trusted-types
trusted-types copied to clipboard
w3c
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
I know the script enforcement is currently in the HTML integrations section but we need to update it (possibly move the whole section?) to include coverage of the SVGScriptElement. At...
https://w3c.github.io/trusted-types/dist/spec/#abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy, step 2.8, Fix: pass directive's name.
This issue is to discuss the model for protecting script elements, in the spec we have a mostly finalised idea for protecting them (except during parsing which needs work). However,...
We should ensure that we have exhaustive coverage of the "sink" value, this is the prefix for violation object samples, aswell as being one of the arguments for the default...
Random thought I had while cleaning up some work in WebKit, does it actually make sense for the callbacks to have their own IDL type per callback? Each callback type...
See https://github.com/w3c/trusted-types/pull/450#issuecomment-1959704840.