1650370 - (sanitizer-api) [meta] Sanitizer API: ship and prototype an API for html sanitization behind a pref

Status: ASSIGNED

(Core :: DOM: Security, task, P3)

Description

[Frederik Braun [:freddy] (OOO until August 18th)]

Spec and explainer at https://github.com/WICG/purification.

We'll experiment and prototype the non-contentious bits behind a pref soon, but the spec is still very young and it will take a couple of iterations

Comment 1

[Sebastian Zartner [:sebo]]

This sounds like something that should be documented at https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Experimental_features and maybe also exposed to about:preferences#experimental.

Sebastian

Comment 2

[Ben Bucksch (:BenB)]

Hi there, I've invented and implemented the first version of the sanitizer in Gecko. I'd be happy to contribute to the spec as a co-author.

Comment 3

[Ben Bucksch (:BenB)]

Github repo for spec: https://github.com/wicg/sanitizer-api

I've invented and implemented the original version of the sanitizer code in Gecko/Mozilla/Firefox. How can I contribute to the spec? What's the process? PRs? Who decides about them?

FYI, my original motivation for this sanitizer feature in Gecko was a "Sanitized HTML" feature for Thunderbird, so that environments that have very strong security needs (e.g. embassies, dissidents etc.) and cannot affort compromise, even when attacked by state actors, even in the presence of certain critical security holes in the HTML rendering engine (Gecko), can still read HTML email, using a simplified version of the HTML which has everything removed that might have a security hole in Gecko.

Comment 4

[Frederik Braun [:freddy] (OOO until August 18th)]

The spec is mostly done, we're currently facing mostly interop and editorial changes. Chromium is already shipping in pre-release channels and we aim to follow soon.