Skip to content

Commit 0cc17c1

Browse files
lukewarlowlukewarlow
authored
Add an |includeReportOnlyPolicies| boolean argument to Does sink type require trusted types? (#518)
1 parent 3819963 commit 0cc17c1

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

spec/index.bs

+7-7
Original file line numberDiff line numberDiff line change
@@ -1033,7 +1033,7 @@ Given a {{TrustedType}} type (|expectedType|), a [=realm/global object=] (|globa
10331033
1. If |input| is an instance of |expectedType|, return stringified
10341034
|input| and abort these steps.
10351035
1. Let |requireTrustedTypes| be the result of executing [$Does sink type require trusted types?$] algorithm,
1036-
passing |global|, and |sinkGroup|.
1036+
passing |global|, |sinkGroup|, and true.
10371037
1. If |requireTrustedTypes| is `false`, return stringified |input| and abort these steps.
10381038
1. Let |convertedInput| be the result of executing [$Process value with a default policy$] with the same arguments as this algorithm.
10391039
1. If the algorithm threw an error, rethrow the error and abort the following steps.
@@ -1399,20 +1399,20 @@ Content-Security-Policy: trusted-types one two default
13991399

14001400
### <dfn abstract-op>Does sink type require trusted types?</dfn> ### {#does-sink-require-trusted-types}
14011401

1402-
Given a [=realm/global object=] (|global|), a string (|sinkGroup|) this algorithm
1403-
returns `true` if the [=injection sink=] requires a [=Trusted Type=], and
1404-
`false` otherwise.
1402+
Given a [=realm/global object=] (|global|), a string (|sinkGroup|) and a boolean (|includeReportOnlyPolicies|), this algorithm
1403+
returns `true` if the [=injection sink=] requires a [=Trusted Type=], and `false` otherwise.
14051404

1406-
1. Let |result| be `false`.
14071405
1. For each |policy| in |global|'s <a>CSP list</a>:
14081406
1. If |policy|'s <a>directive set</a> does not contain a <a>directive</a>
14091407
whose [=directive/name=] is `"require-trusted-types-for"`, skip to the next |policy|.
14101408
1. Let |directive| be the |policy|'s |directive set|'s [=directive=] whose name
14111409
is `"require-trusted-types-for"`
14121410
1. If |directive|'s [=directive/value=] does not contain a <a>trusted-types-sink-group</a> which is a match
14131411
for |sinkGroup|, skip to the next |policy|.
1414-
1. Set |result| to `true`.
1415-
1. Return |result|.
1412+
1. Let |enforced| be true if |policy|'s [=policy/disposition=] is `"enforce"`, and false otherwise.
1413+
1. If |enforced| is true, return true.
1414+
1. If |includeReportOnlyPolicies| is true, return true.
1415+
1. Return false.
14161416

14171417
### <dfn abstract-op>Should sink type mismatch violation be blocked by Content Security Policy?</dfn> ### {#should-block-sink-type-mismatch}
14181418

0 commit comments

Comments
 (0)