Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CreateXXX as specced can return null values but not marked as such in IDL #414

Closed
lukewarlow opened this issue Jan 23, 2024 · 4 comments · Fixed by #420
Closed

CreateXXX as specced can return null values but not marked as such in IDL #414

lukewarlow opened this issue Jan 23, 2024 · 4 comments · Fixed by #420
Milestone
v1

Comments

@lukewarlow
Copy link
Member

https://w3c.github.io/trusted-types/dist/spec/#create-a-trusted-type-algorithm - returns null or undefined if that's what the default policies functions return and the default policy is being invoked.

But CreateXXX functions on TrustedTypePolicy are marked as returning TrustedHTML without any optionality.

Chromium doesn't ever seem to return null in this case either so I'm slightly confused.
@koto
Copy link
Member

koto commented Jan 23, 2024

Good catch again! I think this was lost in one of the refactorings. The behaviour we want is:

  • createXYZ return a trusted type, or throw. The result value is wrapped in a matching type, so
    trustedTypes.createPolicy('default', {createHTML: () => null}).createHTML('foo') is a TrustedHTML wrapping ''.
  • when the default policy inner functions (the createXYZ ones defined by the user, held in [[options]] slot) return null or undefined, this rejects the value and in turn creates a CSP violation (https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-compliant-string-algorithm step 6).

The spec currently doesn't follow that.

I think the best course of action would be to:

  1. Add an additional argument to Create a Trusted Type (e.g. abort on null or undefined?). Only when this flag is present, the null/undefined would be passed to a caller and not be promoted to a Trusted Type in step 6.
  2. Process value with a default policy and only this algorithm sets the flag.

Alternatively, inline the null/undefined-supporting variant of Create a Trusted Type into Process value with a default policy?

@mbrodesser-Igalia mbrodesser-Igalia added this to the v1 milestone Jan 24, 2024
@koto koto mentioned this issue Jan 24, 2024
Open
@lukewarlow
Copy link
Member Author

lukewarlow commented Jan 24, 2024
edited
Loading

I'm thinking potentially a separate algorithm that returns the raw response from the callback, which the Create a Trusted Type algorithm then wraps in a trusted type. and the default policy algorithm can call the version which returns the raw value and act accordingly?

That's how I'd implement this myself so makes sense for the spec to match.

That way we can also update the default policy handling to do more in future if we wanted extra behaviour.

@koto
Copy link
Member

koto commented Jan 24, 2024

That also works :)

@lukewarlow lukewarlow mentioned this issue Jan 24, 2024
Merged
@lukewarlow
Copy link
Member Author

I've extracted a new "Get Trusted Type policy value" algorithm and moved the stringify and null handling to the respective places in #420 this should fix this issue.

@koto koto closed this as completed in #420 Jan 24, 2024
@mbrodesser-Igalia mbrodesser-Igalia mentioned this issue Jun 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1
Development

Successfully merging a pull request may close this issue.

Extract Get Trusted Type policy value algorithm lukewarlow/trusted-types
3 participants
@koto @lukewarlow @mbrodesser-Igalia