Mason Freed
Mason Freed
Ok I almost have another patch landed in Chromium that makes the changes you've recommended here: - Remove `allowDeclarativeShadowDom` state from `Document`, `DocumentFragment`, etc. - Replace the above with call-site...
> That all makes sense to me, with one exception: > > > Replace the above with call-site parameters for all but DOMParser, which gets a constructor parameter. > >...
> > This sounds good overall, except that I'd wait with introducing `setInnerHTML` until we have a standardized sanitizer (see https://github.com/WICG/sanitizer-api) as not using the sanitizer should be an opt-out...
> It does not unfortunately. Trusted Types doesn't have cross-browser agreement. @annevk, I wonder if there's a way to shape the `setInnerHTML()` opt-in argument such that **today**, opting in allows...
> @mfreed7 maybe require passing `unsafeWithShadowRoot` or equivalent and throw otherwise. And in the future we could make not passing anything do the safe thing rather than throw. It's usually...
> @mfreed7 how crucial is it to have the `setInnerHTML` case in v1? Do you expect the declarative shadow DOM to be commonly using this function? Can the other, already...
@domenic you made the case against the `Document` state approach, which I did agree with. But in light of the seemingly more serious security concerns around adding a new unsafe...
So I'm generally supportive of the second, "maximally lenient" approach. It makes the spec, the implementation, and the developer understanding of this behavior straightforward, which is good for performance, bugs,...
This PR has been updated to include the "opt-in" mechanics described in [#912](https://github.com/whatwg/dom/issues/912). The changes I made here roughly match the current implementation of Chromium, so I'm hoping they're functional....
> As for the build error, once HTML is indexed by Shepherd you should be able to cross-reference, but that does mean broken builds until that happens unfortunately. We don't...