Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test TT is not enforced when taking an element out of a TT realm to a… #46432

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Test TT is not enforced when taking an element out of a TT realm to a… #46432

wants to merge 1 commit into from

Conversation

ziransun
Copy link
Member

… non-TT realm.

See discussions at w3c/trusted-types#425 (comment).

@wpt-pr-bot wpt-pr-bot requested a review from mikewest May 22, 2024 10:29
lukewarlow
lukewarlow requested changes May 22, 2024
View reviewed changes
Copy link
Member

@lukewarlow lukewarlow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't work as required. You need to have the element inside the iframe (and have TT enforced in the iframe not the parent document) and then move it to the parent. CSP inherits down into the iframe as currently written so this will fail

@ziransun ziransun force-pushed the non-TT branch 2 times, most recently from 37409ee to 27e7b24 Compare May 24, 2024 14:06
@ziransun
Copy link
Member Author

This won't work as required. You need to have the element inside the iframe (and have TT enforced in the iframe not the parent document) and then move it to the parent. CSP inherits down into the iframe as currently written so this will fail

Updated. PTAL. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukewarlow lukewarlow lukewarlow requested changes

@mikewest mikewest Awaiting requested review from mikewest

@mbrodesser-Igalia mbrodesser-Igalia Awaiting requested review from mbrodesser-Igalia

@annevk annevk Awaiting requested review from annevk

Requested changes must be addressed to merge this pull request.

Assignees

@mikewest mikewest

Labels
trusted-types wg-s_webappsec
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ziransun @lukewarlow @mikewest @wpt-pr-bot