Krzysztof Kotowicz

No, at least in Blink implementation this is blocked. From what I can tell so far, Blink is just Fetching with mode `same-origin`, destination `image`, which skips the check for...

https://jsbin.com/nolivug/2/edit?html,console tries `data:`, `blob:` and cross-origin. In Blink, only `data:` works, in FF, `data:` and `blob:`, in Safari - only `blob:`.

This is the Chrome implementation (only script text is affected): https://chromium-review.googlesource.com/c/chromium/src/+/2041622

See also https://bugs.chromium.org/p/chromium/issues/detail?id=1218746

Chunked encoding is not needed to trigger the error. I can reproduce the error with trying to fetch the http://www.google.com/robots.txt . It does work when '-k' is not used, but...

The feature is relatively new indeed; The advantages are already listed out in the bug, they are all true. For completeness sake however I'd like to point out potential disadvantages...

@LifeIsStrange You could benchmark this, but I'd suspect the cost is mostly in the HTML parser, which the browser runs anyways whenever `innerHTML` is called , operating on the resulting...

I am not sure how `TrustedHTML` got mixed up in here, but none of the code snippets above require this type, apart from `myHtml.html(foo)` if `foo` would trigger the path...

`jQuery.html(element)` doesn't call `innerHTML`. The branch for elements through `.html` follows this path: https://github.com/jquery/jquery/blob/016872ffe03ab9107b1bc62fae674a4809c3b23f/src/manipulation.js#L398-L400 https://github.com/jquery/jquery/blob/016872ffe03ab9107b1bc62fae674a4809c3b23f/src/manipulation.js#L304-L311 https://github.com/jquery/jquery/blob/016872ffe03ab9107b1bc62fae674a4809c3b23f/src/manipulation.js#L109 https://github.com/jquery/jquery/blob/016872ffe03ab9107b1bc62fae674a4809c3b23f/src/manipulation/buildFragment.js#L26-L28 Currently the `.innerHTML` is only done for `jQuery.html(string)` and `jQuery.html(TrustedHTML)`, with the actual...

This issue also surfaced when creating the [trusted types spec draft](https://wicg.github.io/trusted-types/dist/spec/#string-compilation). In short, we're trying to figure out if `eval` could accept stringifiable objects, and the decision in `HostEnsureCanCompileStrings` would...