[w3c/editing] Upstream changes from trusted types (Issue #461) from Luke Warlow on 2024-04-03 (public-webapps-github@w3.org from April 2024)

From: Luke Warlow <notifications@github.com>
Date: Wed, 03 Apr 2024 08:07:41 -0700
To: w3c/editing <editing@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/editing/issues/461@github.com>

This issue is to ask if it would be okay to upstream a change from the trusted types spec. Trusted types are a security mechanism to reduce XSS vulenerabilties, this is achieved via a new API that can allows creation of trusted objects based on policies. Most of the XSS sinks are covered by changing their IDL type to one defined in TT spec which handles all the checks neccessary.

The editing specific section of the spec changes execCommand: https://w3c.github.io/trusted-types/dist/spec/#integration-with-exec-command

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/editing/issues/461
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/editing/issues/461@github.com>

Received on Wednesday, 3 April 2024 15:07:45 UTC