Implement a fast-path for `Element.insertAdjacentHTML` and all other injecion sinks when trusted types aren't used
Categories
(Core :: DOM: Security, task)
Tracking
()
People
(Reporter: mbrodesser-Igalia, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
See https://phabricator.services.mozilla.com/D216170#7453441.
Let's implement default policy support first. That needs to be done anyway and will shed light on whether this fast-path is indeed required.
Updated•3 months ago
|
Updated•3 months ago
|
Reporter | ||
Comment 1•3 months ago
•
|
||
@Daniel: not yet working on this. Will presumably in the future.
Comment 2•3 months ago
|
||
This is definitely a blocker for trusted types. DoesSinkTypeRequireTrustedTypes is rather slow.
Reporter | ||
Updated•2 months ago
|
Reporter | ||
Updated•2 months ago
|
Reporter | ||
Comment 3•2 months ago
•
|
||
A ./mach try perf
run (still in progress) with TT enabled by default: https://treeherder.mozilla.org/perfherder/compare?originalProject=try&originalRevision=2aada6496bec8cf06b92125509ff8a42386f0fd2&newProject=try&newRevision=e40d1333e2836a8ef7bbd432e25ca0d8ec6818da&framework=13 to avoid premature optimization.
Edit: above perf run seems to miss the commits for TT, except the one flipping the pref.
Description
•