Open Bug 1961772 Opened 22 days ago Updated 22 days ago

Disallow innerHTML in UA Widgets

Categories

(Core :: DOM: Core & HTML, task)

Product:
Core
Component:
DOM: Core & HTML
Type:
task

Tracking

()

People

(Reporter: tschuster, Unassigned)

References

(Blocks 1 open bug)

Details

innerHTML, setHTML and other Trusted Type sinks are not reliable when trusted types is used by the page embedding the UA widget. We should simply disallow those functions similar to Document.createElement with its Func="IsNotUAWidget" annotation.

You need to log in before you can comment on or make changes to this bug.