languages/dart-sdk
languages/dart-sdk
1
0
Fork 0
mirror of https://github.com/dart-lang/sdk synced 2024-07-05 09:20:04 +00:00
Code Issues Projects Releases Wiki Activity

[dart:html] Update Trusted Types APIs

Browse Source 
Closes b/195948578

Modifies Trusted Types APIs to be compliant with the spec in
https://w3c.github.io/webappsec-trusted-types/dist/spec/.

Change-Id: I65d52ace12342ce777ab596a9dd2e9a3f74b2f05
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/212270
Commit-Queue: Srujan Gaddam <srujzs@google.com>
Reviewed-by: Riley Porter <rileyporter@google.com>
This commit is contained in:
Srujan Gaddam 2021-09-07 18:03:18 +00:00 committed by commit-bot@chromium.org
parent b3cb952a69
commit bda31c2c13
4 changed files with 357 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CHANGELOG.md
View File

@ -78,6 +78,20 @@
- The experimental `waitFor` functionality, and the library containing only that
function, are now deprecated.
#### `dart:html`
- **Breaking Change**: Trusted Types APIs have been updated to comply to the
latest [W3C spec]. This includes adding `TrustedScript`, `TrustedScriptURL`,
`TrustedTypePolicy`, and `TrustedTypePolicyFactory`, as well as modifying the
methods within the types, like removing the now deprecated `escape` and
and `unsafelyCreate` methods. These deprecated methods are already unsupported
on most modern browsers, so this would simply make them static failures now.
Users of the old API are encouraged to use the `TrustedTypePolicy` to create
Trusted Types. Please see the [MDN Web Docs] for examples.
[W3C spec]: https://w3c.github.io/webappsec-trusted-types/dist/spec/
[MDN Web Docs]: https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API#interfaces
### Tools
#### Dart command line

151
sdk/lib/html/dart2js/html_dart2js.dart
View File

@ -3285,6 +3285,45 @@ class Coordinates extends Interceptor {
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
// WARNING: Do not edit - generated code.
typedef void CreateHtmlCallback(String input,
[Object? arg1,
Object? arg2,
Object? arg3,
Object? arg4,
Object? arg5,
Object? arg6]);
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
// WARNING: Do not edit - generated code.
typedef void CreateScriptCallback(String input,
[Object? arg1,
Object? arg2,
Object? arg3,
Object? arg4,
Object? arg5,
Object? arg6]);
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
// WARNING: Do not edit - generated code.
typedef void CreateScriptUrlCallback(String input,
[Object? arg1,
Object? arg2,
Object? arg3,
Object? arg4,
Object? arg5,
Object? arg6]);
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
@Native("Credential")
class Credential extends Interceptor {
// To suppress missing implicit constructor warnings.
@ -30691,9 +30730,26 @@ class TrustedHtml extends Interceptor {
throw new UnsupportedError("Not supported");
}
static TrustedHtml escape(String html) native;
@JSName('toJSON')
String toJson() native;
static TrustedHtml unsafelyCreate(String html) native;
String toString() native;
}
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
@Native("TrustedScript")
class TrustedScript extends Interceptor {
// To suppress missing implicit constructor warnings.
factory TrustedScript._() {
throw new UnsupportedError("Not supported");
}
@JSName('toJSON')
String toJson() native;
String toString() native;
}
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
@ -30706,7 +30762,94 @@ class TrustedScriptUrl extends Interceptor {
throw new UnsupportedError("Not supported");
}
static TrustedScriptUrl unsafelyCreate(String url) native;
@JSName('toJSON')
String toJson() native;
String toString() native;
}
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
@Native("TrustedTypePolicy")
class TrustedTypePolicy extends Interceptor {
// To suppress missing implicit constructor warnings.
factory TrustedTypePolicy._() {
throw new UnsupportedError("Not supported");
}
String? get name native;
@JSName('createHTML')
TrustedHtml createHtml(String input,
[Object? arg1,
Object? arg2,
Object? arg3,
Object? arg4,
Object? arg5,
Object? arg6]) native;
TrustedScript createScript(String input,
[Object? arg1,
Object? arg2,
Object? arg3,
Object? arg4,
Object? arg5,
Object? arg6]) native;
@JSName('createScriptURL')
TrustedScriptUrl createScriptUrl(String input,
[Object? arg1,
Object? arg2,
Object? arg3,
Object? arg4,
Object? arg5,
Object? arg6]) native;
}
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
@Native("TrustedTypePolicyFactory")
class TrustedTypePolicyFactory extends Interceptor {
// To suppress missing implicit constructor warnings.
factory TrustedTypePolicyFactory._() {
throw new UnsupportedError("Not supported");
}
TrustedTypePolicy? get defaultPolicy native;
@JSName('emptyHTML')
TrustedHtml? get emptyHtml native;
TrustedScript? get emptyScript native;
TrustedTypePolicy createPolicy(String policyName, [Map? policyOptions]) {
if (policyOptions != null) {
var policyOptions_1 = convertDartToNative_Dictionary(policyOptions);
return _createPolicy_1(policyName, policyOptions_1);
}
return _createPolicy_2(policyName);
}
@JSName('createPolicy')
TrustedTypePolicy _createPolicy_1(policyName, policyOptions) native;
@JSName('createPolicy')
TrustedTypePolicy _createPolicy_2(policyName) native;
String? getAttributeType(String tagName, String attribute,
[String? elementNs, String? attrNs]) native;
String? getPropertyType(String tagName, String property, [String? elementNs])
native;
@JSName('isHTML')
bool isHtml(Object value) native;
bool isScript(Object value) native;
@JSName('isScriptURL')
bool isScriptUrl(Object value) native;
}
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
@ -32839,6 +32982,8 @@ class Window extends EventTarget
@Returns('Window|=Object')
dynamic get _get_top native;
TrustedTypePolicyFactory? get trustedTypes native;
VisualViewport? get visualViewport native;
/**

87
tools/dom/dom.json
View File

@ -5133,6 +5133,18 @@
},
"support_level": "deprecated"
},
"CreateHTMLCallback": {
"members": {},
"support_level": "untriaged"
},
"CreateScriptCallback": {
"members": {},
"support_level": "untriaged"
},
"CreateScriptURLCallback": {
"members": {},
"support_level": "untriaged"
},
"Credential": {
"members": {
"avatarURL": {
@ -22486,20 +22498,92 @@
"escape": {
"support_level": "untriaged"
},
"toJSON": {
"support_level": "untriaged"
},
"toString": {
"support_level": "untriaged"
},
"unsafelyCreate": {
"support_level": "untriaged"
}
},
"support_level": "untriaged"
},
"TrustedScript": {
"members": {
"toJSON": {
"support_level": "untriaged"
},
"toString": {
"support_level": "untriaged"
}
},
"support_level": "untriaged"
},
"TrustedScriptURL": {
"members": {
"toJSON": {
"support_level": "untriaged"
},
"toString": {
"support_level": "untriaged"
},
"unsafelyCreate": {
"support_level": "untriaged"
}
},
"support_level": "untriaged"
},
"TrustedTypePolicy": {
"members": {
"createHTML": {
"support_level": "untriaged"
},
"createScript": {
"support_level": "untriaged"
},
"createScriptURL": {
"support_level": "untriaged"
},
"name": {
"support_level": "untriaged"
}
},
"support_level": "untriaged"
},
"TrustedTypePolicyFactory": {
"members": {
"createPolicy": {
"support_level": "untriaged"
},
"defaultPolicy": {
"support_level": "untriaged"
},
"emptyHTML": {
"support_level": "untriaged"
},
"emptyScript": {
"support_level": "untriaged"
},
"getAttributeType": {
"support_level": "untriaged"
},
"getPropertyType": {
"support_level": "untriaged"
},
"isHTML": {
"support_level": "untriaged"
},
"isScript": {
"support_level": "untriaged"
},
"isScriptURL": {
"support_level": "untriaged"
}
},
"support_level": "untriaged"
},
"TrustedURL": {
"members": {
"create": {
@ -30731,6 +30815,9 @@
"toString": {},
"toolbar": {},
"top": {},
"trustedTypes": {
"support_level": "untriaged"
},
"visualViewport": {
"support_level": "untriaged"
},

108
tools/dom/idl/dart/dart.idl
View File

@ -425,6 +425,8 @@ interface Window : EventTarget {
[RuntimeEnabled=VisualViewportAPI, Replaceable, SameObject, DartSuppress] readonly attribute VisualViewport visualViewport;
[RuntimeEnabled=VisualViewportAPI, Replaceable, SameObject] readonly attribute VisualViewport? visualViewport;
readonly attribute TrustedTypePolicyFactory trustedTypes;
};
[DartSupplemental]
@ -652,3 +654,109 @@ interface NoncedElement {
// PositionCallback can be used on a deprecated Position object,
// a GeolocationPosition object, or a Firefox-specific object.
callback PositionCallback = void(object position);
interface TrustedHTML {
DOMString toString();
DOMString toJSON();
// Deprecated methods.
[DartSuppress] static TrustedHTML escape(DOMString html);
[DartSuppress] static TrustedHTML unsafelyCreate(DOMString html);
};
interface TrustedScript {
DOMString toString();
DOMString toJSON();
};
interface TrustedScriptURL {
USVString toString();
USVString toJSON();
// Deprecated methods.
[DartSuppress] static TrustedScriptURL unsafelyCreate(DOMString url);
};
[Exposed=(Window,Worker)]
interface TrustedTypePolicyFactory {
TrustedTypePolicy createPolicy(
DOMString policyName, optional TrustedTypePolicyOptions policyOptions);
boolean isHTML(any value);
boolean isScript(any value);
boolean isScriptURL(any value);
readonly attribute TrustedHTML emptyHTML;
readonly attribute TrustedScript emptyScript;
DOMString? getAttributeType(
DOMString tagName,
DOMString attribute,
optional DOMString elementNs = "",
optional DOMString attrNs = "");
DOMString? getPropertyType(
DOMString tagName,
DOMString property,
optional DOMString elementNs = "");
readonly attribute TrustedTypePolicy? defaultPolicy;
};
dictionary TrustedTypePolicyOptions {
CreateHTMLCallback? createHTML;
CreateScriptCallback? createScript;
CreateScriptURLCallback? createScriptURL;
};
interface TrustedTypePolicy {
readonly attribute DOMString name;
// Dart doesn't support variadic arguments, so support up to 6 args.
// The alternative would be to use a list, which supports an arbitrary amount
// of args, but only works if the callback this policy was instantiated with
// accepts a list instead of a number of args.
TrustedHTML createHTML(
DOMString input,
optional any arg1,
optional any arg2,
optional any arg3,
optional any arg4,
optional any arg5,
optional any arg6);
TrustedScript createScript(
DOMString input,
optional any arg1,
optional any arg2,
optional any arg3,
optional any arg4,
optional any arg5,
optional any arg6);
TrustedScriptURL createScriptURL(
DOMString input,
optional any arg1,
optional any arg2,
optional any arg3,
optional any arg4,
optional any arg5,
optional any arg6);
};
callback CreateHTMLCallback = DOMString (
DOMString input,
optional any arg1,
optional any arg2,
optional any arg3,
optional any arg4,
optional any arg5,
optional any arg6);
callback CreateScriptCallback = DOMString (
DOMString input,
optional any arg1,
optional any arg2,
optional any arg3,
optional any arg4,
optional any arg5,
optional any arg6);
callback CreateScriptURLCallback = USVString (
DOMString input,
optional any arg1,
optional any arg2,
optional any arg3,
optional any arg4,
optional any arg5,
optional any arg6);