Skip to content

Commit fe42c21

Browse files
williewillusfacebook-github-bot
williewillus
authored and
facebook-github-bot
committed
Add TrustedTypes sink annotations to bom.js and dom.js
Summary: As a follow up to D46007012, this diff modifies the type declarations of XSS DOM sinks to accept Trusted Type objects as well. Annoyingly, the spec does not fully enumerate the list of sensitive surfaces. I took some hints from microsoft/TypeScript-DOM-lib-generator#1246 and manual inspection, but left out some of the more ambiguous hints. Changelog: [new] Updated dom libdefs to allow Trusted Type objects Reviewed By: SamChou19815 Differential Revision: D46085621 fbshipit-source-id: d10bf667849560319ad69edc639090a9ddd35f9f
1 parent 5555259 commit fe42c21

File tree

7 files changed

+626
-490
lines changed

7 files changed

+626
-490
lines changed

lib/bom.js

+6-6
Original file line numberDiff line numberDiff line change
@@ -571,7 +571,7 @@ declare var location: Location;
571571
///////////////////////////////////////////////////////////////////////////////
572572

573573
declare class DOMParser {
574-
parseFromString(source: string, mimeType: string): Document;
574+
parseFromString(source: string | TrustedHTML, mimeType: string): Document;
575575
}
576576

577577
type FormDataEntryValue = string | File
@@ -836,7 +836,7 @@ type WorkerOptions = {
836836
}
837837

838838
declare class Worker extends EventTarget {
839-
constructor(stringUrl: string, workerOptions?: WorkerOptions): void;
839+
constructor(stringUrl: string | TrustedScriptURL, workerOptions?: WorkerOptions): void;
840840
onerror: null | (ev: any) => mixed;
841841
onmessage: null | (ev: MessageEvent) => mixed;
842842
onmessageerror: null | (ev: MessageEvent) => mixed;
@@ -845,20 +845,20 @@ declare class Worker extends EventTarget {
845845
}
846846

847847
declare class SharedWorker extends EventTarget {
848-
constructor(stringUrl: string, name?: string): void;
849-
constructor(stringUrl: string, workerOptions?: WorkerOptions): void;
848+
constructor(stringUrl: string | TrustedScriptURL, name?: string): void;
849+
constructor(stringUrl: string | TrustedScriptURL, workerOptions?: WorkerOptions): void;
850850
port: MessagePort;
851851
onerror: (ev: any) => mixed;
852852
}
853853

854-
declare function importScripts(...urls: Array<string>): void;
854+
declare function importScripts(...urls: Array<string | TrustedScriptURL>): void;
855855

856856
declare class WorkerGlobalScope extends EventTarget {
857857
self: this;
858858
location: WorkerLocation;
859859
navigator: WorkerNavigator;
860860
close(): void;
861-
importScripts(...urls: Array<string>): void;
861+
importScripts(...urls: Array<string | TrustedScriptURL>): void;
862862
onerror: (ev: any) => mixed;
863863
onlanguagechange: (ev: any) => mixed;
864864
onoffline: (ev: any) => mixed;

lib/dom.js

+30-11
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,10 @@ declare interface CustomElementRegistry {
152152
declare interface ShadowRoot extends DocumentFragment {
153153
+delegatesFocus: boolean;
154154
+host: Element;
155-
innerHTML: string;
155+
// flowlint unsafe-getters-setters:off
156+
get innerHTML(): string;
157+
set innerHTML(value: string | TrustedHTML): void;
158+
// flowlint unsafe-getters-setters:error
156159
+mode: ShadowRootMode;
157160
}
158161

@@ -1323,8 +1326,8 @@ declare class Document extends Node {
13231326
styleSheets: StyleSheetList;
13241327
title: string;
13251328
visibilityState: 'visible' | 'hidden' | 'prerender' | 'unloaded';
1326-
write(...content: Array<string>): void;
1327-
writeln(...content: Array<string>): void;
1329+
write(...content: Array<string | TrustedHTML>): void;
1330+
writeln(...content: Array<string | TrustedHTML>): void;
13281331
xmlEncoding: string;
13291332
xmlStandalone: boolean;
13301333
xmlVersion: string;
@@ -1673,7 +1676,7 @@ declare class Range { // extension
16731676
setStartAfter(refNode: Node): void;
16741677
extractContents(): DocumentFragment;
16751678
setEndAfter(refNode: Node): void;
1676-
createContextualFragment(fragment: string): DocumentFragment;
1679+
createContextualFragment(fragment: string | TrustedHTML): DocumentFragment;
16771680
intersectsNode(refNode: Node): boolean;
16781681
isPointInRange(refNode: Node, offset: number): boolean;
16791682
static END_TO_END: number;
@@ -1718,11 +1721,17 @@ declare class Element extends Node implements Animatable {
17181721
clientTop: number;
17191722
clientWidth: number;
17201723
id: string;
1721-
innerHTML: string;
1724+
// flowlint unsafe-getters-setters:off
1725+
get innerHTML(): string;
1726+
set innerHTML(value: string | TrustedHTML): void;
1727+
// flowlint unsafe-getters-setters:error
17221728
localName: string;
17231729
namespaceURI: ?string;
17241730
nextElementSibling: ?Element;
1725-
outerHTML: string;
1731+
// flowlint unsafe-getters-setters:off
1732+
get outerHTML(): string;
1733+
set outerHTML(value: string | TrustedHTML): void;
1734+
// flowlint unsafe-getters-setters:error
17261735
prefix: string | null;
17271736
previousElementSibling: ?Element;
17281737
scrollHeight: number;
@@ -1857,7 +1866,7 @@ declare class Element extends Node implements Animatable {
18571866
hasAttributeNS(namespaceURI: string | null, localName: string): boolean;
18581867
hasAttributes(): boolean;
18591868
insertAdjacentElement(position: 'beforebegin' | 'afterbegin' | 'beforeend' | 'afterend', element: Element): void;
1860-
insertAdjacentHTML(position: 'beforebegin' | 'afterbegin' | 'beforeend' | 'afterend', html: string): void;
1869+
insertAdjacentHTML(position: 'beforebegin' | 'afterbegin' | 'beforeend' | 'afterend', html: string | TrustedHTML): void;
18611870
insertAdjacentText(position: 'beforebegin' | 'afterbegin' | 'beforeend' | 'afterend', text: string): void;
18621871
matches(selector: string): boolean;
18631872
releasePointerCapture(pointerId: number): void;
@@ -2047,7 +2056,10 @@ declare class HTMLElement extends Element {
20472056
dropzone: any;
20482057
hidden: boolean;
20492058
id: string;
2050-
innerHTML: string;
2059+
// flowlint unsafe-getters-setters:off
2060+
get innerHTML(): string;
2061+
set innerHTML(value: string | TrustedHTML): void;
2062+
// flowlint unsafe-getters-setters:error
20512063
isContentEditable: boolean;
20522064
itemProp: any;
20532065
itemScope: boolean;
@@ -3393,7 +3405,10 @@ declare class HTMLIFrameElement extends HTMLElement {
33933405
scrolling: string;
33943406
sandbox: DOMTokenList;
33953407
src: string;
3396-
srcdoc: string;
3408+
// flowlint unsafe-getters-setters:off
3409+
get srcdoc(): string;
3410+
set srcdoc(value: string | TrustedHTML): void;
3411+
// flowlint unsafe-getters-setters:error
33973412
width: string;
33983413
}
33993414

@@ -3887,8 +3902,12 @@ declare class HTMLScriptElement extends HTMLElement {
38873902
charset: string;
38883903
crossOrigin?: string;
38893904
defer: boolean;
3890-
src: string;
3891-
text: string;
3905+
// flowlint unsafe-getters-setters:off
3906+
get src(): string;
3907+
set src(value: string | TrustedScriptURL): void;
3908+
get text(): string;
3909+
set text(value: string | TrustedScript): void;
3910+
// flowlint unsafe-getters-setters:error
38923911
type: string;
38933912
}
38943913

lib/serviceworkers.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,7 @@ declare class ServiceWorkerContainer extends EventTarget {
163163
getRegistration(clientURL?: string): Promise<ServiceWorkerRegistration | void>,
164164
getRegistrations(): Promise<Iterator<ServiceWorkerRegistration>>,
165165
register(
166-
scriptURL: string,
166+
scriptURL: string | TrustedScriptURL,
167167
options?: RegistrationOptions
168168
): Promise<ServiceWorkerRegistration>,
169169
startMessages(): void,

tests/bom/bom.exp

+2-2
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,8 @@ with `HTMLFormElement` [2]. [incompatible-call]
2323
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2424

2525
References:
26-
<BUILTINS>/dom.js:1125:70
27-
1125| createElement(tagName: 'input', options?: ElementCreationOptions): HTMLInputElement;
26+
<BUILTINS>/dom.js:1128:70
27+
1128| createElement(tagName: 'input', options?: ElementCreationOptions): HTMLInputElement;
2828
^^^^^^^^^^^^^^^^ [1]
2929
<BUILTINS>/bom.js:580:24
3030
580| constructor(form?: HTMLFormElement): void;

0 commit comments

Comments
 (0)