Avoid using Trusted Types in value contexts

In particular, replace instanceof checks with trustedTypes.is* checks and typeof expressions with the types themselves. This fixes a breakage caused by DefinitelyTyped/DefinitelyTyped#64360, which removed the ability to use Trusted Types in value contexts. PiperOrigin-RevId: 510113784
google · Feb 16, 2023 · cd56470 · cd56470
1 parent 70074d7
commit cd56470
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 9 deletions.
diff --git a/src/dom/elements/link.ts b/src/dom/elements/link.ts
@@ -4,7 +4,7 @@
  */
 
 import {unwrapUrlOrSanitize, Url} from '../../builders/url_sanitizer';
-import {TrustedResourceUrl, unwrapResourceUrl} from '../../internals/resource_url_impl';
+import {isResourceUrl, TrustedResourceUrl, unwrapResourceUrl} from '../../internals/resource_url_impl';
 
 const SAFE_URL_REL_VALUES = [
   'alternate',
@@ -63,7 +63,7 @@ export function setHrefAndRel(
 
 export function setHrefAndRel(
     link: HTMLLinkElement, url: TrustedResourceUrl|Url, rel: string) {
-  if (url instanceof TrustedResourceUrl) {
+  if (isResourceUrl(url)) {
     link.href = unwrapResourceUrl(url).toString();
   } else {
     if ((SAFE_URL_REL_VALUES as readonly string[]).indexOf(rel) === -1) {

diff --git a/src/internals/html_impl.ts b/src/internals/html_impl.ts
@@ -43,7 +43,7 @@ export type SafeHtml = TrustedHTML;
  * Also exports the constructor so that instanceof checks work.
  */
 export const SafeHtml =
-    (GlobalTrustedHTML ?? HtmlImpl) as unknown as typeof TrustedHTML;
+    (GlobalTrustedHTML ?? HtmlImpl) as unknown as TrustedHTML;
 
 /**
  * Builds a new `SafeHtml` from the given string, without enforcing safety
@@ -70,7 +70,7 @@ export const EMPTY_HTML: SafeHtml =
  * Checks if the given value is a `SafeHtml` instance.
  */
 export function isHtml(value: unknown): value is SafeHtml {
-  return value instanceof SafeHtml;
+  return getTrustedTypes()?.isHTML(value) || value instanceof HtmlImpl;
 }
 
 /**

diff --git a/src/internals/resource_url_impl.ts b/src/internals/resource_url_impl.ts
@@ -39,8 +39,8 @@ export type TrustedResourceUrl = TrustedScriptURL;
 /**
  * Also exports the constructor so that instanceof checks work.
  */
-export const TrustedResourceUrl = (GlobalTrustedScriptURL ?? ResourceUrlImpl) as
-    unknown as typeof TrustedScriptURL;
+export const TrustedResourceUrl =
+    (GlobalTrustedScriptURL ?? ResourceUrlImpl) as unknown as TrustedScriptURL;
 
 /**
  * Builds a new `TrustedResourceUrl` from the given string, without
@@ -61,7 +61,8 @@ export function createResourceUrl(url: string): TrustedResourceUrl {
  * Checks if the given value is a `TrustedResourceUrl` instance.
  */
 export function isResourceUrl(value: unknown): value is TrustedResourceUrl {
-  return value instanceof TrustedResourceUrl;
+  return getTrustedTypes()?.isScriptURL(value) ||
+      value instanceof ResourceUrlImpl;
 }
 
 /**

diff --git a/src/internals/script_impl.ts b/src/internals/script_impl.ts
@@ -45,7 +45,7 @@ export type SafeScript = TrustedScript;
  * Also exports the constructor so that instanceof checks work.
  */
 export const SafeScript =
-    (GlobalTrustedScript ?? ScriptImpl) as unknown as typeof TrustedScript;
+    (GlobalTrustedScript ?? ScriptImpl) as unknown as TrustedScript;
 
 /**
  * Builds a new `SafeScript` from the given string, without enforcing
@@ -72,7 +72,7 @@ export const EMPTY_SCRIPT: SafeScript =
  * Checks if the given value is a `SafeScript` instance.
  */
 export function isScript(value: unknown): value is SafeScript {
-  return value instanceof SafeScript;
+  return getTrustedTypes()?.isScript(value) || value instanceof ScriptImpl;
 }
 
 /**