Bug 1935434 Implement forgiving parsing for trusted-types CSP directive. r=smaug

fred-wang · fred-wang · commit 58be4c82314c · 2025-03-30T06:51:41.000Z
Currently, we just discard the whole directive if an invalid token is found. With this patch, we instead ignore such a token. Also improves tests in should-trusted-type-policy-creation-be-blocked-by-csp-002.html so that we really check that the original trusted-types directive is preserved after serialization. See w3c/webappsec-csp#363 (comment) Differential Revision: https://phabricator.services.mozilla.com/D243358
diff --git a/dom/security/nsCSPParser.cpp b/dom/security/nsCSPParser.cpp
@@ -990,14 +990,10 @@ void nsCSPParser::handleTrustedTypesDirective(nsCSPDirective* aDir) {
           new nsCSPTrustedTypesDirectivePolicyName(mCurToken));
     } else {
       AutoTArray<nsString, 1> token = {mCurToken};
-      logWarningErrorToConsole(nsIScriptError::errorFlag,
+      logWarningErrorToConsole(nsIScriptError::warningFlag,
                                "invalidTrustedTypesExpression", token);
-
-      for (auto* trustedTypeExpression : trustedTypesExpressions) {
-        delete trustedTypeExpression;
-      }
-
-      return;
+      trustedTypesExpressions.AppendElement(
+          new nsCSPTrustedTypesDirectiveInvalidToken(mCurToken));
     }
   }
 
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
@@ -1085,6 +1085,24 @@ void nsCSPTrustedTypesDirectivePolicyName::toString(nsAString& aOutStr) const {
   aOutStr.Append(mName);
 }
 
+/* =============== nsCSPTrustedTypesDirectiveInvalidToken =============== */
+
+nsCSPTrustedTypesDirectiveInvalidToken::nsCSPTrustedTypesDirectiveInvalidToken(
+    const nsAString& aInvalidToken)
+    : mInvalidToken{aInvalidToken} {}
+
+bool nsCSPTrustedTypesDirectiveInvalidToken::visit(
+    nsCSPSrcVisitor* aVisitor) const {
+  MOZ_ASSERT_UNREACHABLE(
+      "Should only be called for other overloads of this method.");
+  return false;
+}
+
+void nsCSPTrustedTypesDirectiveInvalidToken::toString(
+    nsAString& aOutStr) const {
+  aOutStr.Append(mInvalidToken);
+}
+
 /* ===== nsCSPDirective ====================== */
 
 nsCSPDirective::nsCSPDirective(CSPDirective aDirective) {
diff --git a/dom/security/nsCSPUtils.h b/dom/security/nsCSPUtils.h
@@ -437,6 +437,19 @@ class nsCSPTrustedTypesDirectivePolicyName : public nsCSPBaseSrc {
   const nsString mName;
 };
 
+class nsCSPTrustedTypesDirectiveInvalidToken : public nsCSPBaseSrc {
+ public:
+  explicit nsCSPTrustedTypesDirectiveInvalidToken(
+      const nsAString& aInvalidToken);
+  virtual ~nsCSPTrustedTypesDirectiveInvalidToken() = default;
+
+  bool visit(nsCSPSrcVisitor* aVisitor) const override;
+  void toString(nsAString& aOutStr) const override;
+
+ private:
+  const nsString mInvalidToken;
+};
+
 /* =============== nsCSPSrcVisitor ================== */
 
 class nsCSPSrcVisitor {
diff --git a/dom/security/test/gtest/TestCSPParser.cpp b/dom/security/test/gtest/TestCSPParser.cpp
@@ -228,9 +228,12 @@ TEST(CSPParser, Directives)
       "script-src http://example.com"},
     { "require-trusted-types-for 'script'",
       "require-trusted-types-for 'script'" },
+    { "require-trusted-types-for 'script' invalid",
+      "require-trusted-types-for 'script' 'invalid'"}, // bug 1956731
     { "trusted-types somePolicyName", "trusted-types somePolicyName" },
     { "trusted-types somePolicyName anotherPolicyName 1 - # = _ / @ . % *",
       "trusted-types somePolicyName anotherPolicyName 1 - # = _ / @ . % *" },
+    { "trusted-types $", "trusted-types 'invalid'" }, // bug 1935434
       // clang-format on
   };
 
@@ -609,8 +612,8 @@ TEST(CSPParser, BadPolicies)
     { "report-uri http://:foo", ""},
     { "require-sri-for", ""},
     { "require-sri-for style", ""},
-    { "trusted-types $", ""},
-    { "trusted-types 'report-sample'", "" },
+    { "require-trusted-types-for invalid" },
+    { "require-trusted-types-for 'invalid'" },
 
       // clang-format on
   };
diff --git a/testing/web-platform/meta/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-002.html.ini b/testing/web-platform/meta/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-002.html.ini
diff --git a/testing/web-platform/tests/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-002.html b/testing/web-platform/tests/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-002.html
@@ -63,6 +63,8 @@
       // https://w3c.github.io/trusted-types/dist/spec/#should-block-create-policy
       assert_true(results[0].exception instanceof TypeError, "createPolicy() should throw a TypeError.");
       assert_equals(results[0].violatedPolicies.length, 1, "createPolicy() should trigger a violation report.");
+      assert_equals(results[0].violatedPolicies[0].disposition, "enforce");
+      assert_equals(results[0].violatedPolicies[0].policy, `trusted-types ${trustedTypePolicyName}`);
     }, `invalid tt-policy-name name "${trustedTypePolicyName}"`);
   });
 
@@ -90,5 +92,7 @@
     assert_equals(results.length, 1);
     assert_true(results[0].exception instanceof TypeError);
     assert_equals(results[0].violatedPolicies.length, 1);
+    assert_equals(results[0].violatedPolicies[0].disposition, "enforce");
+    assert_equals(results[0].violatedPolicies[0].policy, `trusted-types _TTP_*`);
   }, `invalid directive "trusted-type _TTP" (no ascii whitespace)`);
 </script>
