Intent to Migrate trusted-types to W3C Security WG from Krzysztof Kotowicz on 2019-09-11 (public-webappsec@w3.org from September 2019)

From: Krzysztof Kotowicz <koto@google.com>
Date: Wed, 11 Sep 2019 19:35:50 +0200
To: public-webappsec@w3.org
Message-ID: <CAJCw+vurWEMSxA6Smy3PLmQqeMffzdVzYnQ1NKYd1Zd=RiK39w@mail.gmail.com>

Hi all!

I wanted to propose migrating Trusted Types from WICG to W3C to be
adopted by the Security WG.

The specification [1] is already in what we believe is a decent shape, the
Chrome implementation follows. There are some open issues [2], but I
believe we can discuss them in the WG.

We are piloting the API at Google - other authors are piloting this though
Chrome Origin Trials. There's positive signals from the JS community as
well - and indeed the API seems to be working well, as we've added several
new features to help with its adoption.

I spelled out the Intent to Migrate as a bug as required [4]. It should
have more context about the API and the reasoning behind migration intent.
I'm open to questions and complaints on this thread, or directly in the
GitHub issue.

[1] https://wicg.github.io/trusted-types/dist/spec/
[2] https://github.com/facebook/react/pull/16157
[3] https://github.com/Polymer/lit-html/pull/970
[4] https://github.com/WICG/trusted-types/issues/215

-- 
koto@ / Krzysztof Kotowicz / Google

Received on Wednesday, 11 September 2019 17:37:15 UTC