On Tue, Oct 25, 2022 at 11:03 AM Yoav Weiss <yoavwe...@chromium.org> wrote:
> Thanks!! > > On Friday, October 21, 2022 at 11:30:22 AM UTC+2 Daniel Vogelheim wrote: > >> Apologies this took a while, but the explainer bit has now landed here: >> https://github.com/w3c/trusted-types/blob/main/explainer.md#source-literals >> >> > > I'm guessing that "const value = TrustedHTML.fromLiteral`<b>Hello there > ${user_provided_name}</b>`;" will throw as well, right? > Yes. (spec, ยง3.3 #2 <https://w3c.github.io/trusted-types/dist/spec/#create-a-trusted-type-from-literal-algorithm> ) I proposed improved wording <https://github.com/w3c/trusted-types/pull/377> for the explainer, but kept it very brief to keep it within the spirit of an explainer. On Wed, Oct 19, 2022 at 5:34 PM Yoav Weiss <yoavwe...@chromium.org> wrote: >> >>> Friendly ping on an explainer update :) >>> >>> On Thursday, October 6, 2022 at 7:19:20 PM UTC+2 Jun Kokatsu wrote: >>> >>>> >>>> >>>> On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 yoav...@chromium.org >>>> wrote: >>>> >>>>> On Thu, Sep 29, 2022 at 4:34 PM 'Daniel Vogelheim' via blink-dev < >>>>> blin...@chromium.org> wrote: >>>>> >>>>>> Contact emailsvoge...@chromium.org >>>>>> >>>>> >>>>>> >>>>>> Specification >>>>>> https://w3c.github.io/trusted-types/dist/spec/#trusted-html >>>>>> >>>>>> Summary >>>>>> >>>>>> Add a function to each "Trusted Type" to create an instance from a >>>>>> JavaScript template literal (but not from a dynamically computed string). >>>>>> This makes it easy to mark literals in the JavaScript source text as >>>>>> "trusted". Example: >>>>>> >>>>>> const html = TrustedHTML.fromLiteral`<p>Literal Text</p>`; >>>>>> >>>>>> Blink componentBlink>SecurityFeature>TrustedTypes >>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ETrustedTypes> >>>>>> >>>>>> TAG reviewn/a >>>>>> >>>>>> TAG review statusNot applicable >>>>>> >>>>>> Risks >>>>>> >>>>>> Interoperability and Compatibility >>>>>> >>>>>> >>>>>> *Gecko*: No signal. (Gecko has not implemented Trusted Types.) >>>>>> >>>>>> *WebKit*: No signal. (WebKit has not implemented Trusted Types.) >>>>>> >>>>>> *Web developers*: Positive ( >>>>>> https://github.com/w3c/trusted-types/issues/347) >>>>>> >>>>> Can you point out specific signals in that thread that should be >>>>> counted as web developer ones? >>>>> >>>> It's little hard to tell, but that issue was a feature request from a >>>> developer (i.e. me). >>>> At the time, I was working in Microsoft where I worked with Bing team >>>> to deploy Trusted Types in some of their products, and that was a request >>>> that I made. >>>> >>>> >>>> >>>>> >>>>> >>>>>> >>>>>> *Other signals*: >>>>>> >>>>>> WebView application risks >>>>>> >>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>> that it has potentially high risk for Android WebView-based applications? >>>>>> No. >>>>>> >>>>>> >>>>>> >>>>>> Debuggability >>>>>> >>>>>> It's a new method. Its use can be readily debugged in DevTools. >>>>>> >>>>>> >>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)?Yes >>>>>> >>>>>> Is this feature fully tested by web-platform-tests >>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>> ?Yes >>>>>> >>>>>> Flag nameTrustedTypesFromLiteral >>>>>> >>>>>> Requires code in //chrome?False >>>>>> >>>>>> Tracking bug >>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1271149 >>>>>> >>>>>> Estimated milestones >>>>>> >>>>>> 108 >>>>>> >>>>>> >>>>>> Anticipated spec changes >>>>>> >>>>>> Open questions about a feature may be a source of future web compat >>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>> issues in the project for the feature specification) whose resolution may >>>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>>> of >>>>>> the API in a non-backward-compatible way). >>>>>> >>>>>> >>>>>> Link to entry on the Chrome Platform Status >>>>>> https://chromestatus.com/feature/6551852775112704 >>>>>> >>>>>> -- >>>>>> >>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>>> an email to blink-dev+...@chromium.org. >>>>>> >>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPOEpYgMB9%3D0Xi8jnzc%2BSwbbieo97vpLQCtAB2CkmN1hdQ%40mail.gmail.com.
