1 files changed, 41 insertions, 20 deletions

diff --git a/chromium/third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.cc b/chromium/third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.cc
index 524a072e9a3..638295dcea5 100644
--- a/chromium/third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.cc
+++ b/chromium/third_party/blink/renderer/core/trustedtypes/trusted_type_policy_factory.cc
@@ -15,6 +15,7 @@
 #include "third_party/blink/renderer/core/execution_context/execution_context.h"
 #include "third_party/blink/renderer/core/frame/csp/content_security_policy.h"
 #include "third_party/blink/renderer/core/frame/local_frame.h"
+#include "third_party/blink/renderer/core/probe/core_probes.h"
 #include "third_party/blink/renderer/core/trustedtypes/trusted_type_policy.h"
 #include "third_party/blink/renderer/core/trustedtypes/trusted_types_util.h"
 #include "third_party/blink/renderer/platform/bindings/exception_state.h"
@@ -27,6 +28,14 @@ namespace blink {
 
 TrustedTypePolicy* TrustedTypePolicyFactory::createPolicy(
     const String& policy_name,
+    ExceptionState& exception_state) {
+  return createPolicy(policy_name,
+                      MakeGarbageCollected<TrustedTypePolicyOptions>(),
+                      exception_state);
+}
+
+TrustedTypePolicy* TrustedTypePolicyFactory::createPolicy(
+    const String& policy_name,
     const TrustedTypePolicyOptions* policy_options,
     ExceptionState& exception_state) {
   if (RuntimeEnabledFeatures::TrustedTypeBeforePolicyCreationEventEnabled()) {
@@ -46,27 +55,39 @@ TrustedTypePolicy* TrustedTypePolicyFactory::createPolicy(
   }
   UseCounter::Count(GetExecutionContext(),
                     WebFeature::kTrustedTypesCreatePolicy);
+
   if (RuntimeEnabledFeatures::TrustedDOMTypesEnabled(GetExecutionContext()) &&
-      GetExecutionContext()->GetContentSecurityPolicy() &&
-      !GetExecutionContext()
-           ->GetContentSecurityPolicy()
-           ->AllowTrustedTypePolicy(policy_name,
-                                    policy_map_.Contains(policy_name))) {
-    // For a better error message, we'd like to disambiguate between
-    // "disallowed" and "disallowed because of a duplicate name". Instead of
-    // piping the reason through all the layers, we'll just check whether it
-    // had also been disallowed as a non-duplicate name.
-    bool disallowed_because_of_duplicate_name =
-        policy_map_.Contains(policy_name) &&
-        GetExecutionContext()
-            ->GetContentSecurityPolicy()
-            ->AllowTrustedTypePolicy(policy_name, false);
-    const String message =
-        disallowed_because_of_duplicate_name
-            ? "Policy with name \"" + policy_name + "\" already exists."
-            : "Policy \"" + policy_name + "\" disallowed.";
-    exception_state.ThrowTypeError(message);
-    return nullptr;
+      GetExecutionContext()->GetContentSecurityPolicy()) {
+    ContentSecurityPolicy::AllowTrustedTypePolicyDetails violation_details =
+        ContentSecurityPolicy::AllowTrustedTypePolicyDetails::kAllowed;
+    bool disallowed = !GetExecutionContext()
+                           ->GetContentSecurityPolicy()
+                           ->AllowTrustedTypePolicy(
+                               policy_name, policy_map_.Contains(policy_name),
+                               violation_details);
+    if (violation_details != ContentSecurityPolicy::ContentSecurityPolicy::
+                                 AllowTrustedTypePolicyDetails::kAllowed) {
+      // We may report a violation here even when disallowed is false
+      // in case policy is a report-only one.
+      probe::OnContentSecurityPolicyViolation(
+          GetExecutionContext(),
+          ContentSecurityPolicy::ContentSecurityPolicyViolationType::
+              kTrustedTypesPolicyViolation);
+    }
+    if (disallowed) {
+      // For a better error message, we'd like to disambiguate between
+      // "disallowed" and "disallowed because of a duplicate name".
+      bool disallowed_because_of_duplicate_name =
+          violation_details ==
+          ContentSecurityPolicy::AllowTrustedTypePolicyDetails::
+              kDisallowedDuplicateName;
+      const String message =
+          disallowed_because_of_duplicate_name
+              ? "Policy with name \"" + policy_name + "\" already exists."
+              : "Policy \"" + policy_name + "\" disallowed.";
+      exception_state.ThrowTypeError(message);
+      return nullptr;
+    }
   }
   UseCounter::Count(GetExecutionContext(),
                     WebFeature::kTrustedTypesPolicyCreated);