Re: [whatwg/dom] Integrate Trusted Types enforcement into attribute handling (PR #1268) from smaug---- on 2025-10-30 (public-webapps-github@w3.org from October 2025)

From: smaug---- <notifications@github.com>
Date: Thu, 30 Oct 2025 03:02:57 -0700
To: whatwg/dom <dom@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/dom/pull/1268/review/3398529674@github.com>

@smaug---- commented on this pull request.



> @@ -7115,6 +7117,11 @@ string <var>namespace</var> (default null):</p>
 <a for=/>attribute</a> <var>attr</var> and an <a for=/>element</a> <var>element</var>:
 
 <ol>
+ <li><p>Let <var>verifiedValue</var> be the result of calling
+ <a>get trusted type compliant attribute value</a> with <var>attr</var>'s
+ <a for=Attr>local name</a>, <var>attr</var>'s <a for=Attr>namespace</a>, <var>element</var>, and
+ <var>attr</var>'s <a for=Attr>value</a>. [[!TRUSTED-TYPES]]
+

This is a bit nitpicking, but I think I'd prefer still that passing existing attribute node here would be no-op.
Gecko does attr.element == some other element -> throw, attr == existingAttr return; also before TT check.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/pull/1268#pullrequestreview-3398529674
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/dom/pull/1268/review/3398529674@github.com>

Received on Thursday, 30 October 2025 10:03:01 UTC