1986632 - Trusted Types policies should not apply to isolated WebExtension content scripts - part 2

Status: RESOLVED FIXED

(Core :: DOM: Security, task)

Description

[Frédéric Wang (:fredw)]

We make some effort to exempt extensions from page CSPs (bug 1267027), we should consider doing the same for Trusted Types, otherwise pages could unduly restrict the functionality of extensions.

This is a follow-up of bug 1947732, it seems some cases where we still pass a null principal to GetTrustedTypesCompliantString:

find dom -type f | xargs grep -A3 GetTrustedTypesCompliantString | grep -B3 nullptr
dom/security/trusted-types/TrustedTypeUtils.cpp-                                             const nsINode& aNode,
--
dom/security/trusted-types/TrustedTypeUtils.cpp:  return GetTrustedTypesCompliantString<TrustedHTML>(
dom/security/trusted-types/TrustedTypeUtils.cpp-      &aInput, aSink, aSinkGroup, aNode, nullptr, aResultHolder, aError);
--
dom/security/trusted-types/TrustedTypeUtils.cpp-    const nsAString& aSinkGroup, nsIGlobalObject& aGlobalObject,
dom/security/trusted-types/TrustedTypeUtils.cpp-    Maybe<nsAutoString>& aResultHolder, ErrorResult& aError) {
dom/security/trusted-types/TrustedTypeUtils.cpp:  return GetTrustedTypesCompliantString<TrustedScript>(
dom/security/trusted-types/TrustedTypeUtils.cpp-      &aInput, aSink, aSinkGroup, aGlobalObject, nullptr, aResultHolder,
--
dom/security/trusted-types/TrustedTypeUtils.cpp-    const nsAString& aSinkGroup, const nsINode& aNode,
dom/security/trusted-types/TrustedTypeUtils.cpp-    Maybe<nsAutoString>& aResultHolder, ErrorResult& aError) {
dom/security/trusted-types/TrustedTypeUtils.cpp:  return GetTrustedTypesCompliantString<TrustedScript>(
dom/security/trusted-types/TrustedTypeUtils.cpp-      &aInput, aSink, aSinkGroup, aNode, nullptr, aResultHolder, aError);
--
--
dom/workers/WorkerScope.cpp:          TrustedTypeUtils::GetTrustedTypesCompliantString(
dom/workers/WorkerScope.cpp-              scriptURL, sink, kTrustedTypesOnlySinkGroup, *pinnedGlobal,
dom/workers/WorkerScope.cpp-              nullptr, compliantStringHolder, aRv);

So they are:

• importScript: https://searchfox.org/firefox-main/rev/8a50d94240fb8f312d8b061a425ff0755bcbaac4/dom/workers/WorkerScope.cpp#674
• write/writeln: https://searchfox.org/firefox-main/rev/e02959386f6f89c1476edba10b3902f4e4f3ed4c/dom/security/trusted-types/TrustedTypeUtils.cpp#598
• eval/new Function: https://searchfox.org/firefox-main/rev/e02959386f6f89c1476edba10b3902f4e4f3ed4c/dom/security/trusted-types/TrustedTypeUtils.cpp#598
• script enforcement (https://phabricator.services.mozilla.com/D246745)

Comment 1

[Frédéric Wang (:fredw)]

Attachment: geckoview-crash.jpg

Comment 2

[Frédéric Wang (:fredw)]

Attachment: Bug 1986632 - Exempt (isolated) WebExtension content scripts from trusted types policies. r?smaug!,#extension-reviewers!

This is a follow-up of bug 1947732, covering the remaining Trusted Types checks:

• Document.write/writeln
• WorkerGlobalScope.importScripts
• eval and new Functions
• script enforcement
• pre-navigation check

Comment 3

[Frédéric Wang (:fredw)]

https://treeherder.mozilla.org/jobs?repo=try&selectedTaskRun=bkD-wbe9QEO3szL9atg5Ew.0&revision=b3f31aa69513bfdcde9fe7e81eda1c2d369fff37

Comment 4

[Frédéric Wang (:fredw)]

Attachment: WIP: Bug 1986632 - More tests to test_ext_contentscript_trustedtypes.js

Comment 5

[Frédéric Wang (:fredw)]

https://treeherder.mozilla.org/jobs?repo=try&landoCommitID=155169

Comment 6

[Pulsebot]

Pushed by fwang@igalia.com:
https://github.com/mozilla-firefox/firefox/commit/9a0ef0f5ea5e
https://hg.mozilla.org/integration/autoland/rev/80785b6e96ad
Exempt (isolated) WebExtension content scripts from trusted types policies. r=smaug,webidl,robwu,dom-worker-reviewers,asuth

Comment 7

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/80785b6e96ad