Re: [whatwg/dom] Trusted types attributes (PR #1268)

@fred-wang commented on this pull request.



> @@ -7382,7 +7437,13 @@ string <var>value</var>, run these steps:
  <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
  <a for=Attr>value</a> to <var>value</var>.
 
- <li><p>Otherwise, <a lt="change an attribute">change</a> <var>attribute</var> to <var>value</var>.
+ <li><p>Otherwise:
+  <ol>
+    <li><p>Let <var>verifiedValue</var> be the result of calling <a>verify attribute value</a>
+    <var>value</var> for <var>attribute</var>, with <a>this</a>.
+
+   <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.

I haven't had time to do much progress since my previous comments here, so this is mostly guesses based on the change to dom/base/Attr.cpp from https://phabricator.services.mozilla.com/D236107. Mozilla's "change the attribute" is indeed calling a SetAttr method on the element and I see GetTrustedTypesCompliantAttributeValue could:

1. Detach the attribute node: in that the attribute element's is null and probably we should change the spec to do a no-op like in "If attribute's element is null, then set attribute's value to value" above.
2. Destroy the original element: this means implementations need to hold a strong reference to the element or skip the SetAttr call. However, I believe the attribute somehow keeps a strong reference to the element it is attached to, so this is probably covered by 1 already.
3. Move the attribute to another element. Again, I believe this will effectively detached the attribute node from the original element, so covered by 1 already.


-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/pull/1268#discussion_r1945983124
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/dom/pull/1268/review/2600847959@github.com>