LibWeb: Integrate execCommand with TrustedTypes

The proposal has been abandoned but the WPT checks that this api
is covered by TrustedTypes policies.

We apply the same basic processing as the rest of apis.

Author: tete17

Libraries/LibWeb/DOM/Document.h

@@ -671,7 +671,7 @@ class WEB_API Document
     void set_previous_document_unload_timing(DocumentUnloadTimingInfo const& previous_document_unload_timing) { m_previous_document_unload_timing = previous_document_unload_timing; }
 
     // https://w3c.github.io/editing/docs/execCommand/
-    WebIDL::ExceptionOr<bool> exec_command(FlyString const& command, bool show_ui, Utf16String const& value);
+    WebIDL::ExceptionOr<bool> exec_command(FlyString const& command, bool show_ui, TrustedTypes::TrustedHTMLOrString const& value);
     WebIDL::ExceptionOr<bool> query_command_enabled(FlyString const& command);
     WebIDL::ExceptionOr<bool> query_command_indeterm(FlyString const& command);
     WebIDL::ExceptionOr<bool> query_command_state(FlyString const& command);

Libraries/LibWeb/DOM/Document.idl

@@ -143,8 +143,7 @@ interface Document : Node {
     readonly attribute Element? scrollingElement;
 
     // https://w3c.github.io/editing/docs/execCommand/
-    // FIXME: [CEReactions] boolean execCommand(DOMString commandId, optional boolean showUI = false, optional (TrustedHTML or DOMString) value = "");
-    [CEReactions] boolean execCommand(DOMString commandId, optional boolean showUI = false, optional Utf16DOMString value = "");
+    [CEReactions] boolean execCommand(DOMString commandId, optional boolean showUI = false, optional (TrustedHTML or Utf16DOMString) value = "");
     boolean queryCommandEnabled(DOMString commandId);
     boolean queryCommandIndeterm(DOMString commandId);
     boolean queryCommandState(DOMString commandId);

Libraries/LibWeb/DOM/EditingHostManager.cpp

@@ -181,7 +181,7 @@ void EditingHostManager::handle_delete(DeleteDirection direction)
     // the Delete key while the cursor is in an editable node, the user agent must call execCommand("forwarddelete") on
     // the relevant document.
     auto command = direction == DeleteDirection::Backward ? Editing::CommandNames::delete_ : Editing::CommandNames::forwardDelete;
-    auto editing_result = m_document->exec_command(command, false, {});
+    auto editing_result = m_document->exec_command(command, false, ""_utf16);
     if (editing_result.is_exception())
         dbgln("handle_delete(): editing resulted in exception: {}", editing_result.exception());
 }
@@ -200,7 +200,7 @@ EventResult EditingHostManager::handle_return_key(FlyString const& ui_input_type
     auto command = ui_input_type == UIEvents::InputTypes::insertParagraph
         ? Editing::CommandNames::insertParagraph
         : Editing::CommandNames::insertLineBreak;
-    auto editing_result = m_document->exec_command(command, false, {});
+    auto editing_result = m_document->exec_command(command, false, ""_utf16);
     if (editing_result.is_exception()) {
         dbgln("handle_return_key(): editing resulted in exception: {}", editing_result.exception());
         return EventResult::Dropped;

Libraries/LibWeb/Editing/ExecCommand.cpp

@@ -12,13 +12,31 @@
 #include <LibWeb/Editing/Commands.h>
 #include <LibWeb/Editing/Internal/Algorithms.h>
 #include <LibWeb/Selection/Selection.h>
+#include <LibWeb/TrustedTypes/RequireTrustedTypesForDirective.h>
+#include <LibWeb/TrustedTypes/TrustedHTML.h>
+#include <LibWeb/TrustedTypes/TrustedTypePolicy.h>
 #include <LibWeb/UIEvents/InputEvent.h>
 
 namespace Web::DOM {
 
 // https://w3c.github.io/editing/docs/execCommand/#execcommand()
-WebIDL::ExceptionOr<bool> Document::exec_command(FlyString const& command, [[maybe_unused]] bool show_ui, Utf16String const& value)
+WebIDL::ExceptionOr<bool> Document::exec_command(FlyString const& command, [[maybe_unused]] bool show_ui, TrustedTypes::TrustedHTMLOrString const& value)
 {
+    Utf16String compliant_string;
+    if (command.equals_ignoring_ascii_case(Editing::CommandNames::insertHTML)) {
+        // AD-HOC: The spec has been abandoned but there is a WPT tests checking weather this api follows TrustedTypes
+        compliant_string = TRY(TrustedTypes::get_trusted_type_compliant_string(
+            TrustedTypes::TrustedTypeName::TrustedHTML,
+            relevant_global_object(*this),
+            value.downcast<TrustedTypes::TrustedHTMLOrString>(),
+            TrustedTypes::InjectionSink::DocumentexecCommand,
+            TrustedTypes::Script.to_string()));
+    } else {
+        compliant_string = value.downcast<TrustedTypes::TrustedHTMLOrString>().visit(
+            [](auto const& value) { return value->to_string(); },
+            [](Utf16String const& value) { return value; });
+    }
+
     // AD-HOC: This is not directly mentioned in the spec, but all major browsers limit editing API calls to HTML documents
     if (!is_html_document())
         return WebIDL::InvalidStateError::create(realm(), "execCommand is only supported on HTML documents"_utf16);
@@ -101,7 +119,7 @@ WebIDL::ExceptionOr<bool> Document::exec_command(FlyString const& command, [[may
     auto old_character_data_version = character_data_version();
 
     // 5. Take the action for command, passing value to the instructions as an argument.
-    auto command_result = command_definition.action(*this, value);
+    auto command_result = command_definition.action(*this, compliant_string);
 
     // https://w3c.github.io/editing/docs/execCommand/#preserves-overrides
     // After taking the action, if the active range is collapsed, it must restore states and values from the recorded
@@ -125,7 +143,7 @@ WebIDL::ExceptionOr<bool> Document::exec_command(FlyString const& command, [[may
 
         // AD-HOC: For insertText, we do what other browsers do and set data to value.
         if (command == Editing::CommandNames::insertText)
-            event_init.data = value;
+            event_init.data = compliant_string;
 
         auto event = UIEvents::InputEvent::create_from_platform_event(realm(), HTML::EventNames::input, event_init);
         event->set_is_trusted(true);

Libraries/LibWeb/TrustedTypes/InjectionSink.h

@@ -17,6 +17,7 @@ namespace Web::TrustedTypes {
 
 // https://w3c.github.io/trusted-types/dist/spec/#injection-sink
 #define ENUMERATE_INJECTION_SINKS                                                        \
+    __ENUMERATE_INJECTION_SINKS(DocumentexecCommand, "Document execCommand")             \
     __ENUMERATE_INJECTION_SINKS(DocumentparseHTMLUnsafe, "Document parseHTMLUnsafe")     \
     __ENUMERATE_INJECTION_SINKS(Documentwrite, "Document write")                         \
     __ENUMERATE_INJECTION_SINKS(Documentwriteln, "Document writeln")                     \

Tests/LibWeb/Text/expected/Editing/execCommand-case-insensitivity.txt

@@ -1,9 +1,9 @@
 queryCommandSupported("selectall"): true
 queryCommandEnabled("selectall"): true
-execCommand("selectall"): PASS
+execCommand("selectall"): 
 queryCommandSupported("SELECTALL"): true
 queryCommandEnabled("SELECTALL"): true
-execCommand("SELECTALL"): PASS
+execCommand("SELECTALL"): 
 queryCommandSupported("SeLeCtAlL"): true
 queryCommandEnabled("SeLeCtAlL"): true
-execCommand("SeLeCtAlL"): PASS
+execCommand("SeLeCtAlL"):