Closed Bug 1914372 Opened 6 months ago Closed 4 months ago

Implement Trusted Types support for `Element.innerHTML` without default-policy support

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
133 Branch
Tracking Flags:
Tracking Status
firefox133 --- fixed

People

(Reporter: mbrodesser-Igalia, Assigned: mbrodesser-Igalia)

References

(Blocks 2 open bugs, Regressed 1 open bug)

Details

(Whiteboard: [domsecurity-backlog])

Attachments

(2 files)

Bug 1914372: part 2) Add `TrustedHTML` to the interface of `Element.innerHTML`. r=smaug!,peterv!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1914372: part 1) Move `GetTrustedTypesCompliantString` and related functions to `TrustedTypeUtils`. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
No description provided.

<Element.cpp> already contains around 5000 lines, it doesn't need more.
GetTrustedTypeCompliantString requires further extension which will be
implemented in separate patches.

Attachment #9420333 - Attachment description: WIP: Bug 1914372: start adding `TrustedHTML` to the interface of `Element.innerHTML` → WIP: Bug 1914372: part 2) Start adding `TrustedHTML` to the interface of `Element.innerHTML`
Attachment #9420333 - Attachment description: WIP: Bug 1914372: part 2) Start adding `TrustedHTML` to the interface of `Element.innerHTML` → WIP: Bug 1914372: part 2) Add `TrustedHTML` to the interface of `Element.innerHTML`
Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-backlog]
Attachment #9420978 - Attachment description: WIP: Bug 1914372: part 1) Move `GetTrustedTypesCompliantString` and related functions to `TrustedTypeUtils` → Bug 1914372: part 1) Move `GetTrustedTypesCompliantString` and related functions to `TrustedTypeUtils`. r=smaug
Attachment #9420333 - Attachment description: WIP: Bug 1914372: part 2) Add `TrustedHTML` to the interface of `Element.innerHTML` → Bug 1914372: part 2) Add `TrustedHTML` to the interface of `Element.innerHTML`. r=smaug!,peterv!

Sarah: as you mentioned you prefer ni?-requests, can you PTAL at https://phabricator.services.mozilla.com/D219876#7612418?

Flags: needinfo?(sclements)

(In reply to Mirko Brodesser (:mbrodesser-Igalia) from comment #3)

Sarah: as you mentioned you prefer ni?-requests, can you PTAL at https://phabricator.services.mozilla.com/D219876#7612418?

Thanks, I've delegated this to :afarre and added him as a reviewer.

Flags: needinfo?(sclements)

Andreas: could you PTAL at the pending review [1]? [2] contains context which might ease reviewing.

[1] https://phabricator.services.mozilla.com/D219876
[2] https://phabricator.services.mozilla.com/D219876#7612418

Flags: needinfo?(afarre)
Flags: needinfo?(afarre)
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/7e3f7117bf84 part 1) Move `GetTrustedTypesCompliantString` and related functions to `TrustedTypeUtils`. r=smaug https://hg.mozilla.org/integration/autoland/rev/703d702702f3 part 2) Add `TrustedHTML` to the interface of `Element.innerHTML`. r=smaug,peterv,farre

https://hg.mozilla.org/mozilla-central/rev/7e3f7117bf84
https://hg.mozilla.org/mozilla-central/rev/703d702702f3

Status: NEW → RESOLVED
Closed: 4 months ago
status-firefox133: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 133 Branch
Blocks: 1916957
Regressions: 1930997
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: