[trusted types][www] Add enableTrustedTypesIntegration flag back in (#…

…26016) ## Summary The flag was first added in #16157 and was rolled out to employees in D17430095. #25997 removed this flag because it wasn't dynamically set to a value in www. The www side was mistakenly removed in D41851685 due to deprecation of a TypedJSModule but we still want to keep this flag, so let's add it back in + add a GK on the www side to match the previous rollout. See D42574435 for the dynamic value change in www ## How did you test this change? ``` yarn test yarn test --prod ``` DiffTrain build for [48b687f](48b687f) [View git log for this commit](https://github.com/facebook/react/commits/48b687fc95a172cec8f305312a27d105e5719581)
facebook · Jan 30, 2023 · a99bb5c · a99bb5c
1 parent 3447276
commit a99bb5c
Show file tree

Hide file tree

Showing 37 changed files with 182 additions and 56 deletions.
diff --git a/compiled/facebook-www/JSXDEVRuntime-dev.classic.js b/compiled/facebook-www/JSXDEVRuntime-dev.classic.js
@@ -107,6 +107,8 @@ var dynamicFeatureFlags = require("ReactFeatureFlags");
 
 var disableInputAttributeSyncing =
     dynamicFeatureFlags.disableInputAttributeSyncing,
+  enableTrustedTypesIntegration =
+    dynamicFeatureFlags.enableTrustedTypesIntegration,
   disableSchedulerTimeoutBasedOnReactExpirationTime =
     dynamicFeatureFlags.disableSchedulerTimeoutBasedOnReactExpirationTime,
   warnAboutSpreadingKeyToJSX = dynamicFeatureFlags.warnAboutSpreadingKeyToJSX,

diff --git a/compiled/facebook-www/JSXDEVRuntime-dev.modern.js b/compiled/facebook-www/JSXDEVRuntime-dev.modern.js
@@ -107,6 +107,8 @@ var dynamicFeatureFlags = require("ReactFeatureFlags");
 
 var disableInputAttributeSyncing =
     dynamicFeatureFlags.disableInputAttributeSyncing,
+  enableTrustedTypesIntegration =
+    dynamicFeatureFlags.enableTrustedTypesIntegration,
   disableSchedulerTimeoutBasedOnReactExpirationTime =
     dynamicFeatureFlags.disableSchedulerTimeoutBasedOnReactExpirationTime,
   warnAboutSpreadingKeyToJSX = dynamicFeatureFlags.warnAboutSpreadingKeyToJSX,

diff --git a/compiled/facebook-www/REVISION b/compiled/facebook-www/REVISION
@@ -1 +1 @@
-9b1423cc09c11f0a4e05b0ccb66d185093a16413
+48b687fc95a172cec8f305312a27d105e5719581
diff --git a/compiled/facebook-www/REVISION_TRANSFORMS b/compiled/facebook-www/REVISION_TRANSFORMS
@@ -1 +1 @@
-9b1423cc09c11f0a4e05b0ccb66d185093a16413
+48b687fc95a172cec8f305312a27d105e5719581
diff --git a/compiled/facebook-www/React-dev.classic.js b/compiled/facebook-www/React-dev.classic.js
@@ -27,7 +27,7 @@ if (
 }
           "use strict";
 
-var ReactVersion = "18.3.0-www-classic-9b1423cc0-20230130";
+var ReactVersion = "18.3.0-www-classic-48b687fc9-20230130";
 
 // ATTENTION
 // When adding new symbols to this file,
@@ -478,6 +478,8 @@ var dynamicFeatureFlags = require("ReactFeatureFlags");
 
 var disableInputAttributeSyncing =
     dynamicFeatureFlags.disableInputAttributeSyncing,
+  enableTrustedTypesIntegration =
+    dynamicFeatureFlags.enableTrustedTypesIntegration,
   disableSchedulerTimeoutBasedOnReactExpirationTime =
     dynamicFeatureFlags.disableSchedulerTimeoutBasedOnReactExpirationTime,
   warnAboutSpreadingKeyToJSX = dynamicFeatureFlags.warnAboutSpreadingKeyToJSX,

diff --git a/compiled/facebook-www/React-dev.modern.js b/compiled/facebook-www/React-dev.modern.js
@@ -27,7 +27,7 @@ if (
 }
           "use strict";
 
-var ReactVersion = "18.3.0-www-modern-9b1423cc0-20230130";
+var ReactVersion = "18.3.0-www-modern-48b687fc9-20230130";
 
 // ATTENTION
 // When adding new symbols to this file,
@@ -478,6 +478,8 @@ var dynamicFeatureFlags = require("ReactFeatureFlags");
 
 var disableInputAttributeSyncing =
     dynamicFeatureFlags.disableInputAttributeSyncing,
+  enableTrustedTypesIntegration =
+    dynamicFeatureFlags.enableTrustedTypesIntegration,
   disableSchedulerTimeoutBasedOnReactExpirationTime =
     dynamicFeatureFlags.disableSchedulerTimeoutBasedOnReactExpirationTime,
   warnAboutSpreadingKeyToJSX = dynamicFeatureFlags.warnAboutSpreadingKeyToJSX,

diff --git a/compiled/facebook-www/React-prod.classic.js b/compiled/facebook-www/React-prod.classic.js
@@ -643,4 +643,4 @@ exports.useSyncExternalStore = function(
   );
 };
 exports.useTransition = useTransition;
-exports.version = "18.3.0-www-classic-9b1423cc0-20230130";
+exports.version = "18.3.0-www-classic-48b687fc9-20230130";
diff --git a/compiled/facebook-www/React-prod.modern.js b/compiled/facebook-www/React-prod.modern.js
@@ -635,4 +635,4 @@ exports.useSyncExternalStore = function(
   );
 };
 exports.useTransition = useTransition;
-exports.version = "18.3.0-www-modern-9b1423cc0-20230130";
+exports.version = "18.3.0-www-modern-48b687fc9-20230130";
diff --git a/compiled/facebook-www/React-profiling.classic.js b/compiled/facebook-www/React-profiling.classic.js
@@ -654,7 +654,7 @@ exports.useSyncExternalStore = function(
   );
 };
 exports.useTransition = useTransition;
-exports.version = "18.3.0-www-classic-9b1423cc0-20230130";
+exports.version = "18.3.0-www-classic-48b687fc9-20230130";
 
           /* global __REACT_DEVTOOLS_GLOBAL_HOOK__ */
 if (

diff --git a/compiled/facebook-www/React-profiling.modern.js b/compiled/facebook-www/React-profiling.modern.js
@@ -646,7 +646,7 @@ exports.useSyncExternalStore = function(
   );
 };
 exports.useTransition = useTransition;
-exports.version = "18.3.0-www-modern-9b1423cc0-20230130";
+exports.version = "18.3.0-www-modern-48b687fc9-20230130";
 
           /* global __REACT_DEVTOOLS_GLOBAL_HOOK__ */
 if (

diff --git a/compiled/facebook-www/ReactART-dev.classic.js b/compiled/facebook-www/ReactART-dev.classic.js
@@ -69,7 +69,7 @@ function _assertThisInitialized(self) {
   return self;
 }
 
-var ReactVersion = "18.3.0-www-classic-9b1423cc0-20230130";
+var ReactVersion = "18.3.0-www-classic-48b687fc9-20230130";
 
 var LegacyRoot = 0;
 var ConcurrentRoot = 1;
@@ -167,6 +167,8 @@ var dynamicFeatureFlags = require("ReactFeatureFlags");
 
 var disableInputAttributeSyncing =
     dynamicFeatureFlags.disableInputAttributeSyncing,
+  enableTrustedTypesIntegration =
+    dynamicFeatureFlags.enableTrustedTypesIntegration,
   disableSchedulerTimeoutBasedOnReactExpirationTime =
     dynamicFeatureFlags.disableSchedulerTimeoutBasedOnReactExpirationTime,
   warnAboutSpreadingKeyToJSX = dynamicFeatureFlags.warnAboutSpreadingKeyToJSX,

diff --git a/compiled/facebook-www/ReactART-dev.modern.js b/compiled/facebook-www/ReactART-dev.modern.js
@@ -69,7 +69,7 @@ function _assertThisInitialized(self) {
   return self;
 }
 
-var ReactVersion = "18.3.0-www-modern-9b1423cc0-20230130";
+var ReactVersion = "18.3.0-www-modern-48b687fc9-20230130";
 
 var LegacyRoot = 0;
 var ConcurrentRoot = 1;
@@ -167,6 +167,8 @@ var dynamicFeatureFlags = require("ReactFeatureFlags");
 
 var disableInputAttributeSyncing =
     dynamicFeatureFlags.disableInputAttributeSyncing,
+  enableTrustedTypesIntegration =
+    dynamicFeatureFlags.enableTrustedTypesIntegration,
   disableSchedulerTimeoutBasedOnReactExpirationTime =
     dynamicFeatureFlags.disableSchedulerTimeoutBasedOnReactExpirationTime,
   warnAboutSpreadingKeyToJSX = dynamicFeatureFlags.warnAboutSpreadingKeyToJSX,

diff --git a/compiled/facebook-www/ReactART-prod.classic.js b/compiled/facebook-www/ReactART-prod.classic.js
@@ -9804,7 +9804,7 @@ var slice = Array.prototype.slice,
       return null;
     },
     bundleType: 0,
-    version: "18.3.0-www-classic-9b1423cc0-20230130",
+    version: "18.3.0-www-classic-48b687fc9-20230130",
     rendererPackageName: "react-art"
   };
 var internals$jscomp$inline_1318 = {
@@ -9835,7 +9835,7 @@ var internals$jscomp$inline_1318 = {
   scheduleRoot: null,
   setRefreshHandler: null,
   getCurrentFiber: null,
-  reconcilerVersion: "18.3.0-next-9b1423cc0-20230130"
+  reconcilerVersion: "18.3.0-next-48b687fc9-20230130"
 };
 if ("undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__) {
   var hook$jscomp$inline_1319 = __REACT_DEVTOOLS_GLOBAL_HOOK__;

diff --git a/compiled/facebook-www/ReactART-prod.modern.js b/compiled/facebook-www/ReactART-prod.modern.js
@@ -9471,7 +9471,7 @@ var slice = Array.prototype.slice,
       return null;
     },
     bundleType: 0,
-    version: "18.3.0-www-modern-9b1423cc0-20230130",
+    version: "18.3.0-www-modern-48b687fc9-20230130",
     rendererPackageName: "react-art"
   };
 var internals$jscomp$inline_1309 = {
@@ -9502,7 +9502,7 @@ var internals$jscomp$inline_1309 = {
   scheduleRoot: null,
   setRefreshHandler: null,
   getCurrentFiber: null,
-  reconcilerVersion: "18.3.0-next-9b1423cc0-20230130"
+  reconcilerVersion: "18.3.0-next-48b687fc9-20230130"
 };
 if ("undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__) {
   var hook$jscomp$inline_1310 = __REACT_DEVTOOLS_GLOBAL_HOOK__;

diff --git a/compiled/facebook-www/ReactDOM-dev.classic.js b/compiled/facebook-www/ReactDOM-dev.classic.js
@@ -37,6 +37,8 @@ var dynamicFeatureFlags = require("ReactFeatureFlags");
 
 var disableInputAttributeSyncing =
     dynamicFeatureFlags.disableInputAttributeSyncing,
+  enableTrustedTypesIntegration =
+    dynamicFeatureFlags.enableTrustedTypesIntegration,
   disableSchedulerTimeoutBasedOnReactExpirationTime =
     dynamicFeatureFlags.disableSchedulerTimeoutBasedOnReactExpirationTime,
   warnAboutSpreadingKeyToJSX = dynamicFeatureFlags.warnAboutSpreadingKeyToJSX,
@@ -67,7 +69,7 @@ var enableProfilerNestedUpdatePhase = true;
 var enableProfilerNestedUpdateScheduledHook =
   dynamicFeatureFlags.enableProfilerNestedUpdateScheduledHook;
 var createRootStrictEffectsByDefault = false;
-var enableClientRenderFallbackOnTextMismatch = false;
+var enableClientRenderFallbackOnTextMismatch = false; // Logs additional User Timing API marks for use with an experimental profiling tool.
 
 var enableSchedulingProfiler = dynamicFeatureFlags.enableSchedulingProfiler; // Note: we'll want to remove this when we to userland implementation.
 var enableSuspenseCallback = true;
@@ -1962,7 +1964,10 @@ function setValueForProperty(node, name, value, isCustomComponentTag) {
           checkAttributeStringCoercion(value, name);
         }
 
-        node.setAttribute(_attributeName, "" + value);
+        node.setAttribute(
+          _attributeName,
+          enableTrustedTypesIntegration ? value : "" + value
+        );
       }
     }
 
@@ -2002,7 +2007,9 @@ function setValueForProperty(node, name, value, isCustomComponentTag) {
     } else {
       // `setAttribute` with objects becomes only `[object]` in IE8/9,
       // ('' + value) makes it output the correct toString()-value.
-      {
+      if (enableTrustedTypesIntegration) {
+        attributeValue = value;
+      } else {
         {
           checkAttributeStringCoercion(value, attributeName);
         }
@@ -3551,6 +3558,23 @@ var reusableSVGContainer;
 
 var setInnerHTML = createMicrosoftUnsafeLocalFunction(function(node, html) {
   if (node.namespaceURI === SVG_NAMESPACE) {
+    {
+      if (enableTrustedTypesIntegration) {
+        // TODO: reconsider the text of this warning and when it should show
+        // before enabling the feature flag.
+        if (typeof trustedTypes !== "undefined") {
+          error(
+            "Using 'dangerouslySetInnerHTML' in an svg element with " +
+              "Trusted Types enabled in an Internet Explorer will cause " +
+              "the trusted value to be converted to string. Assigning string " +
+              "to 'innerHTML' will throw an error if Trusted Types are enforced. " +
+              "You can try to wrap your svg element inside a div and use 'dangerouslySetInnerHTML' " +
+              "on the enclosing div instead."
+          );
+        }
+      }
+    }
+
     if (!("innerHTML" in node)) {
       // IE does not have innerHTML for SVG nodes, so instead we inject the
       // new markup in a temp node and then move the child nodes across into
@@ -5286,6 +5310,7 @@ function validateProperties$2(type, props, eventRegistry) {
 }
 
 var didWarnInvalidHydration = false;
+var didWarnScriptTags = false;
 var DANGEROUSLY_SET_INNER_HTML = "dangerouslySetInnerHTML";
 var SUPPRESS_CONTENT_EDITABLE_WARNING = "suppressContentEditableWarning";
 var SUPPRESS_HYDRATION_WARNING = "suppressHydrationWarning";
@@ -5600,6 +5625,19 @@ function createElement(type, props, rootContainerElement, parentNamespace) {
       // set to true and it does not execute
       var div = ownerDocument.createElement("div");
 
+      {
+        if (enableTrustedTypesIntegration && !didWarnScriptTags) {
+          error(
+            "Encountered a script tag while rendering React component. " +
+              "Scripts inside React components are never executed when rendering " +
+              "on the client. Consider using template tag instead " +
+              "(https://developer.mozilla.org/en-US/docs/Web/HTML/Element/template)."
+          );
+
+          didWarnScriptTags = true;
+        }
+      }
+
       div.innerHTML = "<script><" + "/script>"; // eslint-disable-line
       // This is guaranteed to yield a script element.
 
@@ -42646,7 +42684,7 @@ function createFiberRoot(
   return root;
 }
 
-var ReactVersion = "18.3.0-www-classic-9b1423cc0-20230130";
+var ReactVersion = "18.3.0-www-classic-48b687fc9-20230130";
 
 function createPortal(
   children,

diff --git a/compiled/facebook-www/ReactDOM-dev.modern.js b/compiled/facebook-www/ReactDOM-dev.modern.js
@@ -141,6 +141,8 @@ var dynamicFeatureFlags = require("ReactFeatureFlags");
 
 var disableInputAttributeSyncing =
     dynamicFeatureFlags.disableInputAttributeSyncing,
+  enableTrustedTypesIntegration =
+    dynamicFeatureFlags.enableTrustedTypesIntegration,
   disableSchedulerTimeoutBasedOnReactExpirationTime =
     dynamicFeatureFlags.disableSchedulerTimeoutBasedOnReactExpirationTime,
   warnAboutSpreadingKeyToJSX = dynamicFeatureFlags.warnAboutSpreadingKeyToJSX,
@@ -171,7 +173,7 @@ var enableProfilerNestedUpdatePhase = true;
 var enableProfilerNestedUpdateScheduledHook =
   dynamicFeatureFlags.enableProfilerNestedUpdateScheduledHook;
 var createRootStrictEffectsByDefault = false;
-var enableClientRenderFallbackOnTextMismatch = false;
+var enableClientRenderFallbackOnTextMismatch = false; // Logs additional User Timing API marks for use with an experimental profiling tool.
 
 var enableSchedulingProfiler = dynamicFeatureFlags.enableSchedulingProfiler; // Note: we'll want to remove this when we to userland implementation.
 var enableSuspenseCallback = true;
@@ -1175,7 +1177,10 @@ function setValueForProperty(node, name, value, isCustomComponentTag) {
           checkAttributeStringCoercion(value, name);
         }
 
-        node.setAttribute(_attributeName, "" + value);
+        node.setAttribute(
+          _attributeName,
+          enableTrustedTypesIntegration ? value : "" + value
+        );
       }
     }
 
@@ -1215,7 +1220,9 @@ function setValueForProperty(node, name, value, isCustomComponentTag) {
     } else {
       // `setAttribute` with objects becomes only `[object]` in IE8/9,
       // ('' + value) makes it output the correct toString()-value.
-      {
+      if (enableTrustedTypesIntegration) {
+        attributeValue = value;
+      } else {
         {
           checkAttributeStringCoercion(value, attributeName);
         }
@@ -3020,6 +3027,23 @@ var reusableSVGContainer;
 
 var setInnerHTML = createMicrosoftUnsafeLocalFunction(function(node, html) {
   if (node.namespaceURI === SVG_NAMESPACE) {
+    {
+      if (enableTrustedTypesIntegration) {
+        // TODO: reconsider the text of this warning and when it should show
+        // before enabling the feature flag.
+        if (typeof trustedTypes !== "undefined") {
+          error(
+            "Using 'dangerouslySetInnerHTML' in an svg element with " +
+              "Trusted Types enabled in an Internet Explorer will cause " +
+              "the trusted value to be converted to string. Assigning string " +
+              "to 'innerHTML' will throw an error if Trusted Types are enforced. " +
+              "You can try to wrap your svg element inside a div and use 'dangerouslySetInnerHTML' " +
+              "on the enclosing div instead."
+          );
+        }
+      }
+    }
+
     if (!("innerHTML" in node)) {
       // IE does not have innerHTML for SVG nodes, so instead we inject the
       // new markup in a temp node and then move the child nodes across into
@@ -11715,6 +11739,7 @@ function getListenerSetKey(domEventName, capture) {
 }
 
 var didWarnInvalidHydration = false;
+var didWarnScriptTags = false;
 var DANGEROUSLY_SET_INNER_HTML = "dangerouslySetInnerHTML";
 var SUPPRESS_CONTENT_EDITABLE_WARNING = "suppressContentEditableWarning";
 var SUPPRESS_HYDRATION_WARNING = "suppressHydrationWarning";
@@ -12029,6 +12054,19 @@ function createElement(type, props, rootContainerElement, parentNamespace) {
       // set to true and it does not execute
       var div = ownerDocument.createElement("div");
 
+      {
+        if (enableTrustedTypesIntegration && !didWarnScriptTags) {
+          error(
+            "Encountered a script tag while rendering React component. " +
+              "Scripts inside React components are never executed when rendering " +
+              "on the client. Consider using template tag instead " +
+              "(https://developer.mozilla.org/en-US/docs/Web/HTML/Element/template)."
+          );
+
+          didWarnScriptTags = true;
+        }
+      }
+
       div.innerHTML = "<script><" + "/script>"; // eslint-disable-line
       // This is guaranteed to yield a script element.
 
@@ -42370,7 +42408,7 @@ function createFiberRoot(
   return root;
 }
 
-var ReactVersion = "18.3.0-www-modern-9b1423cc0-20230130";
+var ReactVersion = "18.3.0-www-modern-48b687fc9-20230130";
 
 function createPortal(
   children,