From c08e44e8eb447a65eb25a38b62b72783551f6b12 Mon Sep 17 00:00:00 2001
From: Noah Bright <noah.bright.1@gmail.com>
Date: Tue, 15 Oct 2024 13:55:38 -0400
Subject: [PATCH] LibWeb: Stub in CSP List

Define CSP list and associated enums from Content Security Policy
Spec
---
 .../Libraries/LibWeb/DOM/StyleElementUtils.h  | 13 +++++++
 Userland/Libraries/LibWeb/HTML/Policy.h       | 37 +++++++++++++++++++
 .../LibWeb/HTML/PolicyContainers.cpp          | 25 +++++++++++++
 .../Libraries/LibWeb/HTML/PolicyContainers.h  |  8 +++-
 4 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 Userland/Libraries/LibWeb/HTML/Policy.h

diff --git a/Userland/Libraries/LibWeb/DOM/StyleElementUtils.h b/Userland/Libraries/LibWeb/DOM/StyleElementUtils.h
index d7e2fa1acd25..8c946cfa2566 100644
--- a/Userland/Libraries/LibWeb/DOM/StyleElementUtils.h
+++ b/Userland/Libraries/LibWeb/DOM/StyleElementUtils.h
@@ -12,6 +12,19 @@
 
 namespace Web::DOM {
 
+// https://w3c.github.io/webappsec-csp/#should-block-inline
+enum class InlineType {
+    Script,
+    ScriptAttribute,
+    Style,
+    StyleAttribute
+};
+
+enum class ShouldBeBlockedByContentSecurityPolicy {
+    Allowed,
+    Blocked
+};
+
 class StyleElementUtils {
 public:
     void update_a_style_block(DOM::Element& style_element);
diff --git a/Userland/Libraries/LibWeb/HTML/Policy.h b/Userland/Libraries/LibWeb/HTML/Policy.h
new file mode 100644
index 000000000000..ba7d04a8d542
--- /dev/null
+++ b/Userland/Libraries/LibWeb/HTML/Policy.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2024, Noah Bright <noah.bright.1@gmail.com>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <AK/HashTable.h>
+#include <AK/String.h>
+#include <LibURL/Origin.h>
+
+// https://w3c.github.io/webappsec-csp/#framework-policy
+namespace Web::HTML {
+
+enum class PolicyDisposition {
+    Enforce,
+    Report
+};
+
+enum class PolicySource {
+    Head,
+    Meta
+};
+
+// https://w3c.github.io/webappsec-csp/#content-security-policy-object
+struct Policy {
+    // https://w3c.github.io/webappsec-csp/#directives
+    OrderedHashMap<String, Optional<HashTable<String>>> directive_set;
+    PolicyDisposition disposition;
+    PolicySource source;
+    URL::Origin self_origin;
+};
+
+using CSPList = Vector<Policy>;
+
+}
diff --git a/Userland/Libraries/LibWeb/HTML/PolicyContainers.cpp b/Userland/Libraries/LibWeb/HTML/PolicyContainers.cpp
index 55f820ab52de..5733c18c31e4 100644
--- a/Userland/Libraries/LibWeb/HTML/PolicyContainers.cpp
+++ b/Userland/Libraries/LibWeb/HTML/PolicyContainers.cpp
@@ -6,7 +6,32 @@
 
 #include <LibIPC/Decoder.h>
 #include <LibIPC/Encoder.h>
+#include <LibWeb/DOM/Document.h>
 #include <LibWeb/HTML/PolicyContainers.h>
+#include <LibWeb/HTML/Window.h>
+#include <LibWeb/HTML/WorkerGlobalScope.h>
+
+namespace Web::HTML {
+
+// https://w3c.github.io/webappsec-csp/#get-csp-of-object
+Optional<CSPList> retrieve_the_csp_list_of_an_object(JS::Object const& object)
+{
+    // 1. If object is a Document return object’s policy container's CSP list.
+    if (is<DOM::Document>(object))
+        return verify_cast<DOM::Document>(object).policy_container().csp_list;
+
+    // FIXME: 2. If object is a Window or a WorkerGlobalScope or a WorkletGlobalScope, return environment settings object’s policy container's CSP list.
+    //           WorkletGlobalScope not yet defined
+    if (is<Window>(object))
+        return verify_cast<Window>(object).associated_document().policy_container().csp_list;
+
+    if (is<WorkerGlobalScope>(object))
+        return verify_cast<WorkerGlobalScope>(object).policy_container().csp_list;
+
+    // 3. Return null.
+    return {};
+}
+}
 
 namespace IPC {
 
diff --git a/Userland/Libraries/LibWeb/HTML/PolicyContainers.h b/Userland/Libraries/LibWeb/HTML/PolicyContainers.h
index d30bd3cadfae..83e7bec14f30 100644
--- a/Userland/Libraries/LibWeb/HTML/PolicyContainers.h
+++ b/Userland/Libraries/LibWeb/HTML/PolicyContainers.h
@@ -7,7 +7,9 @@
 #pragma once
 
 #include <LibIPC/Forward.h>
+#include <LibJS/Runtime/Object.h>
 #include <LibWeb/HTML/EmbedderPolicy.h>
+#include <LibWeb/HTML/Policy.h>
 #include <LibWeb/ReferrerPolicy/ReferrerPolicy.h>
 
 namespace Web::HTML {
@@ -16,7 +18,8 @@ namespace Web::HTML {
 // A policy container is a struct containing policies that apply to a Document, a WorkerGlobalScope, or a WorkletGlobalScope. It has the following items:
 struct PolicyContainer {
     // https://html.spec.whatwg.org/multipage/origin.html#policy-container-csp-list
-    // FIXME: A CSP list, which is a CSP list. It is initially empty.
+    // A CSP list, which is a CSP list. It is initially empty.
+    CSPList csp_list {};
 
     // https://html.spec.whatwg.org/multipage/origin.html#policy-container-embedder-policy
     // An embedder policy, which is an embedder policy. It is initially a new embedder policy.
@@ -27,6 +30,9 @@ struct PolicyContainer {
     ReferrerPolicy::ReferrerPolicy referrer_policy { ReferrerPolicy::DEFAULT_REFERRER_POLICY };
 };
 
+// https://w3c.github.io/webappsec-csp/#get-csp-of-object
+Optional<CSPList> retrieve_the_csp_list_of_an_object(JS::Object const&);
+
 }
 
 namespace IPC {