Hi Rick, On Tue, Oct 4, 2022 at 5:40 PM Rick Byers <rby...@chromium.org> wrote:
> This seems like a pretty minor and uncontroversial extension to trusted > types to me. But it also seems like a good time to just check-in on the > state of discussion around TrustedTypes with other vendors. > Our most recent check-ins are a March 2022 WebAppSec meeting <https://github.com/w3c/webappsec/blob/main/meetings/2022/2022-03-15-minutes.md#trusted-types-deployment-at-facebook-microsoft-and-google>, where Facebook, Microsoft, and Google reported about their Trusted Types deployments & result, and a mid-2021 Trusted Types "state of the union" report <https://docs.google.com/document/d/1m91JZWKAGOR3jQoicMVE9Ydcq79gM2BetcRIBemrex8/view>, also shared and discussed <https://lists.w3.org/Archives/Public/public-webappsec/2021Jul/0003.html> with the W3C WebAppSec community group. These also discuss results, e.g. the former: "[Number] of XSS [reported at Google] halved in 2020 and 2021. 0 DOM XSS in all TT applications". I certainly think we should keep these discussions going, but I'm a bit afraid of over-doing it. Also, we don't really have new results since those meetings. Also, can you please share the wpt.fyi link for the tests for this feature? > The change is a single CL, and I didn't want to land it before having lgtm for shipping. Thus the tests aren't in wpt.fyi yet. The tests in the CL are here <https://chromium-review.googlesource.com/c/chromium/src/+/3602337/12/third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-from-literal.tentative.html> (plus a few modifications to other tests.) If it's important that the tests are in wpt.fyi for the API owners' review, I'll be happy to use a feature flag to land this default-off, wait for API owners' lgtm, and then enable it separately. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMKw7tGwzw--%2BccfE5dvJ6emzND5otZRZA9-sz1A_HcJg%40mail.gmail.com.
