- From: Krzysztof Kotowicz <notifications@github.com>
- Date: Fri, 08 Nov 2019 09:09:45 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 8 November 2019 17:09:48 UTC
Alternate take on this, using the slot values for scripts. https://github.com/w3c/webappsec-trusted-types/pull/236
With this approach, Integration points with DOM disappeared (while the HTML integration gets a bit more involved).
Preview in FF: `data:text/html,<script>fetch('https://raw.githubusercontent.com/koto/trusted-types/integrationstake2/dist/spec/index.html').then(r=>r.text()).then(t=>document.write(t))</script>#enfocement-in-scripts`
One issue remains in that I think it makes sense for `script.setAttribute('src', trustedValue)` to work, which reintroduces parts of algorithms proposed earlier in the thread. Thoughts?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/789#issuecomment-551911588
Received on Friday, 8 November 2019 17:09:48 UTC