From 74bc901d7d86b9beb788c8a3fe82f74c509044dc Mon Sep 17 00:00:00 2001
From: Daniel La Rocque <dlarocque@google.com>
Date: Thu, 4 Jul 2024 11:15:19 -0400
Subject: [PATCH] Remove exemptions, and untested usages of safevalues

---
 packages/auth/tsconfig.json                          |  1 -
 packages/auth/tsec-exemptions.json                   |  3 ---
 packages/database-compat/tsconfig.json               |  1 -
 packages/database-compat/tsec-exemptions.json        |  3 ---
 .../database/src/realtime/BrowserPollConnection.ts   |  5 ++---
 packages/database/tsconfig.json                      |  1 -
 packages/database/tsec-exemptions.json               |  3 ---
 packages/messaging/src/helpers/registerDefaultSw.ts  | 12 ++++--------
 8 files changed, 6 insertions(+), 23 deletions(-)
 delete mode 100644 packages/auth/tsec-exemptions.json
 delete mode 100644 packages/database-compat/tsec-exemptions.json
 delete mode 100644 packages/database/tsec-exemptions.json

diff --git a/packages/auth/tsconfig.json b/packages/auth/tsconfig.json
index 9264e1461f0..f100c88aea0 100644
--- a/packages/auth/tsconfig.json
+++ b/packages/auth/tsconfig.json
@@ -6,7 +6,6 @@
       {
         "name": "tsec",
         "reportTsecDiagnosticsOnly": true,
-        "exemptionConfig": "./tsec-exemptions.json"
       }
     ]
   },
diff --git a/packages/auth/tsec-exemptions.json b/packages/auth/tsec-exemptions.json
deleted file mode 100644
index e366beec368..00000000000
--- a/packages/auth/tsec-exemptions.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "ban-element-setattribute": ["src/platform_browser/index.ts", "src/platform_browser/load_js.test.ts"]
-}
diff --git a/packages/database-compat/tsconfig.json b/packages/database-compat/tsconfig.json
index 891c6ae01f5..e2f493565c5 100644
--- a/packages/database-compat/tsconfig.json
+++ b/packages/database-compat/tsconfig.json
@@ -8,7 +8,6 @@
       {
         "name": "tsec",
         "reportTsecDiagnosticsOnly": true,
-        "exemptionConfig": "./tsec-exemptions.json"
       }
     ]
   },
diff --git a/packages/database-compat/tsec-exemptions.json b/packages/database-compat/tsec-exemptions.json
deleted file mode 100644
index 126a0ce25f9..00000000000
--- a/packages/database-compat/tsec-exemptions.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "ban-script-src-assignments": ["../database/src/realtime/BrowserPollConnection.ts"]
-}
diff --git a/packages/database/src/realtime/BrowserPollConnection.ts b/packages/database/src/realtime/BrowserPollConnection.ts
index 4dcb7dd641d..d8c32665721 100644
--- a/packages/database/src/realtime/BrowserPollConnection.ts
+++ b/packages/database/src/realtime/BrowserPollConnection.ts
@@ -16,8 +16,6 @@
  */
 
 import { base64Encode, isNodeSdk, stringify } from '@firebase/util';
-import { sanitizeHtml } from 'safevalues';
-import { safeDocument } from 'safevalues/dom';
 
 import { RepoInfo, repoInfoConnectionURL } from '../core/RepoInfo';
 import { StatsCollection } from '../core/stats/StatsCollection';
@@ -477,7 +475,8 @@ export class FirebaseIFrameScriptHolder {
       const iframeContents = '<html><body>' + script + '</body></html>';
       try {
         this.myIFrame.doc.open();
-        safeDocument.write(this.myIFrame.doc, sanitizeHtml(iframeContents));
+        // FIXME: Use the safevalues library to sanitize this
+        this.myIFrame.doc.write(iframeContents);
         this.myIFrame.doc.close();
       } catch (e) {
         log('frame writing exception');
diff --git a/packages/database/tsconfig.json b/packages/database/tsconfig.json
index 891c6ae01f5..e2f493565c5 100644
--- a/packages/database/tsconfig.json
+++ b/packages/database/tsconfig.json
@@ -8,7 +8,6 @@
       {
         "name": "tsec",
         "reportTsecDiagnosticsOnly": true,
-        "exemptionConfig": "./tsec-exemptions.json"
       }
     ]
   },
diff --git a/packages/database/tsec-exemptions.json b/packages/database/tsec-exemptions.json
deleted file mode 100644
index 39e700cb0cd..00000000000
--- a/packages/database/tsec-exemptions.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "ban-script-src-assignments": ["src/realtime/BrowserPollConnection.ts"]
-}
diff --git a/packages/messaging/src/helpers/registerDefaultSw.ts b/packages/messaging/src/helpers/registerDefaultSw.ts
index dd27943eb1c..3ab4dd870f5 100644
--- a/packages/messaging/src/helpers/registerDefaultSw.ts
+++ b/packages/messaging/src/helpers/registerDefaultSw.ts
@@ -15,10 +15,7 @@
  * limitations under the License.
  */
 
-import { trustedResourceUrl } from 'safevalues';
-import { safeServiceWorkerContainer } from 'safevalues/dom';
-
-import { DEFAULT_SW_SCOPE } from '../util/constants';
+import { DEFAULT_SW_PATH, DEFAULT_SW_SCOPE } from '../util/constants';
 import { ERROR_FACTORY, ErrorCode } from '../util/errors';
 
 import { MessagingService } from '../messaging-service';
@@ -27,10 +24,9 @@ export async function registerDefaultSw(
   messaging: MessagingService
 ): Promise<void> {
   try {
-    const container = navigator.serviceWorker;
-    messaging.swRegistration = await safeServiceWorkerContainer.register(
-      container,
-      trustedResourceUrl`/firebase-messaging-sw.js`,
+    // FIXME: Use safevalues to register the service worker with a sanitized URL.
+    messaging.swRegistration = await navigator.serviceWorker.register(
+      DEFAULT_SW_PATH,
       {
         scope: DEFAULT_SW_SCOPE
       }