Closed Bug 1925468 Opened 1 year ago Closed 1 year ago

Implement Trusted Type support for setAttribute/setAttributeNS

Categories

(Core :: DOM: Security, task)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
135 Branch
Tracking Flags:
Tracking Status
firefox135 --- fixed

People

(Reporter: fredw, Assigned: fredw)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [domsecurity-backlog], [wptsync upstream])

Attachments

(5 files)

set-event-handler-attribute-with-trusted-script-policy.html
686 bytes, text/html
Details
Bug 1925468 - Factor out "Get Trusted Type Data For Attribute". r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1925468 - Extend and improve modify-attributes-in-callback.html. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
setAttribute testcase for profiling
1.95 KB, text/html
Details

See attached testcase.

IIUC this corresponds to this PR to the DOM spec for setAttribute/setAttributeNS as well as the following sections from the trusted type spec.

https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation
https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute

This is also at least making the following tests fail:

trusted-types/trusted-types-event-handlers.html (see testing/web-platform/meta/trusted-types/trusted-types-event-handlers.html.ini)
trusted-types/TrustedTypePolicyFactory-metadata.tentative.html (failure shows up after implementing getAttributeType in bug 1917783)

Severity: -- → N/A
Type: defect → task
Whiteboard: [domsecurity-backlog]
Blocks: 1916957
Assignee: nobody → fwang
Depends on: 1928318

Updating title, event handler content attribute are only one case.

In general, setAttribute/setAttributeNS should handle all attributes mentioned on https://w3c.github.io/trusted-types/dist/spec/#abstract-opdef-get-trusted-type-data-for-attribute

Similar logic is implemented in TrustedTypePolicyFactory::GetAttributeType and we should make sure to share code as much as possible.

Summary: Setting event handler attributes should require a TrustedScript when enforcing trusted types for scripts → Implement Trusted Type support for setAttribute/setAttributeNS

This patch introduces TrustedTypeUtils::GetTrustedTypeDataForAttribute
to implement the corresponding algorithm from the spec:
https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-data-for-attribute

It is currently only used by TrustedTypePolicyFactory::GetAttributeType
but "Get Trusted Types-compliant attribute value" will use it to when
we implement trusted types for setAttribute/setAttributeNS.
https://w3c.github.io/trusted-types/dist/spec/#validate-attribute-mutation

Attachment #9435315 - Attachment description: WIP: Bug 1925468 - Factor out "Get Trusted Type Data For Attribute". r=smaug → Bug 1925468 - Factor out "Get Trusted Type Data For Attribute". r=smaug
Attachment #9435345 - Attachment description: WIP: Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug → Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug
Attachment #9435315 - Attachment description: Bug 1925468 - Factor out "Get Trusted Type Data For Attribute". r=smaug → WIP: Bug 1925468 - Factor out "Get Trusted Type Data For Attribute". r=smaug
Attachment #9435345 - Attachment description: Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug → WIP: Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug
Attachment #9435315 - Attachment description: WIP: Bug 1925468 - Factor out "Get Trusted Type Data For Attribute". r=smaug → Bug 1925468 - Factor out "Get Trusted Type Data For Attribute". r=smaug
Attachment #9435345 - Attachment description: WIP: Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug → Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug
Attachment #9435345 - Attachment description: Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug → WIP: Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug
  • Use cleanup functions to guarantee the state of the DOM tree before
    each test.
  • Make more explicit why the length of the div's attribute list is
    expected to be 2.
  • Add 2 tests for https://g-issues.chromium.org/issues/333739948
    using setAttributeNS instead of setAttribute.
Attachment #9435345 - Attachment description: WIP: Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug → Bug 1925468 - Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug

Attached is a basic performance test for profiling purpose:

  • It sets attribute via setAttribute and setAttributeNS.
  • These calls perform attaching a new attribute and then modifying its value.
  • It tries attributes for which GetTrustedTypeDataForAttribute returns false (title) and true (onclick).
  • It can test DOM mutation in either window.document or a "data" document.

These are the profiling results for attachment 9437631 [details] with 0.01ms sampling interval:

I believe things look as expected:

  • The call to the "string" version of Element::SetAttribute from the "trusted type" version does not show up on the flame graph, thanks to the nsMutationGuard.

  • For the two first profiles, the call to GetTrustedTypesCompliantAttributeValue does not show up either when filtering for SetAttribute. When filtering for GetTrustedTypesCompliantAttributeValue, we see that it exits early as expected ; we get no results when filtering for GetTrustedTypeDataForAttribute or GetTrustedTypesCompliantString.

  • For the third profile, the call to GetTrustedTypesCompliantAttributeValue shows up on the flame graph when filtering for SetAttribute. Filtering for GetTrustedTypesCompliantAttributeValue, it is essentially spending time in GetTrustedTypeDataForAttribute (IsEventAttributeName doing a map lookup) and GetTrustedTypesCompliantString (retrieving the global window object). We get no results when filtering for GetScp or DoesSinkTypeRequireTrustedTypes, as previously tested for innerHTML.

  • For the fourth profile, the call to GetTrustedTypesCompliantAttributeValue does not show up either when filtering for SetAttribute. When filtering for GetTrustedTypesCompliantAttributeValue, we see that it exits early after the GetTrustedTypeDataForAttribute call (IsEventAttributeName exits early without map lookup) ; we get no results when filtering for GetTrustedTypesCompliantString.

Status: NEW → ASSIGNED

@smaug: I'm setting the needinfo flag, so you can take a look whenever you have time:

  1. Review the stack at https://lando.services.mozilla.com/D227943 ; they are all approved but would be good to take a look now that things moved to C++ templates.

  2. Check profiling results (comment 7)

  3. Check try perf results (comment 8 and comment 9)

I plan to land the patches one bug at a time, but won't do it until I get your feedback on these points.

Flags: needinfo?(smaug)

I'm not seeing any difference in https://treeherder.mozilla.org/perfherder/comparesubtest?originalProject=try&originalRevision=e9a124617383f6f84e987c5e91bbcab5b4033c83&newProject=try&newRevision=91dc606f59b35aeda8987ed705a92c8d7ffd8f0e&framework=13&originalSignature=5131097&newSignature=5131097&page=1&replicates=1&showOnlyImportant=1

That is showing only "important changes".

(need to still use the older perfherder to get links to share)

So I think sp3 looks good.

Comment 7 shows that you have a11y enabled? That slows down things quite a bit.
But the setAttribute method itself looks reasonable. Thanks for testing.

Flags: needinfo?(smaug)

(In reply to Olli Pettay [:smaug][bugs@pettay.fi] from comment #11)

Comment 7 shows that you have a11y enabled? That slows down things quite a bit.

Thanks for checking. Mmh, I'm not sure what's happening with these mozilla::a11y::EventQueue events, I don't think I have a11y enabled.

about:support should tell if a11y is enabled.

(but that is unrelated to this bug, though I guess the new code might show up in the profiles in a bit different ways if a11y wasn't enabled)

Yes, it seems to be enabled. Setting accessibility.force_disabled=1 works around that, although I'm not sure this is supposed to be necessary. anyway, as you said that's unrelated to that bug.

Blocks: 1932813
Pushed by fwang@igalia.com: https://hg.mozilla.org/integration/autoland/rev/0efe13efdebc Factor out "Get Trusted Type Data For Attribute". r=smaug https://hg.mozilla.org/integration/autoland/rev/37b01d6a0d0d Extend and improve modify-attributes-in-callback.html. r=smaug https://hg.mozilla.org/integration/autoland/rev/db598441827d Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/49394 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog], [wptsync upstream]

Backed out for causing multiple failures.

Flags: needinfo?(fwang)
Upstream PR was closed without merging

(In reply to Serban Stanca [:SerbanS] from comment #17)

It seems some platforms believe there is reachable code after the switch() statements, and Android passes more tests.

Flags: needinfo?(fwang)
Pushed by fwang@igalia.com: https://hg.mozilla.org/integration/autoland/rev/d0f1354e4993 Factor out "Get Trusted Type Data For Attribute". r=smaug https://hg.mozilla.org/integration/autoland/rev/094b1d5348ab Extend and improve modify-attributes-in-callback.html. r=smaug https://hg.mozilla.org/integration/autoland/rev/eb723beab1df Implement Trusted Type support for setAttribute/setAttributeNS. r=smaug
Upstream PR merged by moz-wptsync-bot

https://hg.mozilla.org/mozilla-central/rev/d0f1354e4993
https://hg.mozilla.org/mozilla-central/rev/094b1d5348ab
https://hg.mozilla.org/mozilla-central/rev/eb723beab1df

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox135: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 135 Branch
Regressions: 1934250
Blocks: 1936014
Blocks: 1941005
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: