- From: Krzysztof Kotowicz <notifications@github.com>
- Date: Fri, 21 Feb 2020 06:37:55 -0800
- To: heycam/webidl <webidl@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 21 February 2020 14:38:08 UTC
@annevk That is quite similar to how it is defined currently: We typedef [HTMLString](https://w3c.github.io/webappsec-trusted-types/dist/spec/#typedefdef-htmlstring) union and [set the attribute on the union](https://w3c.github.io/webappsec-trusted-types/dist/spec/#extensions-to-the-document-interface). We could set it for the `DOMString` only, like @yuki3 proposes, that's a minor detail I think. The real issue is that, to my understanding, the original design as outlined above caused issues with the default policy for DOM (https://github.com/w3c/webappsec-trusted-types/issues/248) - which triggered the redesign and this PR. It seems to me like now we're going back to where we were before. Does that not cause default policy issues in the end? The intention is for most spec algos to continue dealing with strings only, and for the sanitization happening before they run. If we can achieve that by rephrasing https://w3c.github.io/webappsec-trusted-types/dist/spec/#!trustedtypes-extended-attribute, and without modifying WebIDL, I'm sold. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/heycam/webidl/pull/841#issuecomment-589680301
Received on Friday, 21 February 2020 14:38:08 UTC