mirror of
https://github.com/dart-lang/sdk
synced 2024-10-06 13:57:58 +00:00
[dart:html] Update Trusted Types APIs
Closes b/195948578 Modifies Trusted Types APIs to be compliant with the spec in https://w3c.github.io/webappsec-trusted-types/dist/spec/. Change-Id: I65d52ace12342ce777ab596a9dd2e9a3f74b2f05 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/212270 Commit-Queue: Srujan Gaddam <srujzs@google.com> Reviewed-by: Riley Porter <rileyporter@google.com>
This commit is contained in:
parent
b3cb952a69
commit
bda31c2c13
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -78,6 +78,20 @@
|
||||||
- The experimental `waitFor` functionality, and the library containing only that
|
- The experimental `waitFor` functionality, and the library containing only that
|
||||||
function, are now deprecated.
|
function, are now deprecated.
|
||||||
|
|
||||||
|
#### `dart:html`
|
||||||
|
|
||||||
|
- **Breaking Change**: Trusted Types APIs have been updated to comply to the
|
||||||
|
latest [W3C spec]. This includes adding `TrustedScript`, `TrustedScriptURL`,
|
||||||
|
`TrustedTypePolicy`, and `TrustedTypePolicyFactory`, as well as modifying the
|
||||||
|
methods within the types, like removing the now deprecated `escape` and
|
||||||
|
and `unsafelyCreate` methods. These deprecated methods are already unsupported
|
||||||
|
on most modern browsers, so this would simply make them static failures now.
|
||||||
|
Users of the old API are encouraged to use the `TrustedTypePolicy` to create
|
||||||
|
Trusted Types. Please see the [MDN Web Docs] for examples.
|
||||||
|
|
||||||
|
[W3C spec]: https://w3c.github.io/webappsec-trusted-types/dist/spec/
|
||||||
|
[MDN Web Docs]: https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API#interfaces
|
||||||
|
|
||||||
### Tools
|
### Tools
|
||||||
|
|
||||||
#### Dart command line
|
#### Dart command line
|
||||||
|
|
|
@ -3285,6 +3285,45 @@ class Coordinates extends Interceptor {
|
||||||
// for details. All rights reserved. Use of this source code is governed by a
|
// for details. All rights reserved. Use of this source code is governed by a
|
||||||
// BSD-style license that can be found in the LICENSE file.
|
// BSD-style license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
// WARNING: Do not edit - generated code.
|
||||||
|
|
||||||
|
typedef void CreateHtmlCallback(String input,
|
||||||
|
[Object? arg1,
|
||||||
|
Object? arg2,
|
||||||
|
Object? arg3,
|
||||||
|
Object? arg4,
|
||||||
|
Object? arg5,
|
||||||
|
Object? arg6]);
|
||||||
|
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
||||||
|
// for details. All rights reserved. Use of this source code is governed by a
|
||||||
|
// BSD-style license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
// WARNING: Do not edit - generated code.
|
||||||
|
|
||||||
|
typedef void CreateScriptCallback(String input,
|
||||||
|
[Object? arg1,
|
||||||
|
Object? arg2,
|
||||||
|
Object? arg3,
|
||||||
|
Object? arg4,
|
||||||
|
Object? arg5,
|
||||||
|
Object? arg6]);
|
||||||
|
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
||||||
|
// for details. All rights reserved. Use of this source code is governed by a
|
||||||
|
// BSD-style license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
// WARNING: Do not edit - generated code.
|
||||||
|
|
||||||
|
typedef void CreateScriptUrlCallback(String input,
|
||||||
|
[Object? arg1,
|
||||||
|
Object? arg2,
|
||||||
|
Object? arg3,
|
||||||
|
Object? arg4,
|
||||||
|
Object? arg5,
|
||||||
|
Object? arg6]);
|
||||||
|
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
||||||
|
// for details. All rights reserved. Use of this source code is governed by a
|
||||||
|
// BSD-style license that can be found in the LICENSE file.
|
||||||
|
|
||||||
@Native("Credential")
|
@Native("Credential")
|
||||||
class Credential extends Interceptor {
|
class Credential extends Interceptor {
|
||||||
// To suppress missing implicit constructor warnings.
|
// To suppress missing implicit constructor warnings.
|
||||||
|
@ -30691,9 +30730,26 @@ class TrustedHtml extends Interceptor {
|
||||||
throw new UnsupportedError("Not supported");
|
throw new UnsupportedError("Not supported");
|
||||||
}
|
}
|
||||||
|
|
||||||
static TrustedHtml escape(String html) native;
|
@JSName('toJSON')
|
||||||
|
String toJson() native;
|
||||||
|
|
||||||
static TrustedHtml unsafelyCreate(String html) native;
|
String toString() native;
|
||||||
|
}
|
||||||
|
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
||||||
|
// for details. All rights reserved. Use of this source code is governed by a
|
||||||
|
// BSD-style license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
@Native("TrustedScript")
|
||||||
|
class TrustedScript extends Interceptor {
|
||||||
|
// To suppress missing implicit constructor warnings.
|
||||||
|
factory TrustedScript._() {
|
||||||
|
throw new UnsupportedError("Not supported");
|
||||||
|
}
|
||||||
|
|
||||||
|
@JSName('toJSON')
|
||||||
|
String toJson() native;
|
||||||
|
|
||||||
|
String toString() native;
|
||||||
}
|
}
|
||||||
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
||||||
// for details. All rights reserved. Use of this source code is governed by a
|
// for details. All rights reserved. Use of this source code is governed by a
|
||||||
|
@ -30706,7 +30762,94 @@ class TrustedScriptUrl extends Interceptor {
|
||||||
throw new UnsupportedError("Not supported");
|
throw new UnsupportedError("Not supported");
|
||||||
}
|
}
|
||||||
|
|
||||||
static TrustedScriptUrl unsafelyCreate(String url) native;
|
@JSName('toJSON')
|
||||||
|
String toJson() native;
|
||||||
|
|
||||||
|
String toString() native;
|
||||||
|
}
|
||||||
|
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
||||||
|
// for details. All rights reserved. Use of this source code is governed by a
|
||||||
|
// BSD-style license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
@Native("TrustedTypePolicy")
|
||||||
|
class TrustedTypePolicy extends Interceptor {
|
||||||
|
// To suppress missing implicit constructor warnings.
|
||||||
|
factory TrustedTypePolicy._() {
|
||||||
|
throw new UnsupportedError("Not supported");
|
||||||
|
}
|
||||||
|
|
||||||
|
String? get name native;
|
||||||
|
|
||||||
|
@JSName('createHTML')
|
||||||
|
TrustedHtml createHtml(String input,
|
||||||
|
[Object? arg1,
|
||||||
|
Object? arg2,
|
||||||
|
Object? arg3,
|
||||||
|
Object? arg4,
|
||||||
|
Object? arg5,
|
||||||
|
Object? arg6]) native;
|
||||||
|
|
||||||
|
TrustedScript createScript(String input,
|
||||||
|
[Object? arg1,
|
||||||
|
Object? arg2,
|
||||||
|
Object? arg3,
|
||||||
|
Object? arg4,
|
||||||
|
Object? arg5,
|
||||||
|
Object? arg6]) native;
|
||||||
|
|
||||||
|
@JSName('createScriptURL')
|
||||||
|
TrustedScriptUrl createScriptUrl(String input,
|
||||||
|
[Object? arg1,
|
||||||
|
Object? arg2,
|
||||||
|
Object? arg3,
|
||||||
|
Object? arg4,
|
||||||
|
Object? arg5,
|
||||||
|
Object? arg6]) native;
|
||||||
|
}
|
||||||
|
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
||||||
|
// for details. All rights reserved. Use of this source code is governed by a
|
||||||
|
// BSD-style license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
@Native("TrustedTypePolicyFactory")
|
||||||
|
class TrustedTypePolicyFactory extends Interceptor {
|
||||||
|
// To suppress missing implicit constructor warnings.
|
||||||
|
factory TrustedTypePolicyFactory._() {
|
||||||
|
throw new UnsupportedError("Not supported");
|
||||||
|
}
|
||||||
|
|
||||||
|
TrustedTypePolicy? get defaultPolicy native;
|
||||||
|
|
||||||
|
@JSName('emptyHTML')
|
||||||
|
TrustedHtml? get emptyHtml native;
|
||||||
|
|
||||||
|
TrustedScript? get emptyScript native;
|
||||||
|
|
||||||
|
TrustedTypePolicy createPolicy(String policyName, [Map? policyOptions]) {
|
||||||
|
if (policyOptions != null) {
|
||||||
|
var policyOptions_1 = convertDartToNative_Dictionary(policyOptions);
|
||||||
|
return _createPolicy_1(policyName, policyOptions_1);
|
||||||
|
}
|
||||||
|
return _createPolicy_2(policyName);
|
||||||
|
}
|
||||||
|
|
||||||
|
@JSName('createPolicy')
|
||||||
|
TrustedTypePolicy _createPolicy_1(policyName, policyOptions) native;
|
||||||
|
@JSName('createPolicy')
|
||||||
|
TrustedTypePolicy _createPolicy_2(policyName) native;
|
||||||
|
|
||||||
|
String? getAttributeType(String tagName, String attribute,
|
||||||
|
[String? elementNs, String? attrNs]) native;
|
||||||
|
|
||||||
|
String? getPropertyType(String tagName, String property, [String? elementNs])
|
||||||
|
native;
|
||||||
|
|
||||||
|
@JSName('isHTML')
|
||||||
|
bool isHtml(Object value) native;
|
||||||
|
|
||||||
|
bool isScript(Object value) native;
|
||||||
|
|
||||||
|
@JSName('isScriptURL')
|
||||||
|
bool isScriptUrl(Object value) native;
|
||||||
}
|
}
|
||||||
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
||||||
// for details. All rights reserved. Use of this source code is governed by a
|
// for details. All rights reserved. Use of this source code is governed by a
|
||||||
|
@ -32839,6 +32982,8 @@ class Window extends EventTarget
|
||||||
@Returns('Window|=Object')
|
@Returns('Window|=Object')
|
||||||
dynamic get _get_top native;
|
dynamic get _get_top native;
|
||||||
|
|
||||||
|
TrustedTypePolicyFactory? get trustedTypes native;
|
||||||
|
|
||||||
VisualViewport? get visualViewport native;
|
VisualViewport? get visualViewport native;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -5133,6 +5133,18 @@
|
||||||
},
|
},
|
||||||
"support_level": "deprecated"
|
"support_level": "deprecated"
|
||||||
},
|
},
|
||||||
|
"CreateHTMLCallback": {
|
||||||
|
"members": {},
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"CreateScriptCallback": {
|
||||||
|
"members": {},
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"CreateScriptURLCallback": {
|
||||||
|
"members": {},
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
"Credential": {
|
"Credential": {
|
||||||
"members": {
|
"members": {
|
||||||
"avatarURL": {
|
"avatarURL": {
|
||||||
|
@ -22486,20 +22498,92 @@
|
||||||
"escape": {
|
"escape": {
|
||||||
"support_level": "untriaged"
|
"support_level": "untriaged"
|
||||||
},
|
},
|
||||||
|
"toJSON": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"toString": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
"unsafelyCreate": {
|
"unsafelyCreate": {
|
||||||
"support_level": "untriaged"
|
"support_level": "untriaged"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"support_level": "untriaged"
|
"support_level": "untriaged"
|
||||||
},
|
},
|
||||||
|
"TrustedScript": {
|
||||||
|
"members": {
|
||||||
|
"toJSON": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"toString": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
"TrustedScriptURL": {
|
"TrustedScriptURL": {
|
||||||
"members": {
|
"members": {
|
||||||
|
"toJSON": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"toString": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
"unsafelyCreate": {
|
"unsafelyCreate": {
|
||||||
"support_level": "untriaged"
|
"support_level": "untriaged"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"support_level": "untriaged"
|
"support_level": "untriaged"
|
||||||
},
|
},
|
||||||
|
"TrustedTypePolicy": {
|
||||||
|
"members": {
|
||||||
|
"createHTML": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"createScript": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"createScriptURL": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"name": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"TrustedTypePolicyFactory": {
|
||||||
|
"members": {
|
||||||
|
"createPolicy": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"defaultPolicy": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"emptyHTML": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"emptyScript": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"getAttributeType": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"getPropertyType": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"isHTML": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"isScript": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
|
"isScriptURL": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
"TrustedURL": {
|
"TrustedURL": {
|
||||||
"members": {
|
"members": {
|
||||||
"create": {
|
"create": {
|
||||||
|
@ -30731,6 +30815,9 @@
|
||||||
"toString": {},
|
"toString": {},
|
||||||
"toolbar": {},
|
"toolbar": {},
|
||||||
"top": {},
|
"top": {},
|
||||||
|
"trustedTypes": {
|
||||||
|
"support_level": "untriaged"
|
||||||
|
},
|
||||||
"visualViewport": {
|
"visualViewport": {
|
||||||
"support_level": "untriaged"
|
"support_level": "untriaged"
|
||||||
},
|
},
|
||||||
|
|
|
@ -425,6 +425,8 @@ interface Window : EventTarget {
|
||||||
|
|
||||||
[RuntimeEnabled=VisualViewportAPI, Replaceable, SameObject, DartSuppress] readonly attribute VisualViewport visualViewport;
|
[RuntimeEnabled=VisualViewportAPI, Replaceable, SameObject, DartSuppress] readonly attribute VisualViewport visualViewport;
|
||||||
[RuntimeEnabled=VisualViewportAPI, Replaceable, SameObject] readonly attribute VisualViewport? visualViewport;
|
[RuntimeEnabled=VisualViewportAPI, Replaceable, SameObject] readonly attribute VisualViewport? visualViewport;
|
||||||
|
|
||||||
|
readonly attribute TrustedTypePolicyFactory trustedTypes;
|
||||||
};
|
};
|
||||||
|
|
||||||
[DartSupplemental]
|
[DartSupplemental]
|
||||||
|
@ -652,3 +654,109 @@ interface NoncedElement {
|
||||||
// PositionCallback can be used on a deprecated Position object,
|
// PositionCallback can be used on a deprecated Position object,
|
||||||
// a GeolocationPosition object, or a Firefox-specific object.
|
// a GeolocationPosition object, or a Firefox-specific object.
|
||||||
callback PositionCallback = void(object position);
|
callback PositionCallback = void(object position);
|
||||||
|
|
||||||
|
interface TrustedHTML {
|
||||||
|
DOMString toString();
|
||||||
|
DOMString toJSON();
|
||||||
|
|
||||||
|
// Deprecated methods.
|
||||||
|
[DartSuppress] static TrustedHTML escape(DOMString html);
|
||||||
|
[DartSuppress] static TrustedHTML unsafelyCreate(DOMString html);
|
||||||
|
};
|
||||||
|
|
||||||
|
interface TrustedScript {
|
||||||
|
DOMString toString();
|
||||||
|
DOMString toJSON();
|
||||||
|
};
|
||||||
|
|
||||||
|
interface TrustedScriptURL {
|
||||||
|
USVString toString();
|
||||||
|
USVString toJSON();
|
||||||
|
|
||||||
|
// Deprecated methods.
|
||||||
|
[DartSuppress] static TrustedScriptURL unsafelyCreate(DOMString url);
|
||||||
|
};
|
||||||
|
|
||||||
|
[Exposed=(Window,Worker)]
|
||||||
|
interface TrustedTypePolicyFactory {
|
||||||
|
TrustedTypePolicy createPolicy(
|
||||||
|
DOMString policyName, optional TrustedTypePolicyOptions policyOptions);
|
||||||
|
boolean isHTML(any value);
|
||||||
|
boolean isScript(any value);
|
||||||
|
boolean isScriptURL(any value);
|
||||||
|
readonly attribute TrustedHTML emptyHTML;
|
||||||
|
readonly attribute TrustedScript emptyScript;
|
||||||
|
DOMString? getAttributeType(
|
||||||
|
DOMString tagName,
|
||||||
|
DOMString attribute,
|
||||||
|
optional DOMString elementNs = "",
|
||||||
|
optional DOMString attrNs = "");
|
||||||
|
DOMString? getPropertyType(
|
||||||
|
DOMString tagName,
|
||||||
|
DOMString property,
|
||||||
|
optional DOMString elementNs = "");
|
||||||
|
readonly attribute TrustedTypePolicy? defaultPolicy;
|
||||||
|
};
|
||||||
|
|
||||||
|
dictionary TrustedTypePolicyOptions {
|
||||||
|
CreateHTMLCallback? createHTML;
|
||||||
|
CreateScriptCallback? createScript;
|
||||||
|
CreateScriptURLCallback? createScriptURL;
|
||||||
|
};
|
||||||
|
|
||||||
|
interface TrustedTypePolicy {
|
||||||
|
readonly attribute DOMString name;
|
||||||
|
// Dart doesn't support variadic arguments, so support up to 6 args.
|
||||||
|
// The alternative would be to use a list, which supports an arbitrary amount
|
||||||
|
// of args, but only works if the callback this policy was instantiated with
|
||||||
|
// accepts a list instead of a number of args.
|
||||||
|
TrustedHTML createHTML(
|
||||||
|
DOMString input,
|
||||||
|
optional any arg1,
|
||||||
|
optional any arg2,
|
||||||
|
optional any arg3,
|
||||||
|
optional any arg4,
|
||||||
|
optional any arg5,
|
||||||
|
optional any arg6);
|
||||||
|
TrustedScript createScript(
|
||||||
|
DOMString input,
|
||||||
|
optional any arg1,
|
||||||
|
optional any arg2,
|
||||||
|
optional any arg3,
|
||||||
|
optional any arg4,
|
||||||
|
optional any arg5,
|
||||||
|
optional any arg6);
|
||||||
|
TrustedScriptURL createScriptURL(
|
||||||
|
DOMString input,
|
||||||
|
optional any arg1,
|
||||||
|
optional any arg2,
|
||||||
|
optional any arg3,
|
||||||
|
optional any arg4,
|
||||||
|
optional any arg5,
|
||||||
|
optional any arg6);
|
||||||
|
};
|
||||||
|
|
||||||
|
callback CreateHTMLCallback = DOMString (
|
||||||
|
DOMString input,
|
||||||
|
optional any arg1,
|
||||||
|
optional any arg2,
|
||||||
|
optional any arg3,
|
||||||
|
optional any arg4,
|
||||||
|
optional any arg5,
|
||||||
|
optional any arg6);
|
||||||
|
callback CreateScriptCallback = DOMString (
|
||||||
|
DOMString input,
|
||||||
|
optional any arg1,
|
||||||
|
optional any arg2,
|
||||||
|
optional any arg3,
|
||||||
|
optional any arg4,
|
||||||
|
optional any arg5,
|
||||||
|
optional any arg6);
|
||||||
|
callback CreateScriptURLCallback = USVString (
|
||||||
|
DOMString input,
|
||||||
|
optional any arg1,
|
||||||
|
optional any arg2,
|
||||||
|
optional any arg3,
|
||||||
|
optional any arg4,
|
||||||
|
optional any arg5,
|
||||||
|
optional any arg6);
|
||||||
|
|
Loading…
Reference in a new issue