From 9bfb508b875ed6978669f2f3e310888166525f9a Mon Sep 17 00:00:00 2001
From: Bjarki <bjarki@google.com>
Date: Tue, 13 Oct 2020 20:48:20 +0000
Subject: [PATCH] build: replace @types/trusted-types dep with minimal type
 defs (#39211)

The @types/trusted-types type definitions are currently imported in
types.d.ts, which causes them to eventually be imported in core.d.ts.
This forces anyone compiling against @angular/core to provide the
@types/trusted-types package in their compilation unit, which we don't
want.

To address this, get rid of the @types/trusted-types and instead import
a minimal version of the Trusted Types type definitions directly into
Angular's codebase.

Update the existing references to Trusted Types to point to the new
definitions.

PR Close #39211
---
 package.json                                  |  1 -
 packages/BUILD.bazel                          |  1 -
 .../src/util/security/trusted_type_defs.ts    | 50 +++++++++++++++++++
 .../core/src/util/security/trusted_types.ts   |  1 +
 packages/types.d.ts                           |  1 -
 yarn.lock                                     |  5 --
 6 files changed, 51 insertions(+), 8 deletions(-)
 create mode 100644 packages/core/src/util/security/trusted_type_defs.ts

diff --git a/package.json b/package.json
index 8352d95bec..4cba388bf5 100644
--- a/package.json
+++ b/package.json
@@ -90,7 +90,6 @@
     "@types/semver": "^6.0.2",
     "@types/shelljs": "^0.8.6",
     "@types/systemjs": "0.19.32",
-    "@types/trusted-types": "^1.0.6",
     "@types/yaml": "^1.9.7",
     "@types/yargs": "^15.0.5",
     "@webcomponents/custom-elements": "^1.1.0",
diff --git a/packages/BUILD.bazel b/packages/BUILD.bazel
index 27a75ce68a..da0cac4228 100644
--- a/packages/BUILD.bazel
+++ b/packages/BUILD.bazel
@@ -13,7 +13,6 @@ ts_library(
     deps = [
         "//packages/zone.js/lib:zone_d_ts",
         "@npm//@types/hammerjs",
-        "@npm//@types/trusted-types",
     ],
 )
 
diff --git a/packages/core/src/util/security/trusted_type_defs.ts b/packages/core/src/util/security/trusted_type_defs.ts
new file mode 100644
index 0000000000..4d99d7784c
--- /dev/null
+++ b/packages/core/src/util/security/trusted_type_defs.ts
@@ -0,0 +1,50 @@
+/**
+ * @license
+ * Copyright Google LLC All Rights Reserved.
+ *
+ * Use of this source code is governed by an MIT-style license that can be
+ * found in the LICENSE file at https://angular.io/license
+ */
+
+/**
+ * @fileoverview
+ * While Angular only uses Trusted Types internally for the time being,
+ * references to Trusted Types could leak into our core.d.ts, which would force
+ * anyone compiling against @angular/core to provide the @types/trusted-types
+ * package in their compilation unit.
+ *
+ * Until https://github.com/microsoft/TypeScript/issues/30024 is resolved, we
+ * will keep Angular's public API surface free of references to Trusted Types.
+ * For internal and semi-private APIs that need to reference Trusted Types, the
+ * minimal type definitions for the Trusted Types API provided by this module
+ * should be used instead.
+ *
+ * Adapted from
+ * https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/trusted-types/index.d.ts
+ * but restricted to the API surface used within Angular.
+ */
+
+export type TrustedHTML = {
+  __brand__: 'TrustedHTML'
+};
+export type TrustedScript = {
+  __brand__: 'TrustedScript'
+};
+export type TrustedScriptURL = {
+  __brand__: 'TrustedScriptURL'
+};
+
+export interface TrustedTypePolicyFactory {
+  createPolicy(policyName: string, policyOptions: {
+    createHTML?: (input: string) => string,
+    createScript?: (input: string) => string,
+    createScriptURL?: (input: string) => string,
+  }): TrustedTypePolicy;
+  getAttributeType(tagName: string, attribute: string): string|null;
+}
+
+export interface TrustedTypePolicy {
+  createHTML(input: string): TrustedHTML;
+  createScript(input: string): TrustedScript;
+  createScriptURL(input: string): TrustedScriptURL;
+}
diff --git a/packages/core/src/util/security/trusted_types.ts b/packages/core/src/util/security/trusted_types.ts
index 94ca1acbe0..59c45e4662 100644
--- a/packages/core/src/util/security/trusted_types.ts
+++ b/packages/core/src/util/security/trusted_types.ts
@@ -17,6 +17,7 @@
  */
 
 import {global} from '../global';
+import {TrustedHTML, TrustedScript, TrustedScriptURL, TrustedTypePolicy, TrustedTypePolicyFactory} from './trusted_type_defs';
 
 /**
  * The Trusted Types policy, or null if Trusted Types are not
diff --git a/packages/types.d.ts b/packages/types.d.ts
index addcb48162..c10cd283d0 100644
--- a/packages/types.d.ts
+++ b/packages/types.d.ts
@@ -9,7 +9,6 @@
 // This file contains all ambient imports needed to compile the packages/ source code
 
 /// <reference types="hammerjs" />
-/// <reference types="trusted-types" />
 /// <reference lib="es2015" />
 /// <reference path="./goog.d.ts" />
 /// <reference path="./system.d.ts" />
diff --git a/yarn.lock b/yarn.lock
index 5ecb2fc13a..c8758d3a83 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2358,11 +2358,6 @@
   dependencies:
     "@types/node" "*"
 
-"@types/trusted-types@^1.0.6":
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-1.0.6.tgz#569b8a08121d3203398290d602d84d73c8dcf5da"
-  integrity sha512-230RC8sFeHoT6sSUlRO6a8cAnclO06eeiq1QDfiv2FGCLWFvvERWgwIQD4FWqD9A69BN7Lzee4OXwoMVnnsWDw==
-
 "@types/webpack-sources@^0.1.5":
   version "0.1.7"
   resolved "https://registry.yarnpkg.com/@types/webpack-sources/-/webpack-sources-0.1.7.tgz#0a330a9456113410c74a5d64180af0cbca007141"