Closed Bug 1915168 Opened 6 months ago Closed 6 months ago

Implement Trusted Types' default-policy support for `Element.innerHTML`

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: mbrodesser-Igalia, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog])

There's test-coverage for some corner cases for the default-policy behavior only for Element.innerHTML [1]. Since the same code is executed for Element.insertAdjacentHTML, default-policy support for Element.innerHTML should be landed first. Hence this ticket blocks https://bugzilla.mozilla.org/show_bug.cgi?id=1913339.

[1] https://phabricator.services.mozilla.com/D219256#7553960

Summary: Implement default-policy support for `Element.innerHTML` → Implement Trusted Types' default-policy support for `Element.innerHTML`
Priority: -- → P3
Whiteboard: [domsecurity-backlog]

This is simpler to implement together with the support of insertAdjacentHTML.

Status: NEW → RESOLVED
Closed: 6 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.