1913077 - Chapter 2: implement Trusted Types support for `Element.insertAdjacentHTML` without default-policy support without reporting violations

Status: RESOLVED FIXED

(Core :: DOM: Security, task, P3)

Description

[Mirko Brodesser (:mbrodesser-Igalia)]

Separate ticket for release-tracking purposes.

Comment 1

[Mirko Brodesser (:mbrodesser-Igalia)]

Attachment: Bug 1913077: part 1) Add `nsCSPPolicy::AreTrustedTypesForSinkGroupRequired`. r=tschuster

To be used in a following part.

If nsCSPDirective::AreTrustedTypesForSinkGroupRequired turns out to be
to ineffcient, release builds could simply return mDirective == REQUIRE_TRUSTED_TYPES_FOR_DIRECTIVE since there's currently only one
sink group ("script"). nsCSPParser adds the directive for
REQUIRE_TRUSTED_TYPES_FOR_DIRECTIVE only if that sink group is parsed
too.

Comment 2

[Mirko Brodesser (:mbrodesser-Igalia)]

Attachment: Bug 1913077: part 2) Add `TrustedHTML` to `Element.insertAdjacentHTML`. r=smaug,peterv!

For a potential performance-improvement see
https://phabricator.services.mozilla.com/D216304's description.

Comment 3

[Pulsebot]

Pushed by mbrodesser@igalia.com:
https://hg.mozilla.org/integration/autoland/rev/ac3ff66c5cbe
part 1) Add `nsCSPPolicy::AreTrustedTypesForSinkGroupRequired`. r=tschuster
https://hg.mozilla.org/integration/autoland/rev/b137fd6f1c22
part 2) Add `TrustedHTML` to `Element.insertAdjacentHTML`. r=smaug,peterv

Comment 4

[tszentpeteri]

https://hg.mozilla.org/mozilla-central/rev/ac3ff66c5cbe
https://hg.mozilla.org/mozilla-central/rev/b137fd6f1c22