Polyfill: Support for enforcement in emulated DOM environments (e.g. nodejs + domino).

Build target for npm now exposes `TrustedTypesConfig` and `TrustedTypesEnforcer` objects that allow installing the enforcement on Window-like objects. See `demo/nodejs-domino` for an example usage.

Fixes #190.

Author: Siegrift

Diff for: demo/nodejs-domino/.gitignore

@@ -0,0 +1,3 @@
+node_modules
+lib
+*.log

Diff for: demo/nodejs-domino/README.md

@@ -0,0 +1,25 @@
+# Nodejs domino demo
+
+This example showcases the integration of TT polyfill in nodejs environemnt. We are using TypeScript
+on purpose to show our type definitions work. Using TT polyfill on nodejs without enforcement is
+possible, but some project emulate DOM on the server side (angular) and this demo shows TT polyfill
+can work in those cases, too.
+
+We are emulating DOM using our version of
+[domino](https://github.com/Siegrift/domino/tree/configurable), because there is an
+[issue](https://github.com/fgnass/domino/issues/171) which prevents us from reconfiguring the DOM
+functions defined by domino.
+
+To start enforcing on the emulated DOM object you have two options:
+
+1. Define emulated `window` object on the global scope and create enforcer with a single argument -
+   enforcement configuration.
+2. Pass the emulated `window` object to the enforcer as a second argument. _(You don't need to
+   expose the object on the global scope)_.
+
+## Running the demos
+
+1. Run `yarn` to install dependencies.
+2. There are two demos, which you can run by `yarn run-demo-global` or `yarn run-demo-custom`.
+
+Both demos output a bunch of text to the console. Check the source files to understand the output.

Diff for: demo/nodejs-domino/another.ts

@@ -0,0 +1,3 @@
+// This file shows that the DOM symbols are available in the global scope
+console.log('typeof window', typeof window)
+console.log('typeof document', typeof document)

Diff for: demo/nodejs-domino/api_only.ts

@@ -0,0 +1,11 @@
+// This file shows how to use the API of trusted types (without any enforcement).
+import { trustedTypes } from 'trusted-types'
+
+function acceptOnlyTrustedHTML(html: TrustedHTML) {
+  if (!trustedTypes.isHTML(html)) console.log('untrusted html', html)
+  else console.log('trusted html', html)
+}
+
+const policy = trustedTypes.createPolicy('app', { createHTML: (s) => s })
+acceptOnlyTrustedHTML('str' as any)
+acceptOnlyTrustedHTML(policy.createHTML('safe html'))

Diff for: demo/nodejs-domino/custom.ts

@@ -0,0 +1,77 @@
+import domino from 'domino'
+import './another'
+import {
+  trustedTypes,
+  TrustedTypeConfig,
+  TrustedTypesEnforcer,
+} from 'trusted-types'
+
+// create custom DOM API implementation
+const win = domino.createWindow()
+const doc = win.document
+
+const html = doc.createElement('html')
+html.appendChild(doc.createElement('div'))
+html.appendChild(doc.createElement('div'))
+console.log(html.innerHTML)
+
+// no enforcement yet, assignment should work
+html.children[0].innerHTML = 'string'
+console.log(html.innerHTML)
+
+// start enforcing mode
+const config = new TrustedTypeConfig(
+  false,
+  true,
+  ['foo', 'default'],
+  false,
+  undefined,
+  win,
+)
+const enforcer = new TrustedTypesEnforcer(config)
+enforcer.install()
+const fooPolicy = trustedTypes.createPolicy('foo', { createHTML: (s) => s })
+
+// we expect string assignment to sink to fail
+let caught = false
+try {
+  html.children[0].innerHTML = 'string' // should fail
+} catch (err) {
+  caught = true
+}
+if (caught) console.log('Caught unsafe write to innerHTML property')
+else throw new Error("Didn't catch unsafe write to innerHTML property!")
+
+// trusted value assignment should pass
+html.children[0].innerHTML = fooPolicy.createHTML('safeHTML') as any
+console.log(html.innerHTML)
+
+// Default policy
+trustedTypes.createPolicy('default', { createHTML: (s) => s + '-default' })
+
+// after we uninstall enforcer, raw assignments should work again
+enforcer.uninstall()
+html.children[0].innerHTML = 'string after uninstall'
+console.log(html.innerHTML)
+
+html.children[0].innerHTML = 'string' // should be rewritten to 'string-default'
+console.log(html.children[0].innerHTML)
+
+// it should work even with incomplete enforcer
+const config2 = new TrustedTypeConfig(
+  false,
+  true,
+  ['foo', 'default'],
+  false,
+  undefined,
+  ['Element', 'HTMLElement', 'Document', 'Node'].reduce(
+    (acc, key) => {
+      acc[key] = (domino as any).impl[key]
+      return acc
+    },
+    { document: doc } as any,
+  ),
+)
+const incompleteEnforcer = new TrustedTypesEnforcer(config2)
+incompleteEnforcer.install()
+incompleteEnforcer.uninstall()

Diff for: demo/nodejs-domino/main.ts

@@ -0,0 +1,54 @@
+import domino from 'domino'
+import {
+  trustedTypes,
+  TrustedTypeConfig,
+  TrustedTypesEnforcer,
+} from 'trusted-types'
+
+// expose DOM API on the global scope
+const g = global as any
+g.window = domino.createWindow()
+g.document = g.window.document
+Object.entries((domino as any).impl).forEach(([key, value]) => {
+  g[key] = value
+})
+
+// console logs whether the global DOM symbols
+import './another'
+
+const html = document.createElement('html')
+html.appendChild(document.createElement('div'))
+html.appendChild(document.createElement('div'))
+html.appendChild(document.createElement('div'))
+console.log(html.innerHTML)
+
+// no enforcement yet, assignment should work
+html.children[0].innerHTML = 'string'
+console.log(html.innerHTML)
+
+// start enforcing mode
+const config = new TrustedTypeConfig(false, true, ['foo', 'default'], false)
+const enforcer = new TrustedTypesEnforcer(config)
+enforcer.install()
+const fooPolicy = trustedTypes.createPolicy('foo', { createHTML: (s) => s })
+// we expect string assignment to sink to fail
+let caught = false
+try {
+  html.children[0].innerHTML = 'string' // should fail
+} catch (err) {
+  caught = true
+}
+if (caught) console.log('Caught unsafe write to innerHTML property')
+else throw new Error("Didn't catch unsafe write to innerHTML property!")
+
+// trusted value assignment should pass
+html.children[0].innerHTML = fooPolicy.createHTML('safeHTML') as any
+console.log(html.innerHTML)
+
+// Default policy
+trustedTypes.createPolicy('default', { createHTML: (s) => s + '-default' })
+
+// after we uninstall enforcer, raw assignments should work again
+enforcer.uninstall()
+html.children[0].innerHTML = 'string after uninstall'
+console.log(html.innerHTML)

Diff for: demo/nodejs-domino/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "target",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "run-demo-global": "yarn tsc && node ./lib/main",
+    "run-demo-custom": "yarn tsc && node ./lib/custom"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "@types/node": "^14.14.3",
+    "@types/trusted-types": "^1.0.6",
+    "domino": "Siegrift/domino#configurable",
+    "trusted-types": "link:../../",
+    "typescript": "^4.0.3"
+  }
+}

Diff for: demo/nodejs-domino/tsconfig.json

@@ -0,0 +1,69 @@
+{
+  "compilerOptions": {
+    /* Visit https://aka.ms/tsconfig.json to read more about this file */
+
+    /* Basic Options */
+    // "incremental": true,                   /* Enable incremental compilation */
+    "target": "es5",                          /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019', 'ES2020', or 'ESNEXT'. */
+    "module": "commonjs",                     /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', 'es2020', or 'ESNext'. */
+    // "lib": [],                             /* Specify library files to be included in the compilation. */
+    // "allowJs": true,                       /* Allow javascript files to be compiled. */
+    // "checkJs": true,                       /* Report errors in .js files. */
+    // "jsx": "preserve",                     /* Specify JSX code generation: 'preserve', 'react-native', or 'react'. */
+    // "declaration": true,                   /* Generates corresponding '.d.ts' file. */
+    // "declarationMap": true,                /* Generates a sourcemap for each corresponding '.d.ts' file. */
+    // "sourceMap": true,                     /* Generates corresponding '.map' file. */
+    // "outFile": "./",                       /* Concatenate and emit output to single file. */
+    "outDir": "./lib",                        /* Redirect output structure to the directory. */
+    // "rootDir": "./",                       /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
+    // "composite": true,                     /* Enable project compilation */
+    // "tsBuildInfoFile": "./",               /* Specify file to store incremental compilation information */
+    // "removeComments": true,                /* Do not emit comments to output. */
+    // "noEmit": true,                        /* Do not emit outputs. */
+    // "importHelpers": true,                 /* Import emit helpers from 'tslib'. */
+    // "downlevelIteration": true,            /* Provide full support for iterables in 'for-of', spread, and destructuring when targeting 'ES5' or 'ES3'. */
+    // "isolatedModules": true,               /* Transpile each file as a separate module (similar to 'ts.transpileModule'). */
+
+    /* Strict Type-Checking Options */
+    "strict": true,                           /* Enable all strict type-checking options. */
+    // "noImplicitAny": true,                 /* Raise error on expressions and declarations with an implied 'any' type. */
+    // "strictNullChecks": true,              /* Enable strict null checks. */
+    // "strictFunctionTypes": true,           /* Enable strict checking of function types. */
+    // "strictBindCallApply": true,           /* Enable strict 'bind', 'call', and 'apply' methods on functions. */
+    // "strictPropertyInitialization": true,  /* Enable strict checking of property initialization in classes. */
+    // "noImplicitThis": true,                /* Raise error on 'this' expressions with an implied 'any' type. */
+    // "alwaysStrict": true,                  /* Parse in strict mode and emit "use strict" for each source file. */
+
+    /* Additional Checks */
+    // "noUnusedLocals": true,                /* Report errors on unused locals. */
+    // "noUnusedParameters": true,            /* Report errors on unused parameters. */
+    // "noImplicitReturns": true,             /* Report error when not all code paths in function return a value. */
+    // "noFallthroughCasesInSwitch": true,    /* Report errors for fallthrough cases in switch statement. */
+
+    /* Module Resolution Options */
+    // "moduleResolution": "node",            /* Specify module resolution strategy: 'node' (Node.js) or 'classic' (TypeScript pre-1.6). */
+    // "baseUrl": "./",                       /* Base directory to resolve non-absolute module names. */
+    // "paths": {},                           /* A series of entries which re-map imports to lookup locations relative to the 'baseUrl'. */
+    // "rootDirs": [],                        /* List of root folders whose combined content represents the structure of the project at runtime. */
+    // "typeRoots": [],                       /* List of folders to include type definitions from. */
+    "types": ["node"],                           /* Type declaration files to be included in compilation. */
+    // "allowSyntheticDefaultImports": true,  /* Allow default imports from modules with no default export. This does not affect code emit, just typechecking. */
+    "esModuleInterop": true,                  /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
+    // "preserveSymlinks": true,              /* Do not resolve the real path of symlinks. */
+    // "allowUmdGlobalAccess": true,          /* Allow accessing UMD globals from modules. */
+
+    /* Source Map Options */
+    // "sourceRoot": "",                      /* Specify the location where debugger should locate TypeScript files instead of source locations. */
+    // "mapRoot": "",                         /* Specify the location where debugger should locate map files instead of generated locations. */
+    // "inlineSourceMap": true,               /* Emit a single file with source maps instead of having a separate file. */
+    // "inlineSources": true,                 /* Emit the source alongside the sourcemaps within a single file; requires '--inlineSourceMap' or '--sourceMap' to be set. */
+
+    /* Experimental Options */
+    // "experimentalDecorators": true,        /* Enables experimental support for ES7 decorators. */
+    // "emitDecoratorMetadata": true,         /* Enables experimental support for emitting type metadata for decorators. */
+
+    /* Advanced Options */
+    "skipLibCheck": true,                     /* Skip type checking of declaration files. */
+    "forceConsistentCasingInFileNames": true  /* Disallow inconsistently-cased references to the same file. */
+  }
+}

Diff for: demo/nodejs-domino/yarn.lock

@@ -0,0 +1,26 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+"@types/node@^14.14.3":
+  version "14.14.3"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-14.14.3.tgz#e1c09064121f894baaad2bd9f12ce4a41bffb274"
+  integrity sha512-33/L34xS7HVUx23e0wOT2V1qPF1IrHgQccdJVm9uXGTB9vFBrrzBtkQymT8VskeKOxjz55MSqMv0xuLq+u98WQ==
+
+"@types/trusted-types@^1.0.6":
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-1.0.6.tgz#569b8a08121d3203398290d602d84d73c8dcf5da"
+  integrity sha512-230RC8sFeHoT6sSUlRO6a8cAnclO06eeiq1QDfiv2FGCLWFvvERWgwIQD4FWqD9A69BN7Lzee4OXwoMVnnsWDw==
+
+domino@Siegrift/domino#configurable:
+  version "2.1.6"
+  resolved "https://codeload.github.com/Siegrift/domino/tar.gz/70d427283215ba7ac99083bb4dc2fb41754d684f"
+
+"trusted-types@link:../..":
+  version "0.0.0"
+  uid ""
+
+typescript@^4.0.3:
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.0.3.tgz#153bbd468ef07725c1df9c77e8b453f8d36abba5"
+  integrity sha512-tEu6DGxGgRJPb/mVPIZ48e69xCn2yRmCgYmDugAVwmJ6o+0u1RI18eO7E7WBTLYLaEVVOhwQmcdhQHweux/WPg==