You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The text was updated successfully, but these errors were encountered:
mbrodesser-Igalia
changed the title
Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL/`?
Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL/?
Jul 11, 2024
mbrodesser-Igalia
changed the title
Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL/?
Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL?
Jul 11, 2024
https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-compliant-string-algorithm step 1 currently specifies
"If input has type expectedType". What does that mean? It seems
isHTML
(https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-ishtml) /isScript
/isScriptURL
should be invoked.The callers of "Get Trusted Type compliant string", e.g.
someElement.insertAdjacentHTML
(https://html.spec.whatwg.org/#dom-parsing-and-serialization:dom-element-insertadjacenthtml) don't check that either so it should be checked somewhere.The text was updated successfully, but these errors were encountered: