Bug 1935434 Implement forgiving parsing for trusted-types CSP directive. r=smaug

fred-wang · fred-wang · commit b35c2cb921af · 2025-03-28T12:15:24.000Z
Currently, we just discard the whole directive if an invalid token is found. With this patch, we instead ignore such a token. Also improves tests in should-trusted-type-policy-creation-be-blocked-by-csp-002.html so that we really check that the original trusted-types directive is preserved after serialization. See w3c/webappsec-csp#363 (comment) Differential Revision: https://phabricator.services.mozilla.com/D243358
diff --git a/dom/security/nsCSPParser.cpp b/dom/security/nsCSPParser.cpp
@@ -975,14 +975,10 @@ void nsCSPParser::handleTrustedTypesDirective(nsCSPDirective* aDir) {
           new nsCSPTrustedTypesDirectivePolicyName(mCurToken));
     } else {
       AutoTArray<nsString, 1> token = {mCurToken};
-      logWarningErrorToConsole(nsIScriptError::errorFlag,
+      logWarningErrorToConsole(nsIScriptError::warningFlag,
                                "invalidTrustedTypesExpression", token);
-
-      for (auto* trustedTypeExpression : trustedTypesExpressions) {
-        delete trustedTypeExpression;
-      }
-
-      return;
+      trustedTypesExpressions.AppendElement(
+          new nsCSPTrustedTypesDirectiveInvalidToken(mCurToken));
     }
   }
 
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
@@ -1085,6 +1085,24 @@ void nsCSPTrustedTypesDirectivePolicyName::toString(nsAString& aOutStr) const {
   aOutStr.Append(mName);
 }
 
+/* =============== nsCSPTrustedTypesDirectiveInvalidToken =============== */
+
+nsCSPTrustedTypesDirectiveInvalidToken::nsCSPTrustedTypesDirectiveInvalidToken(
+    const nsAString& aInvalidToken)
+    : mInvalidToken{aInvalidToken} {}
+
+bool nsCSPTrustedTypesDirectiveInvalidToken::visit(
+    nsCSPSrcVisitor* aVisitor) const {
+  MOZ_ASSERT_UNREACHABLE(
+      "Should only be called for other overloads of this method.");
+  return false;
+}
+
+void nsCSPTrustedTypesDirectiveInvalidToken::toString(
+    nsAString& aOutStr) const {
+  aOutStr.Append(mInvalidToken);
+}
+
 /* ===== nsCSPDirective ====================== */
 
 nsCSPDirective::nsCSPDirective(CSPDirective aDirective) {
diff --git a/dom/security/nsCSPUtils.h b/dom/security/nsCSPUtils.h
@@ -437,6 +437,19 @@ class nsCSPTrustedTypesDirectivePolicyName : public nsCSPBaseSrc {
   const nsString mName;
 };
 
+class nsCSPTrustedTypesDirectiveInvalidToken : public nsCSPBaseSrc {
+ public:
+  explicit nsCSPTrustedTypesDirectiveInvalidToken(
+      const nsAString& aInvalidToken);
+  virtual ~nsCSPTrustedTypesDirectiveInvalidToken() = default;
+
+  bool visit(nsCSPSrcVisitor* aVisitor) const override;
+  void toString(nsAString& aOutStr) const override;
+
+ private:
+  const nsString mInvalidToken;
+};
+
 /* =============== nsCSPSrcVisitor ================== */
 
 class nsCSPSrcVisitor {
diff --git a/testing/web-platform/meta/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-002.html.ini b/testing/web-platform/meta/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-002.html.ini
@@ -1,21 +1,6 @@
 [should-trusted-type-policy-creation-be-blocked-by-csp-002.html]
-  [invalid tt-policy-name name "policy*name"]
-    expected: FAIL
-
-  [invalid tt-policy-name name "policy$name"]
-    expected: FAIL
-
-  [invalid tt-policy-name name "policy?name"]
-    expected: FAIL
-
-  [invalid tt-policy-name name "policy!name"]
-    expected: FAIL
-
   [invalid tt-policy-name name "política"]
     expected: FAIL
 
   [directive "trusted-type _TTP1_%09_TTP2_%0A_TTP3_%0C_TTP4_%0D_TTP5_%20_TTP6_" (required-ascii-whitespace)]
     expected: FAIL
-
-  [invalid directive "trusted-type _TTP" (no ascii whitespace)]
-    expected: FAIL
diff --git a/testing/web-platform/tests/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-002.html b/testing/web-platform/tests/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-002.html
@@ -64,6 +64,8 @@
       // https://w3c.github.io/trusted-types/dist/spec/#should-block-create-policy
       assert_true(results[0].exception instanceof TypeError, "createPolicy() should throw a TypeError.");
       assert_equals(results[0].violatedPolicies.length, 1, "createPolicy() should trigger a violation report.");
+      assert_equals(results[0].violatedPolicies[0].disposition, "enforce");
+      assert_equals(results[0].violatedPolicies[0].policy, `trusted-types ${trustedTypePolicyName}`);
     }, `invalid tt-policy-name name "${trustedTypePolicyName}"`);
   });
 
@@ -91,5 +93,7 @@
     assert_equals(results.length, 1);
     assert_true(results[0].exception instanceof TypeError);
     assert_equals(results[0].violatedPolicies.length, 1);
+    assert_equals(results[0].violatedPolicies[0].disposition, "enforce");
+    assert_equals(results[0].violatedPolicies[0].policy, `trusted-types _TTP_*`);
   }, `invalid directive "trusted-type _TTP" (no ascii whitespace)`);
 </script>
