WIP: Give developers an opt-in mechanism to block some parser-inserted scripts.

WIP: Give developers an opt-in mechanism to block some parser-inserted scripts.

These should be straightforward:

- document.write('<script>');
- document.writeln('<script>');

Cascading through (multiply-)nested frames like these will be less so:

- document.write('<iframe srcdoc="<script>">');
- document.writeln('<iframe srcdoc="<script>">');
- element.{inner,outer}HTML = '<iframe srcdoc="<script>">';
- element.insertAdjacentHTML('<iframe srcdoc="<script>">');

BUG=684435

[Mike West, 2017-01-25 16:44:07]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-25 16:44:30]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-25 18:09:59]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-25 18:10:00]

Dry run: This issue passed the CQ dry run.

[Mike West, 2017-01-25 20:15:33]

aaj@: This takes care of `document.write`, but not any variant of iframe. For
iframes, I think you really only care about `srcdoc`, right? Or do we need to
deal with the even more complicated general case in which an iframe is used to
load a document that executes script?

[Mike West, 2017-01-26 12:55:31]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-26 12:55:47]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2017-01-26 12:57:55]

And now it deals with `document.write('<iframe srcdoc>');` and nested variants
thereof. It's a bit hacky; we'd probably want to do something cleaner than
walking all the `FrameOwner` elements if we really shipped this.

[commit-bot: I haz the power, 2017-01-26 14:32:49]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-26 14:32:50]

Dry run: Try jobs failed on following builders:
  linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)

[Mike West, 2017-01-26 15:12:53]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-26 15:13:07]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2017-01-26 15:15:01]

And now it deals with innerHTML with super-ugly hacks. Hooray for prototypes.

aaj@, mikispag@, lwe@: Do y'all have more tests for me? :) I'll try to clean
this up to the point at which I wouldn't be horribly embarrassed to hand it to
someone for review; increasing the test coverage at the same time would be
lovely.

[commit-bot: I haz the power, 2017-01-26 18:43:55]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-26 18:43:56]

Dry run: This issue passed the CQ dry run.

[aaj, 2017-01-26 21:45:36]

On 2017/01/26 15:15:01, Mike West (sloooooow) wrote:
> And now it deals with innerHTML with super-ugly hacks. Hooray for prototypes.
> 
> aaj@, mikispag@, lwe@: Do y'all have more tests for me? :) I'll try to clean
> this up to the point at which I wouldn't be horribly embarrassed to hand it to
> someone for review; increasing the test coverage at the same time would be
> lovely.

Sorry for the delay, Mike! I don't have *actual* tests, but when I was trying to
wrap my head around what the behavior should be I put together this list:
https://arturjanc.com/safe-dynamic-markup/. The format is very embarrassing, but
basically if you don't see any "Should NOT execute" messages in the console,
it's a promising sign ;-)

I think mikispag@ was interested in writing web platform tests so stay tuned.

[Mike West, 2017-01-27 11:17:19]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-27 11:17:39]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[blink-reviews, 2017-01-27 11:18:37]

Sure, I can write Web Platform Tests on monday. Is
'disallow-all-the-parser-inserted-scripts-ever-except-for-the-ones-we-like'
in Web Platform Tests OK? ;)

On Thu, Jan 26, 2017 at 10:45 PM <aaj@google.com> wrote:

> On 2017/01/26 15:15:01, Mike West (sloooooow) wrote:
> > And now it deals with innerHTML with super-ugly hacks. Hooray for
> prototypes.
> >
> > aaj@, mikispag@, lwe@: Do y'all have more tests for me? :) I'll try to
> clean
> > this up to the point at which I wouldn't be horribly embarrassed to hand
> it to
> > someone for review; increasing the test coverage at the same time would
> be
> > lovely.
>
> Sorry for the delay, Mike! I don't have *actual* tests, but when I was
> trying to
> wrap my head around what the behavior should be I put together this list:
> https://arturjanc.com/safe-dynamic-markup/. The format is very
> embarrassing, but
> basically if you don't see any "Should NOT execute" messages in the
> console,
> it's a promising sign ;-)
>
> I think mikispag@ was interested in writing web platform tests so stay
> tuned.
>
> https://codereview.chromium.org/2657623005/
>

-- 
You received this message because you are subscribed to the Google Groups "Blink
Reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-reviews+unsubscribe@chromium.org.

[chromium-reviews, 2017-01-27 11:18:37]

Sure, I can write Web Platform Tests on monday. Is
'disallow-all-the-parser-inserted-scripts-ever-except-for-the-ones-we-like'
in Web Platform Tests OK? ;)

On Thu, Jan 26, 2017 at 10:45 PM <aaj@google.com> wrote:

> On 2017/01/26 15:15:01, Mike West (sloooooow) wrote:
> > And now it deals with innerHTML with super-ugly hacks. Hooray for
> prototypes.
> >
> > aaj@, mikispag@, lwe@: Do y'all have more tests for me? :) I'll try to
> clean
> > this up to the point at which I wouldn't be horribly embarrassed to hand
> it to
> > someone for review; increasing the test coverage at the same time would
> be
> > lovely.
>
> Sorry for the delay, Mike! I don't have *actual* tests, but when I was
> trying to
> wrap my head around what the behavior should be I put together this list:
> https://arturjanc.com/safe-dynamic-markup/. The format is very
> embarrassing, but
> basically if you don't see any "Should NOT execute" messages in the
> console,
> it's a promising sign ;-)
>
> I think mikispag@ was interested in writing web platform tests so stay
> tuned.
>
> https://codereview.chromium.org/2657623005/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

[blink-reviews, 2017-01-27 12:56:47]

I don't think we should contribute tests to WPT before we've defined what
we actually want. I'm just interested in expanding the test coverage of
this patch by including various cases I've probably missed. Take a look at
the tests on the CL, and let me know what you'd add?

-mike

On Fri, Jan 27, 2017 at 12:18 PM, Michele Spagnuolo <mikispag@google.com>
wrote:

> Sure, I can write Web Platform Tests on monday. Is
> 'disallow-all-the-parser-inserted-scripts-ever-except-for-the-ones-we-like'
> in Web Platform Tests OK? ;)
>
> On Thu, Jan 26, 2017 at 10:45 PM <aaj@google.com> wrote:
>
>> On 2017/01/26 15:15:01, Mike West (sloooooow) wrote:
>> > And now it deals with innerHTML with super-ugly hacks. Hooray for
>> prototypes.
>> >
>> > aaj@, mikispag@, lwe@: Do y'all have more tests for me? :) I'll try to
>> clean
>> > this up to the point at which I wouldn't be horribly embarrassed to
>> hand it to
>> > someone for review; increasing the test coverage at the same time would
>> be
>> > lovely.
>>
>> Sorry for the delay, Mike! I don't have *actual* tests, but when I was
>> trying to
>> wrap my head around what the behavior should be I put together this list:
>> https://arturjanc.com/safe-dynamic-markup/. The format is very
>> embarrassing, but
>> basically if you don't see any "Should NOT execute" messages in the
>> console,
>> it's a promising sign ;-)
>>
>> I think mikispag@ was interested in writing web platform tests so stay
>> tuned.
>>
>> https://codereview.chromium.org/2657623005/
>>
>

-- 
You received this message because you are subscribed to the Google Groups "Blink
Reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-reviews+unsubscribe@chromium.org.

[chromium-reviews, 2017-01-27 12:56:47]

I don't think we should contribute tests to WPT before we've defined what
we actually want. I'm just interested in expanding the test coverage of
this patch by including various cases I've probably missed. Take a look at
the tests on the CL, and let me know what you'd add?

-mike

On Fri, Jan 27, 2017 at 12:18 PM, Michele Spagnuolo <mikispag@google.com>
wrote:

> Sure, I can write Web Platform Tests on monday. Is
> 'disallow-all-the-parser-inserted-scripts-ever-except-for-the-ones-we-like'
> in Web Platform Tests OK? ;)
>
> On Thu, Jan 26, 2017 at 10:45 PM <aaj@google.com> wrote:
>
>> On 2017/01/26 15:15:01, Mike West (sloooooow) wrote:
>> > And now it deals with innerHTML with super-ugly hacks. Hooray for
>> prototypes.
>> >
>> > aaj@, mikispag@, lwe@: Do y'all have more tests for me? :) I'll try to
>> clean
>> > this up to the point at which I wouldn't be horribly embarrassed to
>> hand it to
>> > someone for review; increasing the test coverage at the same time would
>> be
>> > lovely.
>>
>> Sorry for the delay, Mike! I don't have *actual* tests, but when I was
>> trying to
>> wrap my head around what the behavior should be I put together this list:
>> https://arturjanc.com/safe-dynamic-markup/. The format is very
>> embarrassing, but
>> basically if you don't see any "Should NOT execute" messages in the
>> console,
>> it's a promising sign ;-)
>>
>> I think mikispag@ was interested in writing web platform tests so stay
>> tuned.
>>
>> https://codereview.chromium.org/2657623005/
>>
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

[commit-bot: I haz the power, 2017-01-27 14:13:33]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-27 14:13:33]

Dry run: Try jobs failed on following builders:
  linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[Mike West, 2017-01-27 14:32:53]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-27 14:33:14]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2017-01-27 14:33:24]

Rebasing this on top of things. Smaller now, maybe even cleaner.

[Mike West, 2017-01-27 14:47:23]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-27 14:47:47]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2017-01-27 14:48:20]

mkwst@chromium.org changed reviewers:
+ jochen@chromium.org

[Mike West, 2017-01-27 14:48:21]

Ok. I think inline script is ~done. Will work on external script at some
point... next week is going to be busy.

Jochen, WDYT of the direction?

[jochen (gone - plz use gerrit), 2017-01-27 15:14:19]

direction looks reasonable

https://codereview.chromium.org/2657623005/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/core/dom/Document.h (right):

https://codereview.chromium.org/2657623005/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/core/dom/Document.h:227: enum SrcdocType {
nit. enum class. enum constants should start with k

[commit-bot: I haz the power, 2017-01-27 16:30:41]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-27 16:30:42]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[blink-reviews, 2017-01-30 10:34:56]

I think we are missing link[rel=import] and outerHTML/insertAdjacentHTML
variants.Shall I prepare a new change?

On Fri, Jan 27, 2017 at 4:14 PM <jochen@chromium.org> wrote:

direction looks reasonable


https://codereview.chromium.org/2657623005/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/core/dom/Document.h (right):

https://codereview.chromium.org/2657623005/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/core/dom/Document.h:227: enum SrcdocType {
nit. enum class. enum constants should start with k

https://codereview.chromium.org/2657623005/

-- 
You received this message because you are subscribed to the Google Groups "Blink
Reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-reviews+unsubscribe@chromium.org.

[chromium-reviews, 2017-01-30 10:34:56]

I think we are missing link[rel=import] and outerHTML/insertAdjacentHTML
variants.Shall I prepare a new change?

On Fri, Jan 27, 2017 at 4:14 PM <jochen@chromium.org> wrote:

direction looks reasonable


https://codereview.chromium.org/2657623005/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/core/dom/Document.h (right):

https://codereview.chromium.org/2657623005/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/core/dom/Document.h:227: enum SrcdocType {
nit. enum class. enum constants should start with k

https://codereview.chromium.org/2657623005/

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

[Mike West, 2017-02-17 10:55:49]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-02-17 10:56:02]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-17 10:58:24]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-17 10:58:25]

Dry run: Try jobs failed on following builders:
  ios-device-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device-xcode-...)
  ios-simulator-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator-xco...)