError]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) must inherit property "createScriptURL(DOMString, any...)" with the proper type]
-    expected: FAIL
-
-  [TrustedTypePolicy interface: calling createScriptURL(DOMString, any...) on window.trustedTypes.createPolicy("SomeName", { createHTML: s => s }) with too few arguments must throw TypeError]
-    expected: FAIL
-
-  [Window interface: attribute trustedTypes]
-    expected: FAIL
+  prefs: [dom.security.trusted_types.enabled:true]