Luke Warlow

https://github.com/w3c/trusted-types/issues/358 - It's possible there's additional sinks that aren't covered too, here's an issue that seems to suggest another one (haven't tested to confirm)

https://github.com/shhnjk/cursed_types - I've also come across this repository that claims to list some DOM XSS bypasses for trusted types. They all seem to be solvable using CSP directives and I'm...

https://github.com/w3c/trusted-types/issues/232 - also mentions potential issues with dynamic imports that mentions this stage 2 Ecamscript proposal https://github.com/tc39/proposal-dynamic-import-host-adjustment Are there any updates on that?

https://github.com/w3c/trusted-types/issues/359 - here's another issue that suggests there's a sink not covered.

Based on #384 I'm removing the proposed-removal label

Seems like this was part of https://github.com/w3c/trusted-types/issues/43 added to Chromium in https://chromium.googlesource.com/chromium/src.git/+/2add54e885c3abff101de9dfa5308972fc37c65d

@koto it would be good if you or someone else from the chromium team could write a PR to the spec with the definition for this method, as it's shipped...

Going to go ahead and close this as there's no action required from the spec.

Moved DOMParts API IDL to its own issue #441

https://w3c.github.io/webcomponents/spec/imports/ is another example of a dead link