dom
dom copied to clipboard
whatwg
Draft integration with Trusted Types, take 2.
This calls the get Trusted Types-compliant attribute value algorithm from Trusted Types (https://github.com/w3c/trusted-types/pull/418) from attribute's change, append, and replace.
Changed the signature of setAttribute and setAttributeNS to accept Trusted Types as values. The underlying Attr node's values continue to be DOMString, so moving nodes across elements or adding standalone attributes to elements can cause TT violations. This matches WPT tests and the Chromium's implementation.
See and #789. Supercedes PR #809.
- [x] At least two implementers are interested (and none opposed):
- Gecko
- Chromium (already implemented)
- [x] Tests are written and can be reviewed and commented upon at:
- https://github.com/web-platform-tests/wpt/tree/master/trusted-types
- [x] Implementation bugs are filed:
- Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=739170
- Gecko: https://bugzilla.mozilla.org/show_bug.cgi?id=1508286
- [ ] MDN issue is filed: …
- [x] The top of this comment includes a clear commit message to use.
(See WHATWG Working Mode: Changes for more details.)
Is it possible to get the preview linked at https://github.com/whatwg/dom/pull/1247#issue-2096528268 fixed? Would simplify reading the diff.
@koto can the PR preview please be fixed? The changes themselves are sufficiently complicated, so let's make our life easier by simplifying reviewing.
I might be missing something but this doesn't seem to account for event handler attributes? I know there's separate handling for them in TT but wont this change block them being set? Or do they go down a different codepath?
@koto can the PR preview please be fixed? The changes themselves are sufficiently complicated, so let's make our life easier by simplifying reviewing.
This is done, I'll proceed with resolving all the comments.