Apologies this took a while, but the explainer bit has now landed here: https://github.com/w3c/trusted-types/blob/main/explainer.md#source-literals
On Wed, Oct 19, 2022 at 5:34 PM Yoav Weiss <yoavwe...@chromium.org> wrote: > Friendly ping on an explainer update :) > > On Thursday, October 6, 2022 at 7:19:20 PM UTC+2 Jun Kokatsu wrote: > >> >> >> On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 yoav...@chromium.org >> wrote: >> >>> On Thu, Sep 29, 2022 at 4:34 PM 'Daniel Vogelheim' via blink-dev < >>> blin...@chromium.org> wrote: >>> >>>> Contact emailsvoge...@chromium.org >>>> >>> >>>> >>>> Specification >>>> https://w3c.github.io/trusted-types/dist/spec/#trusted-html >>>> >>>> Summary >>>> >>>> Add a function to each "Trusted Type" to create an instance from a >>>> JavaScript template literal (but not from a dynamically computed string). >>>> This makes it easy to mark literals in the JavaScript source text as >>>> "trusted". Example: >>>> >>>> const html = TrustedHTML.fromLiteral`<p>Literal Text</p>`; >>>> >>>> Blink componentBlink>SecurityFeature>TrustedTypes >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ETrustedTypes> >>>> >>>> TAG reviewn/a >>>> >>>> TAG review statusNot applicable >>>> >>>> Risks >>>> >>>> Interoperability and Compatibility >>>> >>>> >>>> *Gecko*: No signal. (Gecko has not implemented Trusted Types.) >>>> >>>> *WebKit*: No signal. (WebKit has not implemented Trusted Types.) >>>> >>>> *Web developers*: Positive ( >>>> https://github.com/w3c/trusted-types/issues/347) >>>> >>> Can you point out specific signals in that thread that should be counted >>> as web developer ones? >>> >> It's little hard to tell, but that issue was a feature request from a >> developer (i.e. me). >> At the time, I was working in Microsoft where I worked with Bing team to >> deploy Trusted Types in some of their products, and that was a request that >> I made. >> >> >> >>> >>> >>>> >>>> *Other signals*: >>>> >>>> WebView application risks >>>> >>>> Does this intent deprecate or change behavior of existing APIs, such >>>> that it has potentially high risk for Android WebView-based applications? >>>> No. >>>> >>>> >>>> >>>> Debuggability >>>> >>>> It's a new method. Its use can be readily debugged in DevTools. >>>> >>>> >>>> Will this feature be supported on all six Blink platforms (Windows, >>>> Mac, Linux, Chrome OS, Android, and Android WebView)?Yes >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>> ?Yes >>>> >>>> Flag nameTrustedTypesFromLiteral >>>> >>>> Requires code in //chrome?False >>>> >>>> Tracking bug >>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1271149 >>>> >>>> Estimated milestones >>>> >>>> 108 >>>> >>>> >>>> Anticipated spec changes >>>> >>>> Open questions about a feature may be a source of future web compat or >>>> interop issues. Please list open issues (e.g. links to known github issues >>>> in the project for the feature specification) whose resolution may >>>> introduce web compat/interop risk (e.g., changing to naming or structure of >>>> the API in a non-backward-compatible way). >>>> >>>> >>>> Link to entry on the Chrome Platform Status >>>> https://chromestatus.com/feature/6551852775112704 >>>> >>>> -- >>>> >>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> >>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+...@chromium.org. >>>> >>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMX%3Db4Lg1EPgumnpfpmrahvhjjWU35f8gKYBvgOzKrw5g%40mail.gmail.com.
