Luke Warlow

This came back up on my PR to upstream the IDL changes to HTML. If the threat caused by these sinks no longer exists (flash) then I think it makes...

Given the [Dynamic Code Branch Checks](https://github.com/tc39/proposal-dynamic-code-brand-checks) proposal seems to be stuck at stage 1 it would be good to work out the alternatives.

https://github.com/tc39/proposal-dynamic-code-brand-checks/pull/10 - I've started to clean up the dynamic code brand checks proposal repo.

Based on discussions regarding the above linked PR I have what I think is an idea that could work for TT and eval+Function. It would potentially be a different behaviour...

@caridy So `HostEnsureCanCompileStrings` now gets a list of parameter strings and the body string, I was hoping we could avoid needing to pass through the compiled string as well but...

I'm a bit confused there's https://github.com/tc39/ecma262/pull/1498 - which mentions it's for trusted types, but the shape is different from the dynamic brand checks proposal. The dynamic brand checks proposal is...

> @koto can you link to the issue tracking the addition of the new keyword script-src 'trusted-script'? We will like to see that done sooner rather than later considering the...

See https://github.com/w3c/trusted-types/issues/461 for discussion about removing default policy handling from eval and co. This is a change that should help make the tc39 change less contentious.

https://github.com/tc39/ecma262/pull/3294 - I've opened a draft PR with the changes from the dynamic code brand checks proposal. WIll work on relevant tests needed as well.

While this would be a v2 feature and so not in the current spec draft it would be good if someone could make a draft PR to add in the...