- From: Jun <notifications@github.com>
- Date: Mon, 07 Oct 2024 14:50:15 -0700
- To: whatwg/webidl <webidl@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 7 October 2024 21:50:19 UTC
FYI, the current implementation seems to prohibit `'unsafe-eval'`. While this might be okay for applying the `InjectionMitigated` restriction to new APIs, it might make it diffuclt for old sites to adapt to `InjectionMitigated` when applying the restriction to old APIs. One way to solve this, is to check if Trusted Types is enforced, and `createScript` is "strictly" validated (whatever that means). In which case, we could allow `'unsafe-eval'` as the script going to `eval` is validated by Trusted Types. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/webidl/issues/1440#issuecomment-2397976859 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/webidl/issues/1440/2397976859@github.com>
Received on Monday, 7 October 2024 21:50:19 UTC