On Wed, Jun 1, 2022 at 11:47 AM Yoav Weiss <yoavwe...@chromium.org> wrote:
> > > On Wed, Jun 1, 2022 at 11:09 AM Daniel Vogelheim <vogelh...@chromium.org> > wrote: > >> Contact emailsvogelh...@chromium.org, mk...@chromium.org, >> l...@chromium.org >> >> Explainerhttps://github.com/WICG/sanitizer-api >> https://web.dev/sanitizer >> >> Specificationhttps://wicg.github.io/sanitizer-api >> >> Docshttps://web.dev/sanitizer >> https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API >> >> Summary >> >> The Sanitizer API offers an easy to use and safe by default HTML >> Sanitizer API, which developers can use to remove content that may execute >> script from arbitrary, user-supplied HTML content. The goal is to make it >> easier to build XSS-free web applications. The intended contributions of >> the Sanitizer API are: Making a sanitizer more easily accessible to web >> developers; be easy to use and safe by default; and shift part of the >> maintenance burden to the platform. This is the initial "MVP". This >> implements the current spec except for two features, the .sanitize and >> .sanitizeFor methods on the Sanitizer object, in order to leave room for >> more discussion. Our intent is to add the missing features once the >> discussion has run its course. In all other aspects, this launch faithfully >> implements the spec as currently written. We feel the current >> implementation already adds substantial value to the web platform as-is. >> > > So will this only support the `setHTML()` option initially? > Yes, exactly. >> >> Blink componentBlink>SecurityFeature>SanitizerAPI >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ESanitizerAPI> >> >> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/619 >> >> TAG review statusIssues addressed >> >> Risks >> Interoperability and Compatibility >> >> This is a new API that does not modify existing behaviour. A >> comprehensive WPT test suite ensures cross-browser compatibility. >> >> *Gecko*: In development ( >> https://github.com/mozilla/standards-positions/issues/106) >> Standards Position: >> https://github.com/mozilla/standards-positions/issues/106 >> A prototype is In development: >> https://groups.google.com/g/mozilla.dev.platform/c/C4EHeQlaMbU/m/C8hNg9ehBwAJ >> >> *WebKit*: No signal ( >> https://lists.webkit.org/pipermail/webkit-dev/2021-March/031731.html, >> https://lists.webkit.org/pipermail/webkit-dev/2022-March/032155.html) A >> position statement has been requested. The answer received to date >> (2021-03-18) avoids giving a definite answer one way or another. Please >> follow the links for details. >> >> *Web developers*: Positive. There have been several articles or blog >> posts about the Sanitizer API, with a generally positive undertone. >> Examples: >> https://portswigger.net/daily-swig/google-mozilla-close-to-finalizing-sanitizer-api-for-chrome-and-firefox-browsers >> >> https://blog.bitsrc.io/javascript-sanitizer-api-the-modern-way-to-safe-dom-manipulation-828d5ea7dca6 >> https://css-tricks.com/html-sanitizer-api/ >> >> >> Security >> >> The goal of this feature is to make security more accessible. We >> generally consider this feature low risk, since it's an additive feature >> that does not extend or interact with existing platform security >> mechanisms. The specification lists several security risks that are being >> considered during development of the feature: >> https://wicg.github.io/sanitizer-api/#security-considerations >> >> >> WebView application risks >> >> n/a >> >> >> >> Debuggability >> >> Sanitizer API can be readily debugged with existing DevTools. It does not >> have hidden state (or other "special" integration) that would warrant >> customized DevTools support. >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, Chrome OS, Android, and Android WebView)?Yes >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ?Yes >> >> Flag nameSanitizerAPIv0 >> >> Requires code in //chrome?False >> >> Tracking bughttps://crbug.com/1101982 >> >> Launch bughttps://crbug.com/1306863 >> >> MeasurementSeveral counters for API calls are defined. (E.g. >> https://source.chromium.org/search?q=MeasureAs%3DSanitizerAPI%20file:%5C.idl$ >> <https://source.chromium.org/search?q=MeasureAs%3DSanitizerAPI+file%3A%5C.idl%24> >> ) >> >> Estimated milestones >> >> 105 >> >> Anticipated spec changes >> >> The plan of record is to migrate the current WICG spec to HTML proper: * >> https://github.com/WICG/sanitizer-api/issues/114 >> >> * https://github.com/whatwg/html/issues/7197 >> >> >> Two apparently contentious API choices were removed from this launch, >> which is what makes this an MVP. By making sure the MVP only contains >> agreed upon APIs we allow for the future evolution of the API in any >> direction. >> >> * https://github.com/WICG/sanitizer-api/issues/129 >> >> * https://github.com/WICG/sanitizer-api/issues/128 >> >> >> The present spec requires a secure context. This might be dropped in a >> future version. >> * https://github.com/WICG/sanitizer-api/issues/122 >> >> The present spec does not support namespaced content (like SVG or >> MathML). This is likely to be added in a future version. >> >> Link to entry on the Chrome Platform Status >> https://chromestatus.com/feature/5786893650231296 >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>; plus manual editing. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZ1TE5wbApR4-scTLjwKT54vzB_FLjnqbLLth%2BJmLpUQ%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZ1TE5wbApR4-scTLjwKT54vzB_FLjnqbLLth%2BJmLpUQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZXjTy5eSxEuySG5HzQjU__Fycnx3v6hSs3Y4yNw1ZJA%40mail.gmail.com.