- From: Mason Freed <notifications@github.com>
- Date: Thu, 19 Jan 2023 15:24:11 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 19 January 2023 23:24:23 UTC
I'm splitting this out from the discussion that starts on this comment https://github.com/whatwg/html/pull/5465#discussion_r1042020381 and then jumps to overall issue comments starting here https://github.com/whatwg/html/pull/5465#issuecomment-1383927052. This was also previously discussed at length starting at this comment https://github.com/whatwg/dom/issues/912#issuecomment-725900521. That issue has much more context on why there needs to be an opt-in for DSD at all.
The [current spec PR](https://github.com/whatwg/html/pull/5465) has `DOMParser.parseFromString(html,"text/html", {declarativeShadowRoots: true})` which is the *only* API that lets you imperatively parse HTML that contains declarative shadow roots.
There is a question about whether we need to add this, and whether instead we should make Sanitizer's `setHTML()` the only DSD-aware parser API. That requires some changes to the Sanitizer (https://github.com/whatwg/html/issues/8627), in particular giving `setHTML()` a `sanitizer: "unsafe-none"` argument that bypasses all sanitization.
--
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/1145
You are receiving this because you are subscribed to this thread.
Message ID: <whatwg/dom/issues/1145@github.com>
Received on Thursday, 19 January 2023 23:24:23 UTC