Open
Bug 1928932
Opened 1 month ago
Updated 21 days ago
Implement Trusted Types enforcement for scripts
Categories
(Core :: DOM: Security, task)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: fredw, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
See https://w3c.github.io/trusted-types/dist/spec/#enforcement-in-scripts.
In bug 1905706, I'm just going to make the IDL arguments Trusted Types but the spec has more things e.g. booleans for "trusted" and "changed by trusted sink" and when they are set. See also https://github.com/w3c/trusted-types/issues/525 and https://searchfox.org/mozilla-central/rev/e74b86533c2499eb6393071aeedcfb080d84e4da/testing/web-platform/tests/trusted-types/HTMLScriptElement-internal-slot.html#125,134
Comment 1•21 days ago
|
||
https://github.com/w3c/trusted-types/pull/533#discussion_r1835791151 might need clarification before implementing this.
You need to log in
before you can comment on or make changes to this bug.
Description
•