Re: [whatwg/dom] Request for mechanism to determine if children changed steps are called as a result of script or parser (Issue #1288) from Luke Warlow on 2024-07-09 (public-webapps-github@w3.org from July 2024)

From: Luke Warlow <notifications@github.com>
Date: Tue, 09 Jul 2024 04:29:41 -0700
To: whatwg/dom <dom@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/dom/issues/1288/2217404730@github.com>

Following up on this I've opened a draft PR on Trusted Types which tries to advaced the script protection. I've moved to a new model after discussions with Anne and others which be simpler to understand.

The idea is that a script element has two flags, one to say it's trusted which is initially true (so parsed scripts are trusted), and one to say it's been modified by a trusted sink.

The model relies on the children changed steps and a new flag "parser change" for those steps which can be used to differentiate between API or Parser. See https://github.com/w3c/trusted-types/pull/533 for the specifics.

So the big missing piece of the puzzle is how to get that new "parser change" flag specced. It seems that the children changed steps aren't neccessarily called directly from the parser so it might require piping the flag through multiple layers of indirection?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/1288#issuecomment-2217404730
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/dom/issues/1288/2217404730@github.com>

Received on Tuesday, 9 July 2024 11:29:45 UTC