LibWeb: Amend ShadowRoot to make it compatible with TrustedTypes

tete17 · Lubrsi · commit 33285467a8b4 · 2025-10-27T16:14:20.000Z
diff --git a/Libraries/LibWeb/DOM/ShadowRoot.cpp b/Libraries/LibWeb/DOM/ShadowRoot.cpp
@@ -13,6 +13,8 @@
 #include <LibWeb/HTML/HTMLTemplateElement.h>
 #include <LibWeb/HTML/Parser/HTMLParser.h>
 #include <LibWeb/Layout/BlockContainer.h>
+#include <LibWeb/TrustedTypes/RequireTrustedTypesForDirective.h>
+#include <LibWeb/TrustedTypes/TrustedTypePolicy.h>
 
 namespace Web::DOM {
 
@@ -63,22 +65,29 @@ EventTarget* ShadowRoot::get_parent(Event const& event)
 }
 
 // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-shadowroot-innerhtml
-WebIDL::ExceptionOr<String> ShadowRoot::inner_html() const
+WebIDL::ExceptionOr<TrustedTypes::TrustedHTMLOrString> ShadowRoot::inner_html() const
 {
-    return TRY(serialize_fragment(HTML::RequireWellFormed::Yes)).to_utf8_but_should_be_ported_to_utf16();
+    return TRY(serialize_fragment(HTML::RequireWellFormed::Yes));
 }
 
 // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-shadowroot-innerhtml
-WebIDL::ExceptionOr<void> ShadowRoot::set_inner_html(StringView value)
+WebIDL::ExceptionOr<void> ShadowRoot::set_inner_html(TrustedTypes::TrustedHTMLOrString const& value)
 {
-    // FIXME: 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global object, the given value, "ShadowRoot innerHTML", and "script".
+    // 1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with
+    //    TrustedHTML, this's relevant global object, the given value, "ShadowRoot innerHTML", and "script".
+    auto const compliant_string = TRY(TrustedTypes::get_trusted_type_compliant_string(
+        TrustedTypes::TrustedTypeName::TrustedHTML,
+        HTML::relevant_global_object(*this),
+        value,
+        TrustedTypes::InjectionSink::ShadowRootinnerHTML,
+        TrustedTypes::Script.to_string()));
 
     // 2. Let context be this's host.
     auto context = this->host();
     VERIFY(context);
 
-    // 3. Let fragment be the result of invoking the fragment parsing algorithm steps with context and compliantString. FIXME: Use compliantString instead of markup.
-    auto fragment = TRY(context->parse_fragment(value));
+    // 3. Let fragment be the result of invoking the fragment parsing algorithm steps with context and compliantString.
+    auto fragment = TRY(context->parse_fragment(compliant_string.to_utf8_but_should_be_ported_to_utf16()));
 
     // 4. Replace all with fragment within this.
     this->replace_all(fragment);
@@ -110,12 +119,19 @@ WebIDL::ExceptionOr<String> ShadowRoot::get_html(GetHTMLOptions const& options)
 }
 
 // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-shadowroot-sethtmlunsafe
-WebIDL::ExceptionOr<void> ShadowRoot::set_html_unsafe(StringView html)
-{
-    // FIXME: 1. Let compliantHTML be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global object, html, "ShadowRoot setHTMLUnsafe", and "script".
-
-    // 3. Unsafe set HTML given this, this's shadow host, and compliantHTML. FIXME: Use compliantHTML.
-    TRY(unsafely_set_html(*this->host(), html));
+WebIDL::ExceptionOr<void> ShadowRoot::set_html_unsafe(TrustedTypes::TrustedHTMLOrString const& html)
+{
+    // 1. Let compliantHTML be the result of invoking the Get Trusted Type compliant string algorithm with
+    //    TrustedHTML, this's relevant global object, html, "ShadowRoot setHTMLUnsafe", and "script".
+    auto const compliant_html = TRY(TrustedTypes::get_trusted_type_compliant_string(
+        TrustedTypes::TrustedTypeName::TrustedHTML,
+        HTML::relevant_global_object(*this),
+        html,
+        TrustedTypes::InjectionSink::ShadowRootsetHTMLUnsafe,
+        TrustedTypes::Script.to_string()));
+
+    // 2. Unsafely set HTML given this, this's shadow host, and compliantHTML.
+    TRY(unsafely_set_html(*this->host(), compliant_html.to_utf8_but_should_be_ported_to_utf16()));
 
     return {};
 }
diff --git a/Libraries/LibWeb/DOM/ShadowRoot.h b/Libraries/LibWeb/DOM/ShadowRoot.h
@@ -45,10 +45,10 @@ class WEB_API ShadowRoot final : public DocumentFragment {
     // ^EventTarget
     virtual EventTarget* get_parent(Event const&) override;
 
-    WebIDL::ExceptionOr<String> inner_html() const;
-    WebIDL::ExceptionOr<void> set_inner_html(StringView);
+    WebIDL::ExceptionOr<TrustedTypes::TrustedHTMLOrString> inner_html() const;
+    WebIDL::ExceptionOr<void> set_inner_html(TrustedTypes::TrustedHTMLOrString const&);
 
-    WebIDL::ExceptionOr<void> set_html_unsafe(StringView);
+    WebIDL::ExceptionOr<void> set_html_unsafe(TrustedTypes::TrustedHTMLOrString const&);
 
     WebIDL::ExceptionOr<String> get_html(GetHTMLOptions const&) const;
 
diff --git a/Libraries/LibWeb/DOM/ShadowRoot.idl b/Libraries/LibWeb/DOM/ShadowRoot.idl
@@ -1,6 +1,7 @@
 #import <DOM/DocumentFragment.idl>
 #import <DOM/DocumentOrShadowRoot.idl>
 #import <DOM/Element.idl>
+#import <TrustedTypes/TrustedHTML.idl>
 
 // https://dom.spec.whatwg.org/#shadowroot
 [Exposed=Window]
@@ -15,12 +16,10 @@ interface ShadowRoot : DocumentFragment {
 
     // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-parsing-and-serialization
 
-    // FIXME: [CEReactions] undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
-    [CEReactions] undefined setHTMLUnsafe(DOMString html);
+    [CEReactions] undefined setHTMLUnsafe((TrustedHTML or Utf16DOMString) html);
     DOMString getHTML(optional GetHTMLOptions options = {});
 
-    // FIXME: [CEReactions] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
-    [CEReactions, LegacyNullToEmptyString] attribute DOMString innerHTML;
+    [CEReactions, LegacyNullToEmptyString] attribute (TrustedHTML or Utf16DOMString) innerHTML;
 };
 
 ShadowRoot includes DocumentOrShadowRoot;
diff --git a/Libraries/LibWeb/TrustedTypes/InjectionSink.h b/Libraries/LibWeb/TrustedTypes/InjectionSink.h
@@ -34,6 +34,8 @@ namespace Web::TrustedTypes {
     __ENUMERATE_INJECTION_SINKS(Locationhref, "Location href")                                     \
     __ENUMERATE_INJECTION_SINKS(RangecreateContextualFragment, "Range createContextualFragment")   \
     __ENUMERATE_INJECTION_SINKS(ServiceWorkerContainerregister, "ServiceWorkerContainer register") \
+    __ENUMERATE_INJECTION_SINKS(ShadowRootinnerHTML, "ShadowRoot innerHTML")                       \
+    __ENUMERATE_INJECTION_SINKS(ShadowRootsetHTMLUnsafe, "ShadowRoot setHTMLUnsafe")               \
     __ENUMERATE_INJECTION_SINKS(SharedWorkerconstructor, "SharedWorker constructor")               \
     __ENUMERATE_INJECTION_SINKS(SVGScriptElementhref, "SVGScriptElement href")                     \
     __ENUMERATE_INJECTION_SINKS(Workerconstructor, "Worker constructor")                           \
