trusted-types
trusted-types copied to clipboard
w3c
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
Like https://github.com/w3c/trusted-types/issues/423 but for `getPropertyType()`. Neither `getPropertyType()` nor `getAttributeType()` are actually implemented as specced they both in reality use a hardcoded "map" it would be better to spec both of...
Lowercasing local names is a legacy design error that we should not propagate to new APIs.
Currently, there's only a note at https://w3c.github.io/trusted-types/dist/spec/#webidl-validate-the-string-in-context linking to the whole HTML standard.
@lweichselbaum @koto Per https://twitter.com/we1x/status/1113340867409076224 since TT with `eval`/`Function` guards provides similar protection to CSP without unsafe eval, maybe it's worth clarifying how an application might provide degraded service when TT...
Mentioned at https://searchfox.org/mozilla-central/rev/c26f7461fc2a51196b7f517c7f98a1e271dc9ec0/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttribute.html#92. If so: - why? It seems unnecessary. - tests for that are needed.
E.g. https://jsfiddle.net/f5b2r4a0/. To https://searchfox.org/mozilla-central/source/testing/web-platform/tests/trusted-types/block-string-assignment-to-Element-setAttributeNS.html.
Is it normal for spec polyfills to live in the same repository as their specs? Feels like it should be in a separate repository to me?
Along with the existing specced IDL changes Chrome also has the below changes ``` interface mixin ParentNode { [Unscopable, RaisesException, CEReactions] void prepend((Node or DOMString or TrustedScript)... nodes); [Unscopable, RaisesException,...
This issue tracks the integration with the [DOM Parts API](https://github.com/WICG/webcomponents/blob/gh-pages/proposals/DOM-Parts-Imperative.md) while replaceChildren is not currently in the spec proposal Chromium has the following IDL change: ``` partial interface ChildNodePart :...
I've just realised Chromium has shipped a method on TrustedTypePolicyFactory that's not specced at all. The chromium IDL is `object? getTypeMapping(optional DOMString ns);` This is tested at https://wpt.live/trusted-types/TrustedTypePolicyFactory-metadata.html Should this...