Implement opt-in strictTemplatePolicy (flag TBD)

- disable dom-bind - disable dom-module template lookup - disable templatizer of templates not stamped in trusted polymer template
Polymer · Jul 18, 2018 · 2e6df0e · 2e6df0e
1 parent 7071cd5
commit 2e6df0e
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 3 deletions.
diff --git a/lib/elements/dom-bind.js b/lib/elements/dom-bind.js
@@ -50,6 +50,9 @@ export class DomBind extends domBindBase {
 
   constructor() {
     super();
+    if (window.strictTemplatePolicy) {
+      throw new Error(`strictTemplatePolicy: dom-bind not allowed`);
+    }
     this.root = null;
     this.$ = null;
     this.__children = null;

diff --git a/lib/elements/dom-module.js b/lib/elements/dom-module.js
@@ -121,6 +121,10 @@ export class DomModule extends HTMLElement {
   register(id) {
     id = id || this.id;
     if (id) {
+      if (window.strictTemplatePolicy && findModule(id)) {
+        modules[id] = lcModules[id.toLowerCase()] = null;
+        throw new Error(`strictTemplatePolicy: dom-module ${id} registered twice`);
+      }
       this.id = id;
       // store id separate from lowercased id so that
       // in all cases mixedCase id will stored distinctly

diff --git a/lib/legacy/class.js b/lib/legacy/class.js
@@ -156,7 +156,7 @@ function GenerateClassFromInfo(info, Base) {
       // get template first from any imperative set in `info._template`
       return info._template ||
         // next look in dom-module associated with this element's is.
-        DomModule && DomModule.import(this.is, 'template') ||
+        (!window.strictTemplatePolicy && (DomModule && DomModule.import(this.is, 'template'))) ||
         // next look for superclass template (note: use superclass symbol
         // to ensure correct `this.is`)
         Base.template ||

diff --git a/lib/mixins/element-mixin.js b/lib/mixins/element-mixin.js
@@ -378,8 +378,8 @@ export const ElementMixin = dedupingMixin(base => {
      */
     static get template() {
       if (!this.hasOwnProperty(JSCompiler_renameProperty('_template', this))) {
-        this._template = DomModule && DomModule.import(
-          /** @type {PolymerElementConstructor}*/ (this).is, 'template') ||
+        this._template = (!window.strictTemplatePolicy && DomModule && DomModule.import(
+          /** @type {PolymerElementConstructor}*/ (this).is, 'template')) ||
           // note: implemented so a subclass can retrieve the super
           // template; call the super impl this way so that `this` points
           // to the superclass.

diff --git a/lib/utils/templatize.js b/lib/utils/templatize.js
@@ -495,6 +495,9 @@ and this string can then be deleted`;
  * @suppress {invalidCasts}
  */
 export function templatize(template, owner, options) {
+  if (window.strictTemplatePolicy && !owner._methodHost) {
+    throw new Error('strictTemplatePolicy: template owner not trusted');
+  }
   options = /** @type {!TemplatizeOptions} */(options || {});
   if (template.__templatizeOwner) {
     throw new Error('A <template> can only be templatized once');