- From: Ms2ger <notifications@github.com>
- Date: Thu, 01 Feb 2024 08:33:51 -0800
- To: whatwg/webidl <webidl@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/webidl/pull/841/review/1856953287@github.com>
@Ms2ger commented on this pull request.
> @@ -11056,6 +11100,21 @@ allowed. The security check takes the following three inputs:
Note: The HTML Standard defines how a security check is performed. [[!HTML]]
+Certain algorithms in [[#es-type-mapping]] are defined to
+<dfn id="dfn-validate-the-string-in-context" export>validate the string in context</dfn> on a given
+value. This check is used to determine whether a given value
+is appropriate for its {{StringContext}}. This validation takes the following four inputs:
+
+1. the [=platform object=] on
+ which the operation invocation or attribute access is being done,
+1. the value to validate,
+1. the {{StringContext}} [=identifier=], and
+1. the [=identifier=] of the operation or attribute.
+
+The algorithm returns an ECMAScript String value, or [=ECMAScript/throws=] a {{ECMAScript/TypeError}}.
Note that https://w3c.github.io/trusted-types/dist/spec/#html-validate-the-string-in-context doesn't necessarily return a string, and if it did, the conversion algorithm above does some unnecessary work.
> + [=this=], |V|, the {{StringContext}} extended attribute [=identifier=], and the [=identifier=]
+ of the [{{StringContext}}] extended attribute [=related construct=].
I agree that this doesn't work with the layering as it currently exists.
--
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/webidl/pull/841#pullrequestreview-1856953287
You are receiving this because you are subscribed to this thread.
Message ID: <whatwg/webidl/pull/841/review/1856953287@github.com>
Received on Thursday, 1 February 2024 16:33:57 UTC