Mike West

I'd invite folks to skim through https://docs.google.com/document/d/1m91JZWKAGOR3jQoicMVE9Ydcq79gM2BetcRIBemrex8/edit?usp=sharing, which @koto put together as a summary of Trusted Type usage in the wild, including deployment details at Google, and pointers to concrete...

> Also, @mikewest and @koto, any chance of bringing people from the other orgs who have been using TT into the WG to directly discuss their experience? 1. @shhnjk is...

> (I think we're still waiting for an official response here) @wseltzer, @samuelweiler, and/or @sideshowbarker might be able to provide insight into the current state of resolving the charter objections....

Hey folks! I appreciate the conversation here! That said, I'd like to keep this issue focused on the question of whether or not we should publish Trusted Types as a...

The examples in the original comment seem like cases in which TT enforcement would be helpful. Adding attributes to an element directly can result in script execution when the element...

Flash is certainly gone. PDF isn't (and I think extensions still support NaCL modules? And possibly something something enterprise policy?). We're in the process of removing `plugin-types` from CSP, but...

Why isn't TT supported in extensions? That sounds strange.

On Twitter, [I said](https://twitter.com/mikewest/status/1412743748866412551): > I'm not sure I like this, though I agree that it's zero additional risk. I'm a bit worried about its precedent. Empty strings are ok,...

> > Can we carve this out [...] ? > > I think we can. Literally, the change could be: I asked the question poorly. :) Of course we can...

> Given this, does anyone strongly oppose to letting innerHTML = emptyString (and only this) as outlined in TT? For clarity: I don't _strongly_ oppose it. I do think it's...