LGTM2 /Daniel
On 2022-10-26 17:34, Yoav Weiss wrote:
LGTM1 Thanks for explainer and extra explanations!! On Tuesday, October 25, 2022 at 3:03:07 PM UTC+2 Daniel Vogelheim wrote: Update: I pushed the release target out to 109, so we'll have more time to sort this out. On Tue, Oct 25, 2022 at 1:38 PM Daniel Vogelheim <[email protected]> wrote: On Tue, Oct 25, 2022 at 11:03 AM Yoav Weiss <[email protected]> wrote: Thanks!! On Friday, October 21, 2022 at 11:30:22 AM UTC+2 Daniel Vogelheim wrote: Apologies this took a while, but the explainer bit has now landed here: https://github.com/w3c/trusted-types/blob/main/explainer.md#source-literals <https://github.com/w3c/trusted-types/blob/main/explainer.md#source-literals> I'm guessing that "const value = TrustedHTML.fromLiteral`<b>Hello there ${user_provided_name}</b>`;" will throw as well, right? Yes. (spec, ยง3.3 #2 <https://w3c.github.io/trusted-types/dist/spec/#create-a-trusted-type-from-literal-algorithm>) I proposed improved wording <https://github.com/w3c/trusted-types/pull/377> for the explainer, but kept it very brief to keep it within the spirit of an explainer. On Wed, Oct 19, 2022 at 5:34 PM Yoav Weiss <[email protected]> wrote: Friendly ping on an explainer update :) On Thursday, October 6, 2022 at 7:19:20 PM UTC+2 Jun Kokatsu wrote: On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 [email protected] wrote: On Thu, Sep 29, 2022 at 4:34 PM 'Daniel Vogelheim' via blink-dev <[email protected]> wrote: Contact emails [email protected] Specification https://w3c.github.io/trusted-types/dist/spec/#trusted-html <https://w3c.github.io/trusted-types/dist/spec/#trusted-html> Summary Add a function to each "Trusted Type" to create an instance from a JavaScript template literal (but not from a dynamically computed string). This makes it easy to mark literals in the JavaScript source text as "trusted". Example: const html = TrustedHTML.fromLiteral`<p>Literal Text</p>`; Blink component Blink>SecurityFeature>TrustedTypes <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ETrustedTypes> TAG review n/a TAG review status Not applicable Risks Interoperability and Compatibility /Gecko/: No signal. (Gecko has not implemented Trusted Types.) /WebKit/: No signal. (WebKit has not implemented Trusted Types.) /Web developers/: Positive (https://github.com/w3c/trusted-types/issues/347 <https://github.com/w3c/trusted-types/issues/347>) Can you point out specific signals in that thread that should be counted as web developer ones? It's little hard to tell, but that issue was a feature request from a developer (i.e. me). At the time, I was working in Microsoft where I worked with Bing team to deploy Trusted Types in some of their products, and that was a request that I made. /Other signals/: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? No. Debuggability It's a new method. Its use can be readily debugged in DevTools. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? Yes Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>? Yes Flag name TrustedTypesFromLiteral Requires code in //chrome? False Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1271149 <https://bugs.chromium.org/p/chromium/issues/detail?id=1271149> Estimated milestones 108 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). Link to entry on the Chrome Platform Status https://chromestatus.com/feature/6551852775112704 <https://chromestatus.com/feature/6551852775112704>--You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com?utm_medium=email&utm_source=footer>. --You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bdeba401-3282-4ae6-a85f-689653eb4490n%40chromium.org <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bdeba401-3282-4ae6-a85f-689653eb4490n%40chromium.org?utm_medium=email&utm_source=footer>.
-- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9607f879-a78b-0d94-5ef2-81c0cf4ffc43%40gmail.com.
