refactor(compiler): remove unnecessary trustConstantScript function (#39554)

Script tags, inline event handlers and other script contexts are
forbidden or stripped from Angular templates by the compiler. In the
context of Trusted Types, this leaves no sinks that require use of a
TrustedScript. This means that trustConstantScript is never used, and
can be removed.

PR Close #39554

packages/compiler/src/render3/r3_identifiers.ts

@@ -321,8 +321,6 @@ export class Identifiers {
   static sanitizeUrlOrResourceUrl:
       o.ExternalReference = {name: 'ɵɵsanitizeUrlOrResourceUrl', moduleName: CORE};
   static trustConstantHtml: o.ExternalReference = {name: 'ɵɵtrustConstantHtml', moduleName: CORE};
-  static trustConstantScript:
-      o.ExternalReference = {name: 'ɵɵtrustConstantScript', moduleName: CORE};
   static trustConstantResourceUrl:
       o.ExternalReference = {name: 'ɵɵtrustConstantResourceUrl', moduleName: CORE};
 }

packages/compiler/src/render3/view/template.ts

@@ -2156,8 +2156,7 @@ function trustedConstAttribute(tagName: string, attr: t.TextAttribute): o.Expres
     switch (elementRegistry.securityContext(tagName, attr.name, /* isAttribute */ true)) {
       case core.SecurityContext.HTML:
         return o.importExpr(R3.trustConstantHtml).callFn([value], attr.valueSpan);
-      case core.SecurityContext.SCRIPT:
+      // NB: no SecurityContext.SCRIPT here, as the corresponding tags are stripped by the compiler.
-        return o.importExpr(R3.trustConstantScript).callFn([value], attr.valueSpan);
       case core.SecurityContext.RESOURCE_URL:
         return o.importExpr(R3.trustConstantResourceUrl).callFn([value], attr.valueSpan);
       default:

packages/core/src/core_render3_private_export.ts

@@ -296,7 +296,6 @@ export {
   ɵɵsanitizeUrlOrResourceUrl,
   ɵɵtrustConstantHtml,
   ɵɵtrustConstantResourceUrl,
-  ɵɵtrustConstantScript,
 } from './sanitization/sanitization';
 export {
   noSideEffects as ɵnoSideEffects,

packages/core/src/render3/jit/environment.ts

@@ -168,7 +168,6 @@ export const angularCoreEnv: {[name: string]: Function} =
        'ɵɵsanitizeUrl': sanitization.ɵɵsanitizeUrl,
        'ɵɵsanitizeUrlOrResourceUrl': sanitization.ɵɵsanitizeUrlOrResourceUrl,
        'ɵɵtrustConstantHtml': sanitization.ɵɵtrustConstantHtml,
-       'ɵɵtrustConstantScript': sanitization.ɵɵtrustConstantScript,
        'ɵɵtrustConstantResourceUrl': sanitization.ɵɵtrustConstantResourceUrl,
 
        'ɵɵngDeclareDirective': partial.ɵɵngDeclareDirective,

packages/core/src/sanitization/sanitization.ts

@@ -11,7 +11,7 @@ import {SANITIZER} from '../render3/interfaces/view';
 import {getLView} from '../render3/state';
 import {renderStringify} from '../render3/util/stringify_utils';
 import {TrustedHTML, TrustedScript, TrustedScriptURL} from '../util/security/trusted_type_defs';
-import {trustedHTMLFromString, trustedScriptFromString, trustedScriptURLFromString} from '../util/security/trusted_types';
+import {trustedHTMLFromString, trustedScriptURLFromString} from '../util/security/trusted_types';
 import {trustedHTMLFromStringBypass, trustedScriptFromStringBypass, trustedScriptURLFromStringBypass} from '../util/security/trusted_types_bypass';
 
 import {allowSanitizationBypassAndThrow, BypassType, unwrapSafeValue} from './bypass';
@@ -159,21 +159,6 @@ export function ɵɵtrustConstantHtml(html: string): TrustedHTML|string {
   return trustedHTMLFromString(html);
 }
 
-/**
- * Promotes the given constant string to a TrustedScript.
- * @param script constant string containing a trusted script.
- * @returns TrustedScript wrapping `script`.
- *
- * @security This is a security-sensitive function and should only be used to
- * convert constant values of attributes and properties found in
- * application-provided Angular templates to TrustedScript.
- *
- * @codeGenApi
- */
-export function ɵɵtrustConstantScript(script: string): TrustedScript|string {
-  return trustedScriptFromString(script);
-}
-
 /**
  * Promotes the given constant string to a TrustedScriptURL.
  * @param url constant string containing a trusted script URL.