Re: [whatwg/dom] [Declarative Shadow DOM] How should we build the "opt-in" for fragment parsing of declarative Shadow DOM? (#912) from Anne van Kesteren on 2020-11-20 (public-webapps-github@w3.org from November 2020)

From: Anne van Kesteren <notifications@github.com>
Date: Fri, 20 Nov 2020 00:03:00 -0800
To: whatwg/dom <dom@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/dom/issues/912/731003420@github.com>

I meant that in v1 of `setInnerHTML()` you have to pass unsafe to indicate you opt out of sanitization and otherwise it will throw. So for instance:
```js
elm.setInnerHTML(content, { includeShadowRoots: true, unsafe: false }); // throws
elm.setInnerHTML(content, { includeShadowRoots: false, unsafe: false }); // throws
elm.setInnerHTML(content, { includeShadowRoots: true, unsafe: true }); // parses
elm.setInnerHTML(content, { includeShadowRoots: false, unsafe: true }); // parses
```
I don't think it should matter what's in _content_ for the purposes of throwing or not throwing. It should do the same as the normal parser as much as possible.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/912#issuecomment-731003420

Received on Friday, 20 November 2020 08:03:13 UTC