Support showing the trusted types string in the developer console
Categories
(DevTools :: Console, enhancement, P2)
Tracking
(firefox138 fixed)
| Tracking | Status | |
|---|---|---|
| firefox138 | --- | fixed |
People
(Reporter: mbrodesser, Assigned: nchevobbe)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
|
Bug 1935431 - Expose TrustedHTML, TrustedScript and TrustedScriptURL in DevTools sandbox. r=gsvelto.
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review |
STR:
- Set the "dom.security.trusted_types.enabled" pref to true.
- Open https://jsfiddle.net/c9mg4zqp/ and check the developer console.
Expected: "TrustedHTML {vv}" is logged
Actual: "TrustedHTML { }" is logged
Chrome behaves as expected.
|
||
Updated•10 months ago
|
|
|
||
Comment 1•10 months ago
|
||
Agreed, this would be great to get in. Reminds me of bug 1652671 ;-)
|
||
Comment 2•7 months ago
|
||
Could also be nice to add a link to the createHTML function used by the TrustedHTML.
Since TrustedHTML is being worked on in Firefox at the moment, it would be nice to work on this soon-ish.
|
Assignee | |
Comment 3•7 months ago
|
||
Mirko, it seems that what you want is something similar than in Chrome, where they show the result of toString() I guess ?
Is there anything else we could show somehow? As Julian said, we discussed in triage and thought it could be nice to somehow print the createHTML function from the TrustedTypePolicy. Do you think we could expose a ChromeOnly policy getter on TrustedHTML ?
Also should we think of handling TrustedScript and TrustedScriptURL as well?
Thanks!
|
Reporter | |
Comment 4•7 months ago
|
||
(In reply to Nicolas Chevobbe [:nchevobbe] from comment #3)
Mirko, it seems that what you want is something similar than in Chrome, where they show the result of
toString()I guess ?
Yes.
Is there anything else we could show somehow?
That might be superfluous.
As Julian said, we discussed in triage and thought it could be nice to somehow print the
createHTMLfunction from theTrustedTypePolicy. Do you think we could expose aChromeOnlypolicygetter onTrustedHTML?
Also should we think of handlingTrustedScriptandTrustedScriptURLas well?
Yes, TrustedScript* should be handled too.
Thanks!
|
|
Reporter | |
Comment 5•7 months ago
|
||
CC Fred, since he took over the work on Trusted Types from me.
|
|
Assignee | |
Updated•7 months ago
|
|
|
Assignee | |
Comment 6•7 months ago
|
||
This is needed to add meaningful previews for instances of those classes in
the console.
Tests are added in next patch.
|
||
Updated•7 months ago
|
|
|
Assignee | |
Comment 7•7 months ago
|
||
|
||
Comment 8•7 months ago
|
||
Are you sure that my review request is correct? I am not a peer of this module so can't review patches.
|
|
Assignee | |
Comment 9•7 months ago
|
||
(In reply to Gabriele Svelto [:gsvelto] from comment #8)
Are you sure that my review request is correct? I am not a peer of this module so can't review patches.
last time I made changes to the Sandbox.cpp file, smaug asked you to review the patch, so I thought it would be the same here :)
I'll ask smaug as well
|
||
Comment 10•7 months ago
|
||
|
||
Comment 11•7 months ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/5cdfde163954
https://hg.mozilla.org/mozilla-central/rev/d0045739b9f8
|
||
Comment 12•7 months ago
|
||
I think others already replied. I don't have strong opinions on this, but whatever facilitate debugging for web developers sounds good. And yes, TrustedScript/TrustedScriptURL should always be handled the same as TrustedHTML.
Description
•