Only clip CSP createPolicy violation sample once.

fred-wang · moz-wptsync-bot · commit bd675eac2218 · 2025-03-30T08:18:23.000+01:00
This avoids double clipping and changes behavior for strings with surrogate pairs, aligning with what we currently do for other CSP violation reports. Differential Revision: https://phabricator.services.mozilla.com/D243400 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1937564 gecko-commit: 6b6543ba75a8cc8151e6dbf34068d7b89fff5042 gecko-reviewers: smaug
diff --git a/trusted-types/trusted-types-reporting-clipping-of-sample.html b/trusted-types/trusted-types-reporting-clipping-of-sample.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<meta charset="UTF-8">
+<script src="/resources/testharness.js" ></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="./support/csp-violations.js"></script>
+<meta http-equiv="Content-Security-Policy" content="trusted-types 'none'">
+<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+<meta http-equiv="Content-Security-Policy" content="connect-src 'none'">
+<body>
+<script>
+  const clippedSampleLength = 40;
+  [
+    // Strings with ASCII characters.
+    'A'.repeat(clippedSampleLength - 1),
+    'B'.repeat(clippedSampleLength),
+    'C'.repeat(clippedSampleLength + 1),
+
+    // Strings with non-ASCII BMP characters.
+    'Ð'.repeat(clippedSampleLength - 1),
+    'É'.repeat(clippedSampleLength),
+    '℉'.repeat(clippedSampleLength + 1),
+  ].forEach(input => {
+    promise_test(async t => {
+      let violation = await trusted_type_violation_for(TypeError, _ =>
+        window.trustedTypes.createPolicy(input, { createHTML: s => s } )
+      );
+      assert_equals(violation.originalPolicy, "trusted-types 'none'");
+      assert_equals(violation.sample, clipSampleIfNeeded(input));
+    }, `Clipping of violation sample for createPolicy(${input})`);
+
+    promise_test(async t => {
+      let violation = await trusted_type_violation_for(TypeError, _ =>
+        document.createElement("div").innerHTML = input
+      );
+      assert_equals(violation.originalPolicy, "require-trusted-types-for 'script'");
+      assert_equals(violation.sample, `Element innerHTML|${clipSampleIfNeeded(input)}`);
+    }, `Clipping of violation sample for Element.innerHTML = "${input}"`);
+  });
+</script>
diff --git a/trusted-types/trusted-types-reporting-clipping-of-sample.tentative.html b/trusted-types/trusted-types-reporting-clipping-of-sample.tentative.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<meta charset="UTF-8">
+<script src="/resources/testharness.js" ></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="./support/csp-violations.js"></script>
+<meta http-equiv="Content-Security-Policy" content="trusted-types 'none'">
+<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+<meta http-equiv="Content-Security-Policy" content="connect-src 'none'">
+<body>
+<script>
+  const clippedSampleLength = 40;
+  const inputAndClippedInput = [
+    // Strings with surrogate pairs
+    // We use Firefox's behavior as expectations i.e. clip the source as UTF-16
+    // string of length 40 ; or of length 41 if the last character is a
+    // surrogate pair). See https://github.com/w3c/webappsec-csp/issues/704
+    ['𝐆'.repeat(clippedSampleLength / 2), '𝐆'.repeat(clippedSampleLength / 2)],
+    [`H${'𝐇'.repeat(clippedSampleLength / 2)}`, `H${'𝐇'.repeat(clippedSampleLength / 2)}`],
+    [`${'𝐈'.repeat(clippedSampleLength / 2)}I`, `${'𝐈'.repeat(clippedSampleLength / 2)}`],
+    ['𝐉'.repeat(clippedSampleLength / 2 + 1), '𝐉'.repeat(clippedSampleLength / 2)],
+  ];
+
+  for (const [input, clippedInput] of inputAndClippedInput) {
+    promise_test(async t => {
+      let violation = await trusted_type_violation_for(TypeError, _ =>
+        window.trustedTypes.createPolicy(input, { createHTML: s => s } )
+      );
+      assert_equals(violation.originalPolicy, "trusted-types 'none'");
+      assert_equals(violation.sample, clippedInput);
+    }, `Clipping of violation sample for createPolicy(${input})`);
+
+    promise_test(async t => {
+      let violation = await trusted_type_violation_for(TypeError, _ =>
+        document.createElement("div").innerHTML = input
+      );
+      assert_equals(violation.originalPolicy, "require-trusted-types-for 'script'");
+      assert_equals(violation.sample, `Element innerHTML|${clippedInput}`);
+    }, `Clipping of violation sample for Element.innerHTML = "${input}"`);
+  }
+</script>
