Contact emailsvogelh...@chromium.org, mk...@chromium.org, l...@chromium.org
Explainerhttps://github.com/WICG/sanitizer-api https://web.dev/sanitizer Specificationhttps://wicg.github.io/sanitizer-api Docshttps://web.dev/sanitizer https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API Summary The Sanitizer API offers an easy to use and safe by default HTML Sanitizer API, which developers can use to remove content that may execute script from arbitrary, user-supplied HTML content. The goal is to make it easier to build XSS-free web applications. The intended contributions of the Sanitizer API are: Making a sanitizer more easily accessible to web developers; be easy to use and safe by default; and shift part of the maintenance burden to the platform. This is the initial "MVP". This implements the current spec except for two features, the .sanitize and .sanitizeFor methods on the Sanitizer object, in order to leave room for more discussion. Our intent is to add the missing features once the discussion has run its course. In all other aspects, this launch faithfully implements the spec as currently written. We feel the current implementation already adds substantial value to the web platform as-is. Blink componentBlink>SecurityFeature>SanitizerAPI <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ESanitizerAPI> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/619 TAG review statusIssues addressed Risks Interoperability and Compatibility This is a new API that does not modify existing behaviour. A comprehensive WPT test suite ensures cross-browser compatibility. *Gecko*: In development ( https://github.com/mozilla/standards-positions/issues/106) Standards Position: https://github.com/mozilla/standards-positions/issues/106 A prototype is In development: https://groups.google.com/g/mozilla.dev.platform/c/C4EHeQlaMbU/m/C8hNg9ehBwAJ *WebKit*: No signal ( https://lists.webkit.org/pipermail/webkit-dev/2021-March/031731.html, https://lists.webkit.org/pipermail/webkit-dev/2022-March/032155.html) A position statement has been requested. The answer received to date (2021-03-18) avoids giving a definite answer one way or another. Please follow the links for details. *Web developers*: Positive. There have been several articles or blog posts about the Sanitizer API, with a generally positive undertone. Examples: https://portswigger.net/daily-swig/google-mozilla-close-to-finalizing-sanitizer-api-for-chrome-and-firefox-browsers https://blog.bitsrc.io/javascript-sanitizer-api-the-modern-way-to-safe-dom-manipulation-828d5ea7dca6 https://css-tricks.com/html-sanitizer-api/ Security The goal of this feature is to make security more accessible. We generally consider this feature low risk, since it's an additive feature that does not extend or interact with existing platform security mechanisms. The specification lists several security risks that are being considered during development of the feature: https://wicg.github.io/sanitizer-api/#security-considerations WebView application risks n/a Debuggability Sanitizer API can be readily debugged with existing DevTools. It does not have hidden state (or other "special" integration) that would warrant customized DevTools support. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?Yes Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?Yes Flag nameSanitizerAPIv0 Requires code in //chrome?False Tracking bughttps://crbug.com/1101982 Launch bughttps://crbug.com/1306863 MeasurementSeveral counters for API calls are defined. (E.g. https://source.chromium.org/search?q=MeasureAs%3DSanitizerAPI%20file:%5C.idl$ <https://source.chromium.org/search?q=MeasureAs%3DSanitizerAPI+file%3A%5C.idl%24> ) Estimated milestones 105 Anticipated spec changes The plan of record is to migrate the current WICG spec to HTML proper: * https://github.com/WICG/sanitizer-api/issues/114 * https://github.com/whatwg/html/issues/7197 Two apparently contentious API choices were removed from this launch, which is what makes this an MVP. By making sure the MVP only contains agreed upon APIs we allow for the future evolution of the API in any direction. * https://github.com/WICG/sanitizer-api/issues/129 * https://github.com/WICG/sanitizer-api/issues/128 The present spec requires a secure context. This might be dropped in a future version. * https://github.com/WICG/sanitizer-api/issues/122 The present spec does not support namespaced content (like SVG or MathML). This is likely to be added in a future version. Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5786893650231296 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>; plus manual editing. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZ1TE5wbApR4-scTLjwKT54vzB_FLjnqbLLth%2BJmLpUQ%40mail.gmail.com.