trusted-types icon indicating copy to clipboard operation
trusted-types copied to clipboard

Published 20 hours ago verified publisher icon w3c

Are all injection sinks covered by the spec?

Open mbrodesser-Igalia opened this issue 6 months ago • 20 comments

https://w3c.github.io/trusted-types/dist/spec/#introduction mentions "over 60 different injection sinks".

However, the spec contains:

12 occurrences of "HtmlString" 6 occurrences of "ScriptString" 12 occurrences of "ScriptUrlString"

Which is below 60.

https://w3c.github.io/trusted-types/dist/spec/#injection-sinks mentions The exact list of injection sinks covered by this document is defined in [§ 4 Integrations](https://w3c.github.io/trusted-types/dist/spec/#integrations)..

I web-searched for a full list of injection sinks but found none. If there's such a list, please share.

mbrodesser-Igalia avatar Jan 08 '24 14:01 mbrodesser-Igalia