proposal-dynamic-import-host-adjustment icon indicating copy to clipboard operation
proposal-dynamic-import-host-adjustment copied to clipboard

Published 20 hours ago verified publisher icon tc39

In code asset reference declarations seem trustable

Open mikesamuel opened this issue 5 years ago • 2 comments
trafficstars

When an asset reference statically includes a module reference, it seems we should privilege that to the same degree we privilege static import.

There's no reason to treat the "foo"s differently in

asset Foo from "foo";

import from "foo";

Perhaps TT could specify a host hook HostStaticAssetReference that, in a browser context, uses the realm's TrustedTypesPolicyFactory to bless "foo".

@bmeck

mikesamuel avatar Dec 06 '19 16:12 mikesamuel

This needs likely also needs to cover what happens if asset references are dynamically created. If hosts are the only means to bless [[CodeLike]]s asset references and other proposals need to have some invariant they can follow about what they need to do to integrate with hosts.

bmeck avatar Dec 06 '19 16:12 bmeck

Filed w3c/webappsec-trusted-types/issues/247 to track dynamic asset references.

mikesamuel avatar Dec 06 '19 17:12 mikesamuel