In bug 909168, we implemented a fast-path for injection sinks when trusted types aren't used, essentially an early return of the (stringified) input. However, because GetTrustedTypesCompliant* functions could theoretically execute scripts when calling the default policy callback, we may need to store strong references to arguments before calling this function, which may add some overhead. And the function call can be some overhead too. This can be undesired in hot code such as innerHTML setter. Maybe we could introduce TryExtractTrustedTypesCompliant* functions, which will do the same early return of the (stringified) input in the cases when that's possible, and return a nullptr otherwise. These functions could be marked inline to avoid the overhead of the function call. So the pattern for hot code path would become: ``` compliantString = TryExtractTrustedTypesCompliant(...) if (!compliantString) { maybe-store-strong-references-to-arguments; compliantString = GetTrustedTypesCompliant(...); } ``` I don't know if we want this pattern everywhere (that could be more code) but if so, probably GetTrustedTypesCompliant* could assert on !TryExtractTrustedTypesCompliant(...). Otherwise, it could just rely on TryExtractTrustedTypesCompliant(...) for its early return.
Bug 1945421 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
In bug 1909168, we implemented a fast-path for injection sinks when trusted types aren't used, essentially an early return of the (stringified) input. However, because GetTrustedTypesCompliant* functions could theoretically execute scripts when calling the default policy callback, we may need to store strong references to arguments before calling this function, which may add some overhead. And the function call can be some overhead too. This can be undesired in hot code such as innerHTML setter. Maybe we could introduce TryExtractTrustedTypesCompliant* functions, which will do the same early return of the (stringified) input in the cases when that's possible, and return a nullptr otherwise. These functions could be marked inline to avoid the overhead of the function call. So the pattern for hot code path would become: ``` compliantString = TryExtractTrustedTypesCompliant(...) if (!compliantString) { maybe-store-strong-references-to-arguments; compliantString = GetTrustedTypesCompliant(...); } ``` I don't know if we want this pattern everywhere (that could be more code) but if so, probably GetTrustedTypesCompliant* could assert on !TryExtractTrustedTypesCompliant(...). Otherwise, it could just rely on TryExtractTrustedTypesCompliant(...) for its early return.