Should "Get Trusted Type compliant string" check `isHTML`/`isScript`/`isScriptURL`? #534

mbrodesser-Igalia · 2024-07-11T10:28:49Z

https://w3c.github.io/trusted-types/dist/spec/#get-trusted-type-compliant-string-algorithm step 1 currently specifies
"If input has type expectedType". What does that mean? It seems isHTML (https://w3c.github.io/trusted-types/dist/spec/#dom-trustedtypepolicyfactory-ishtml) / isScript / isScriptURL should be invoked.

The callers of "Get Trusted Type compliant string", e.g.someElement.insertAdjacentHTML (https://html.spec.whatwg.org/#dom-parsing-and-serialization:dom-element-insertadjacenthtml) don't check that either so it should be checked somewhere.

The text was updated successfully, but these errors were encountered:

mbrodesser-Igalia changed the title ~~Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL/`?~~ Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL/? Jul 11, 2024

mbrodesser-Igalia changed the title ~~Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL/?~~ Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL? Jul 11, 2024

mbrodesser-Igalia added this to the v1 milestone Jul 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Should "Get Trusted Type compliant string" check `isHTML`/`isScript`/`isScriptURL`? #534

Should "Get Trusted Type compliant string" check `isHTML`/`isScript`/`isScriptURL`? #534

mbrodesser-Igalia commented Jul 11, 2024

Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL? #534

Should "Get Trusted Type compliant string" check isHTML/isScript/isScriptURL? #534

Comments

mbrodesser-Igalia commented Jul 11, 2024

Should "Get Trusted Type compliant string" check `isHTML`/`isScript`/`isScriptURL`? #534

Should "Get Trusted Type compliant string" check `isHTML`/`isScript`/`isScriptURL`? #534