LGTM3 Excited about this.
On Wednesday, June 1, 2022 at 9:08:15 AM UTC-7 Daniel Bratell wrote: > LGTM2 > > /Daniel > On 2022-06-01 14:48, Yoav Weiss wrote: > > LGTM1 % explainer update > > On Wed, Jun 1, 2022 at 12:55 PM Daniel Vogelheim <vogelh...@google.com> > wrote: > >> On Wed, Jun 1, 2022 at 11:47 AM Yoav Weiss <yoavwe...@chromium.org> >> wrote: >> >>> >>> >>> On Wed, Jun 1, 2022 at 11:09 AM Daniel Vogelheim <vogelh...@chromium.org> >>> wrote: >>> >>>> Contact emails vogelh...@chromium.org, mk...@chromium.org, >>>> l...@chromium.org >>>> >>>> Explainer https://github.com/WICG/sanitizer-api >>>> https://web.dev/sanitizer >>>> >>>> Specification https://wicg.github.io/sanitizer-api >>>> >>>> Docs https://web.dev/sanitizer >>>> https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API >>>> >>>> Summary >>>> >>>> The Sanitizer API offers an easy to use and safe by default HTML >>>> Sanitizer API, which developers can use to remove content that may execute >>>> script from arbitrary, user-supplied HTML content. The goal is to make it >>>> easier to build XSS-free web applications. The intended contributions of >>>> the Sanitizer API are: Making a sanitizer more easily accessible to web >>>> developers; be easy to use and safe by default; and shift part of the >>>> maintenance burden to the platform. This is the initial "MVP". This >>>> implements the current spec except for two features, the .sanitize and >>>> .sanitizeFor methods on the Sanitizer object, in order to leave room for >>>> more discussion. Our intent is to add the missing features once the >>>> discussion has run its course. In all other aspects, this launch >>>> faithfully >>>> implements the spec as currently written. We feel the current >>>> implementation already adds substantial value to the web platform as-is. >>>> >>> >>> So will this only support the `setHTML()` option initially? >>> >> >> Yes, exactly. >> > > It'd be good to update the explainer to indicate that more clearly. Right > now, `setHTML()` is not well-represented there. We should also make sure > that developers don't assume that the existence of a `Sanitizer` object > implies the existence of `Saintizer.sanitize` and feature-detect for it. > > > >> >> >>>> Blink component Blink>SecurityFeature>SanitizerAPI >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ESanitizerAPI> >>>> >>>> TAG review https://github.com/w3ctag/design-reviews/issues/619 >>>> >>>> TAG review status Issues addressed >>>> >>>> Risks >>>> Interoperability and Compatibility >>>> >>>> This is a new API that does not modify existing behaviour. A >>>> comprehensive WPT test suite ensures cross-browser compatibility. >>>> >>>> *Gecko*: In development ( >>>> https://github.com/mozilla/standards-positions/issues/106) >>>> Standards Position: >>>> https://github.com/mozilla/standards-positions/issues/106 >>>> A prototype is In development: >>>> https://groups.google.com/g/mozilla.dev.platform/c/C4EHeQlaMbU/m/C8hNg9ehBwAJ >>>> >>>> *WebKit*: No signal ( >>>> https://lists.webkit.org/pipermail/webkit-dev/2021-March/031731.html, >>>> https://lists.webkit.org/pipermail/webkit-dev/2022-March/032155.html) >>>> A position statement has been requested. The answer received to date >>>> (2021-03-18) avoids giving a definite answer one way or another. Please >>>> follow the links for details. >>>> >>>> *Web developers*: Positive. There have been several articles or blog >>>> posts about the Sanitizer API, with a generally positive undertone. >>>> Examples: >>>> https://portswigger.net/daily-swig/google-mozilla-close-to-finalizing-sanitizer-api-for-chrome-and-firefox-browsers >>>> >>>> https://blog.bitsrc.io/javascript-sanitizer-api-the-modern-way-to-safe-dom-manipulation-828d5ea7dca6 >>>> https://css-tricks.com/html-sanitizer-api/ >>>> >>>> >>>> Security >>>> >>>> The goal of this feature is to make security more accessible. We >>>> generally consider this feature low risk, since it's an additive feature >>>> that does not extend or interact with existing platform security >>>> mechanisms. The specification lists several security risks that are being >>>> considered during development of the feature: >>>> https://wicg.github.io/sanitizer-api/#security-considerations >>>> >>>> >>>> WebView application risks >>>> >>>> n/a >>>> >>>> >>>> Debuggability >>>> >>>> Sanitizer API can be readily debugged with existing DevTools. It does >>>> not have hidden state (or other "special" integration) that would warrant >>>> customized DevTools support. >>>> >>>> >>>> Will this feature be supported on all six Blink platforms (Windows, >>>> Mac, Linux, Chrome OS, Android, and Android WebView)? Yes >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>> ? Yes >>>> >>>> Flag name SanitizerAPIv0 >>>> >>>> Requires code in //chrome? False >>>> >>>> Tracking bug https://crbug.com/1101982 >>>> >>>> Launch bug https://crbug.com/1306863 >>>> >>>> Measurement Several counters for API calls are defined. (E.g. >>>> https://source.chromium.org/search?q=MeasureAs%3DSanitizerAPI%20file:%5C.idl$ >>>> >>>> <https://source.chromium.org/search?q=MeasureAs%3DSanitizerAPI+file%3A%5C.idl%24> >>>> ) >>>> >>>> Estimated milestones >>>> >>>> 105 >>>> >>>> Anticipated spec changes >>>> >>>> The plan of record is to migrate the current WICG spec to HTML proper: >>>> * https://github.com/WICG/sanitizer-api/issues/114 >>>> >>>> * https://github.com/whatwg/html/issues/7197 >>>> >>>> >>>> Two apparently contentious API choices were removed from this launch, >>>> which is what makes this an MVP. By making sure the MVP only contains >>>> agreed upon APIs we allow for the future evolution of the API in any >>>> direction. >>>> >>>> * https://github.com/WICG/sanitizer-api/issues/129 >>>> >>>> * https://github.com/WICG/sanitizer-api/issues/128 >>>> >>>> >>>> The present spec requires a secure context. This might be dropped in a >>>> future version. >>>> * https://github.com/WICG/sanitizer-api/issues/122 >>>> >>>> The present spec does not support namespaced content (like SVG or >>>> MathML). This is likely to be added in a future version. >>>> >>>> Link to entry on the Chrome Platform Status >>>> https://chromestatus.com/feature/5786893650231296 >>>> >>>> This intent message was generated by Chrome Platform Status >>>> <https://chromestatus.com/>; plus manual editing. >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZ1TE5wbApR4-scTLjwKT54vzB_FLjnqbLLth%2BJmLpUQ%40mail.gmail.com >>>> >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZ1TE5wbApR4-scTLjwKT54vzB_FLjnqbLLth%2BJmLpUQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWfCzrDG6-pBY8ChT6A_8%2BbKiPePp%2BCsgADY9vv9rQiQA%40mail.gmail.com > > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWfCzrDG6-pBY8ChT6A_8%2BbKiPePp%2BCsgADY9vv9rQiQA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f39775ff-723a-4525-b328-b109e5e1d144n%40chromium.org.
