Trusted Types support for the src/innerText/textContent/text IDL attributes of `HTMLScriptElement`
Categories
(Core :: DOM: Security, task)
Tracking
()
People
(Reporter: mbrodesser-Igalia, Assigned: fredw)
References
(Depends on 1 open bug, Blocks 2 open bugs)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
Change
attribute USVString src;
to
attribute (USVString or TrustedScriptURL) src;
as per https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts.
There's still an open spec issue: https://github.com/w3c/trusted-types/issues/525.
That requires implementing https://w3c.github.io/trusted-types/dist/spec/#the-src-idl-attribute.
https://searchfox.org/mozilla-central/rev/e74b86533c2499eb6393071aeedcfb080d84e4da/testing/web-platform/tests/trusted-types/HTMLScriptElement-internal-slot.html#125,134 is a test for that.
|
Reporter | |
Updated•4 months ago
|
|
|
Reporter | |
Updated•4 months ago
|
|
||
Updated•4 months ago
|
|
|
Reporter | |
Updated•4 months ago
|
|
|
Reporter | |
Updated•2 months ago
|
|
|
Reporter | |
Updated•2 months ago
|
|
Assignee | |
Comment 1•9 days ago
|
||
|
|
Assignee | |
Comment 2•6 days ago
|
||
I'll open a separate bug to handle https://github.com/w3c/trusted-types/issues/525 and the trusted/changed by trusted sink booleans thing.
For now, I guess we can just do the easy thing: change the property setter/getter to work with TrustedTypes arguments.
|
||
Updated•5 days ago
|
|
|
||
Updated•3 days ago
|
Description
•