Draft implementation of Trusted Types support

Author: bjarkler

package.json

@@ -90,6 +90,7 @@
     "@types/semver": "^6.0.2",
     "@types/shelljs": "^0.8.6",
     "@types/systemjs": "0.19.32",
+    "@types/trusted-types": "^1.0.6",
     "@types/yaml": "^1.9.7",
     "@types/yargs": "^15.0.5",
     "@webcomponents/custom-elements": "^1.1.0",

packages/BUILD.bazel

@@ -14,6 +14,7 @@ ts_library(
     deps = [
         "//packages/zone.js/lib:zone_d_ts",
         "@npm//@types/hammerjs",
+        "@npm//@types/trusted-types",
     ],
 )
 

packages/compiler/src/render3/r3_identifiers.ts

@@ -320,4 +320,7 @@ export class Identifiers {
   static sanitizeUrl: o.ExternalReference = {name: 'ɵɵsanitizeUrl', moduleName: CORE};
   static sanitizeUrlOrResourceUrl:
       o.ExternalReference = {name: 'ɵɵsanitizeUrlOrResourceUrl', moduleName: CORE};
+  static trustHtml: o.ExternalReference = {name: 'ɵɵtrustHtml', moduleName: CORE};
+  static trustScript: o.ExternalReference = {name: 'ɵɵtrustScript', moduleName: CORE};
+  static trustResourceUrl: o.ExternalReference = {name: 'ɵɵtrustResourceUrl', moduleName: CORE};
 }

packages/compiler/src/render3/view/template.ts

@@ -568,7 +568,8 @@ export class TemplateDefinitionBuilder implements t.Visitor<void>, LocalResolver
 
     const nonContentSelectAttributes =
         ngContent.attributes.filter(attr => attr.name.toLowerCase() !== NG_CONTENT_SELECT_ATTR);
-    const attributes = this.getAttributeExpressions(nonContentSelectAttributes, [], []);
+    const attributes =
+        this.getAttributeExpressions(ngContent.name, nonContentSelectAttributes, [], []);
 
     if (attributes.length > 0) {
       parameters.push(o.literal(projectionSlotIdx), o.literalArr(attributes));
@@ -635,7 +636,7 @@ export class TemplateDefinitionBuilder implements t.Visitor<void>, LocalResolver
 
     // add attributes for directive and projection matching purposes
     const attributes: o.Expression[] = this.getAttributeExpressions(
-        outputAttrs, allOtherInputs, element.outputs, stylingBuilder, [], i18nAttrs);
+        element.name, outputAttrs, allOtherInputs, element.outputs, stylingBuilder, [], i18nAttrs);
     parameters.push(this.addAttrsToConsts(attributes));
 
     // local refs (ex.: <div #foo #bar="baz">)
@@ -867,8 +868,8 @@ export class TemplateDefinitionBuilder implements t.Visitor<void>, LocalResolver
     // prepare attributes parameter (including attributes used for directive matching)
     const [i18nStaticAttrs, staticAttrs] = partitionArray(template.attributes, hasI18nMeta);
     const attrsExprs: o.Expression[] = this.getAttributeExpressions(
-        staticAttrs, template.inputs, template.outputs, undefined /* styles */,
-        template.templateAttrs, i18nStaticAttrs);
+        NG_TEMPLATE_TAG_NAME, staticAttrs, template.inputs, template.outputs,
+        undefined /* styles */, template.templateAttrs, i18nStaticAttrs);
     parameters.push(this.addAttrsToConsts(attrsExprs));
 
     // local refs (ex.: <ng-template #foo>)
@@ -1285,8 +1286,9 @@ export class TemplateDefinitionBuilder implements t.Visitor<void>, LocalResolver
    * because those values are intended to always be generated as property instructions.
    */
   private getAttributeExpressions(
-      renderAttributes: t.TextAttribute[], inputs: t.BoundAttribute[], outputs: t.BoundEvent[],
-      styles?: StylingBuilder, templateAttrs: (t.BoundAttribute|t.TextAttribute)[] = [],
+      elementName: string, renderAttributes: t.TextAttribute[], inputs: t.BoundAttribute[],
+      outputs: t.BoundEvent[], styles?: StylingBuilder,
+      templateAttrs: (t.BoundAttribute|t.TextAttribute)[] = [],
       i18nAttrs: (t.BoundAttribute|t.TextAttribute)[] = []): o.Expression[] {
     const alreadySeen = new Set<string>();
     const attrExprs: o.Expression[] = [];
@@ -1296,7 +1298,8 @@ export class TemplateDefinitionBuilder implements t.Visitor<void>, LocalResolver
       if (attr.name === NG_PROJECT_AS_ATTR_NAME) {
         ngProjectAsAttr = attr;
       }
-      attrExprs.push(...getAttributeNameLiterals(attr.name), asLiteral(attr.value));
+      attrExprs.push(
+          ...getAttributeNameLiterals(attr.name), trustedConstAttribute(elementName, attr));
     });
 
     // Keep ngProjectAs next to the other name, value pairs so we can verify that we match
@@ -2128,6 +2131,33 @@ export function resolveSanitizationFn(context: core.SecurityContext, isAttribute
   }
 }
 
+export function resolveTrustFn(context: core.SecurityContext) {
+  switch (context) {
+    case core.SecurityContext.HTML:
+      return o.importExpr(R3.trustHtml);
+    case core.SecurityContext.SCRIPT:
+      return o.importExpr(R3.trustScript);
+    case core.SecurityContext.RESOURCE_URL:
+      return o.importExpr(R3.trustResourceUrl);
+    default:
+      return null;
+  }
+}
+
+function trustedConstAttribute(tagName: string, attr: t.TextAttribute): o.Expression {
+  const value = asLiteral(attr.value);
+  for (const isAttribute of [true, false]) {
+    const trustFn =
+        resolveTrustFn(elementRegistry.securityContext(tagName, attr.name, isAttribute));
+    if (trustFn) {
+      return o.taggedTemplate(
+          trustFn,
+          new o.TemplateLiteral([new o.TemplateLiteralElement(attr.value, attr.valueSpan)], []));
+    }
+  }
+  return value;
+}
+
 function isSingleElementTemplate(children: t.Node[]): children is[t.Element] {
   return children.length === 1 && children[0] instanceof t.Element;
 }

packages/core/src/core_render3_private_export.ts

@@ -290,6 +290,9 @@ export {
   ɵɵsanitizeStyle,
   ɵɵsanitizeUrl,
   ɵɵsanitizeUrlOrResourceUrl,
+  ɵɵtrustHtml,
+  ɵɵtrustResourceUrl,
+  ɵɵtrustScript,
 } from './sanitization/sanitization';
 export {
   noSideEffects as ɵnoSideEffects,

packages/core/src/render3/i18n/i18n_parse.ts

@@ -10,6 +10,7 @@ import '../../util/ng_i18n_closure_mode';
 
 import {getTemplateContent, SRCSET_ATTRS, URI_ATTRS, VALID_ATTRS, VALID_ELEMENTS} from '../../sanitization/html_sanitizer';
 import {getInertBodyHelper} from '../../sanitization/inert_body';
+import {getTrustedTypesPolicy, trustedConstSanitizer} from '../../sanitization/trusted_types';
 import {_sanitizeUrl, sanitizeSrcset} from '../../sanitization/url_sanitizer';
 import {addAllToArray} from '../../util/array_utils';
 import {assertEqual} from '../../util/assert';
@@ -242,7 +243,7 @@ export function i18nAttributesFirstPass(
           // Set attributes for Elements only, for other types (like ElementContainer),
           // only set inputs below
           if (tNode.type === TNodeType.Element) {
-            elementAttributeInternal(tNode, lView, attrName, value, null, null);
+            elementAttributeInternal(tNode, lView, attrName, value, trustedConstSanitizer, null);
           }
           // Check if that attribute is a directive input
           const dataValue = tNode.inputs !== null && tNode.inputs[attrName];
@@ -524,7 +525,7 @@ export function parseICUBlock(pattern: string): IcuExpression {
 function parseIcuCase(
     unsafeHtml: string, parentIndex: number, nestedIcus: IcuExpression[], tIcus: TIcu[],
     expandoStartIndex: number): IcuCase {
-  const inertBodyHelper = getInertBodyHelper(getDocument());
+  const inertBodyHelper = getInertBodyHelper(getDocument(), getTrustedTypesPolicy());
   const inertBodyElement = inertBodyHelper.getInertBodyElement(unsafeHtml);
   if (!inertBodyElement) {
     throw new Error('Unable to generate inert body element');

packages/core/src/render3/interfaces/renderer.ts

@@ -80,15 +80,18 @@ export interface ProceduralRenderer3 {
   parentNode(node: RNode): RElement|null;
   nextSibling(node: RNode): RNode|null;
 
-  setAttribute(el: RElement, name: string, value: string, namespace?: string|null): void;
+  setAttribute(
+      el: RElement, name: string, value: string|TrustedHTML|TrustedScript|TrustedScriptURL,
+      namespace?: string|null): void;
   removeAttribute(el: RElement, name: string, namespace?: string|null): void;
   addClass(el: RElement, name: string): void;
   removeClass(el: RElement, name: string): void;
   setStyle(
       el: RElement, style: string, value: any,
       flags?: RendererStyleFlags2|RendererStyleFlags3): void;
   removeStyle(el: RElement, style: string, flags?: RendererStyleFlags2|RendererStyleFlags3): void;
-  setProperty(el: RElement, name: string, value: any): void;
+  setProperty(el: RElement, name: string|TrustedHTML|TrustedScript|TrustedScriptURL, value: any):
+      void;
   setValue(node: RText|RComment, value: string): void;
 
   // TODO(misko): Deprecate in favor of addEventListener/removeEventListener
@@ -157,9 +160,11 @@ export interface RElement extends RNode {
   classList: RDomTokenList;
   className: string;
   textContent: string|null;
-  setAttribute(name: string, value: string): void;
+  setAttribute(name: string, value: string|TrustedHTML|TrustedScript|TrustedScriptURL): void;
   removeAttribute(name: string): void;
-  setAttributeNS(namespaceURI: string, qualifiedName: string, value: string): void;
+  setAttributeNS(
+      namespaceURI: string, qualifiedName: string,
+      value: string|TrustedHTML|TrustedScript|TrustedScriptURL): void;
   addEventListener(type: string, listener: EventListener, useCapture?: boolean): void;
   removeEventListener(type: string, listener?: EventListener, options?: boolean): void;
 

packages/core/src/render3/interfaces/sanitization.ts

@@ -9,4 +9,5 @@
 /**
  * Function used to sanitize the value before writing it into the renderer.
  */
-export type SanitizerFn = (value: any, tagName?: string, propName?: string) => string;
+export type SanitizerFn = (value: any, tagName?: string, propName?: string) =>
+    string|TrustedHTML|TrustedScript|TrustedScriptURL;

packages/core/src/render3/jit/environment.ts

@@ -166,4 +166,5 @@ export const angularCoreEnv: {[name: string]: Function} =
        'ɵɵsanitizeScript': sanitization.ɵɵsanitizeScript,
        'ɵɵsanitizeUrl': sanitization.ɵɵsanitizeUrl,
        'ɵɵsanitizeUrlOrResourceUrl': sanitization.ɵɵsanitizeUrlOrResourceUrl,
+       'ɵɵtrustHtml': sanitization.ɵɵtrustHtml,
      }))();

packages/core/src/sanitization/bypass.ts

@@ -58,8 +58,8 @@ export interface SafeUrl extends SafeValue {}
 export interface SafeResourceUrl extends SafeValue {}
 
 
-abstract class SafeValueImpl implements SafeValue {
-  constructor(public changingThisBreaksApplicationSecurity: string) {}
+abstract class SafeValueImpl<T> implements SafeValue {
+  constructor(public changingThisBreaksApplicationSecurity: string|T) {}
 
   abstract getTypeName(): string;
 
@@ -69,35 +69,35 @@ abstract class SafeValueImpl implements SafeValue {
   }
 }
 
-class SafeHtmlImpl extends SafeValueImpl implements SafeHtml {
+class SafeHtmlImpl extends SafeValueImpl<TrustedHTML> implements SafeHtml {
   getTypeName() {
     return BypassType.Html;
   }
 }
-class SafeStyleImpl extends SafeValueImpl implements SafeStyle {
+class SafeStyleImpl extends SafeValueImpl<string> implements SafeStyle {
   getTypeName() {
     return BypassType.Style;
   }
 }
-class SafeScriptImpl extends SafeValueImpl implements SafeScript {
+class SafeScriptImpl extends SafeValueImpl<TrustedScript> implements SafeScript {
   getTypeName() {
     return BypassType.Script;
   }
 }
-class SafeUrlImpl extends SafeValueImpl implements SafeUrl {
+class SafeUrlImpl extends SafeValueImpl<string> implements SafeUrl {
   getTypeName() {
     return BypassType.Url;
   }
 }
-class SafeResourceUrlImpl extends SafeValueImpl implements SafeResourceUrl {
+class SafeResourceUrlImpl extends SafeValueImpl<TrustedScriptURL> implements SafeResourceUrl {
   getTypeName() {
     return BypassType.ResourceUrl;
   }
 }
 
-export function unwrapSafeValue(value: SafeValue): string;
+export function unwrapSafeValue<T>(value: SafeValue): string|T;
 export function unwrapSafeValue<T>(value: T): T;
-export function unwrapSafeValue<T>(value: T|SafeValue): T {
+export function unwrapSafeValue<T>(value: any): string|T {
   return value instanceof SafeValueImpl ? value.changingThisBreaksApplicationSecurity as any as T :
                                           value as any as T;
 }
@@ -137,7 +137,7 @@ export function getSanitizationBypassType(value: any): BypassType|null {
  * @param trustedHtml `html` string which needs to be implicitly trusted.
  * @returns a `html` which has been branded to be implicitly trusted.
  */
-export function bypassSanitizationTrustHtml(trustedHtml: string): SafeHtml {
+export function bypassSanitizationTrustHtml(trustedHtml: string|TrustedHTML): SafeHtml {
   return new SafeHtmlImpl(trustedHtml);
 }
 /**
@@ -161,7 +161,7 @@ export function bypassSanitizationTrustStyle(trustedStyle: string): SafeStyle {
  * @param trustedScript `script` string which needs to be implicitly trusted.
  * @returns a `script` which has been branded to be implicitly trusted.
  */
-export function bypassSanitizationTrustScript(trustedScript: string): SafeScript {
+export function bypassSanitizationTrustScript(trustedScript: string|TrustedScript): SafeScript {
   return new SafeScriptImpl(trustedScript);
 }
 /**
@@ -185,6 +185,7 @@ export function bypassSanitizationTrustUrl(trustedUrl: string): SafeUrl {
  * @param trustedResourceUrl `url` string which needs to be implicitly trusted.
  * @returns a `url` which has been branded to be implicitly trusted.
  */
-export function bypassSanitizationTrustResourceUrl(trustedResourceUrl: string): SafeResourceUrl {
+export function bypassSanitizationTrustResourceUrl(trustedResourceUrl: string|
+                                                   TrustedScriptURL): SafeResourceUrl {
   return new SafeResourceUrlImpl(trustedResourceUrl);
 }

packages/core/src/sanitization/html_sanitizer.ts

@@ -8,6 +8,7 @@
 
 import {isDevMode} from '../util/is_dev_mode';
 import {getInertBodyHelper, InertBodyHelper} from './inert_body';
+import {getTrustedTypesPolicy} from './trusted_types';
 import {_sanitizeUrl, sanitizeSrcset} from './url_sanitizer';
 
 function tagSet(tags: string): {[k: string]: boolean} {
@@ -242,10 +243,10 @@ let inertBodyHelper: InertBodyHelper;
  * Sanitizes the given unsafe, untrusted HTML fragment, and returns HTML text that is safe to add to
  * the DOM in a browser environment.
  */
-export function _sanitizeHtml(defaultDoc: any, unsafeHtmlInput: string): string {
+export function _sanitizeHtml(defaultDoc: any, unsafeHtmlInput: string): string|TrustedHTML {
   let inertBodyElement: HTMLElement|null = null;
   try {
-    inertBodyHelper = inertBodyHelper || getInertBodyHelper(defaultDoc);
+    inertBodyHelper = inertBodyHelper || getInertBodyHelper(defaultDoc, getTrustedTypesPolicy());
     // Make sure unsafeHtml is actually a string (TypeScript types are not enforced at runtime).
     let unsafeHtml = unsafeHtmlInput ? String(unsafeHtmlInput) : '';
     inertBodyElement = inertBodyHelper.getInertBodyElement(unsafeHtml);
@@ -274,7 +275,7 @@ export function _sanitizeHtml(defaultDoc: any, unsafeHtmlInput: string): string
           'WARNING: sanitizing HTML stripped some content, see http://g.co/ng/security#xss');
     }
 
-    return safeHtml;
+    return getTrustedTypesPolicy()?.createHTML(safeHtml) ?? safeHtml;
   } finally {
     // In case anything goes wrong, clear out inertElement to reset the entire DOM structure.
     if (inertBodyElement) {

packages/core/src/sanitization/inert_body.ts

@@ -13,8 +13,10 @@
  * Default: DOMParser strategy
  * Fallback: InertDocument strategy
  */
-export function getInertBodyHelper(defaultDoc: Document): InertBodyHelper {
-  return isDOMParserAvailable() ? new DOMParserHelper() : new InertDocumentHelper(defaultDoc);
+export function getInertBodyHelper(
+    defaultDoc: Document, trustedTypePolicy?: TrustedTypePolicy|null): InertBodyHelper {
+  return isDOMParserAvailable() ? new DOMParserHelper(trustedTypePolicy) :
+                                  new InertDocumentHelper(defaultDoc, trustedTypePolicy);
 }
 
 export interface InertBodyHelper {
@@ -29,15 +31,20 @@ export interface InertBodyHelper {
  * This is the default strategy used in browsers that support it.
  */
 class DOMParserHelper implements InertBodyHelper {
+  constructor(private readonly trustedTypePolicy?: TrustedTypePolicy|null) {}
+
   getInertBodyElement(html: string): HTMLElement|null {
     // We add these extra elements to ensure that the rest of the content is parsed as expected
     // e.g. leading whitespace is maintained and tags like `<meta>` do not get hoisted to the
     // `<head>` tag. Note that the `<body>` tag is closed implicitly to prevent unclosed tags
     // in `html` from consuming the otherwise explicit `</body>` tag.
     html = '<body><remove></remove>' + html;
     try {
-      const body = new (window as any).DOMParser().parseFromString(html, 'text/html').body as
-          HTMLBodyElement;
+      const body =
+          new (window as any)
+              .DOMParser()
+              .parseFromString(this.trustedTypePolicy?.createHTML(html) ?? html, 'text/html')
+              .body as HTMLBodyElement;
       body.removeChild(body.firstChild!);
       return body;
     } catch {
@@ -54,7 +61,8 @@ class DOMParserHelper implements InertBodyHelper {
 class InertDocumentHelper implements InertBodyHelper {
   private inertDocument: Document;
 
-  constructor(private defaultDoc: Document) {
+  constructor(
+      private defaultDoc: Document, private readonly trustedTypePolicy?: TrustedTypePolicy|null) {
     this.inertDocument = this.defaultDoc.implementation.createHTMLDocument('sanitization-inert');
 
     if (this.inertDocument.body == null) {
@@ -71,7 +79,8 @@ class InertDocumentHelper implements InertBodyHelper {
     // Prefer using <template> element if supported.
     const templateEl = this.inertDocument.createElement('template');
     if ('content' in templateEl) {
-      templateEl.innerHTML = html;
+      templateEl.innerHTML =
+          (this.trustedTypePolicy?.createHTML(html) ?? html) as unknown as string;
       return templateEl;
     }
 
@@ -83,7 +92,7 @@ class InertDocumentHelper implements InertBodyHelper {
     // down the line. This has been worked around by creating a new inert `body` and using it as
     // the root node in which we insert the HTML.
     const inertBody = this.inertDocument.createElement('body');
-    inertBody.innerHTML = html;
+    inertBody.innerHTML = (this.trustedTypePolicy?.createHTML(html) ?? html) as unknown as string;
 
     // Support: IE 9-11 only
     // strip custom-namespaced attributes on IE<=11
@@ -129,7 +138,9 @@ class InertDocumentHelper implements InertBodyHelper {
  */
 export function isDOMParserAvailable() {
   try {
-    return !!new (window as any).DOMParser().parseFromString('', 'text/html');
+    return !!new (window as any)
+                 .DOMParser()
+                 .parseFromString(window.trustedTypes?.emptyHTML ?? '', 'text/html');
   } catch {
     return false;
   }