Thanks!! On Friday, October 21, 2022 at 11:30:22 AM UTC+2 Daniel Vogelheim wrote:
> Apologies this took a while, but the explainer bit has now landed here: > https://github.com/w3c/trusted-types/blob/main/explainer.md#source-literals > > I'm guessing that "const value = TrustedHTML.fromLiteral`<b>Hello there ${user_provided_name}</b>`;" will throw as well, right? > On Wed, Oct 19, 2022 at 5:34 PM Yoav Weiss <yoavwe...@chromium.org> wrote: > >> Friendly ping on an explainer update :) >> >> On Thursday, October 6, 2022 at 7:19:20 PM UTC+2 Jun Kokatsu wrote: >> >>> >>> >>> On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 yoav...@chromium.org >>> wrote: >>> >>>> On Thu, Sep 29, 2022 at 4:34 PM 'Daniel Vogelheim' via blink-dev < >>>> blin...@chromium.org> wrote: >>>> >>>>> Contact emailsvoge...@chromium.org >>>>> >>>> >>>>> >>>>> Specification >>>>> https://w3c.github.io/trusted-types/dist/spec/#trusted-html >>>>> >>>>> Summary >>>>> >>>>> Add a function to each "Trusted Type" to create an instance from a >>>>> JavaScript template literal (but not from a dynamically computed string). >>>>> This makes it easy to mark literals in the JavaScript source text as >>>>> "trusted". Example: >>>>> >>>>> const html = TrustedHTML.fromLiteral`<p>Literal Text</p>`; >>>>> >>>>> Blink componentBlink>SecurityFeature>TrustedTypes >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ETrustedTypes> >>>>> >>>>> TAG reviewn/a >>>>> >>>>> TAG review statusNot applicable >>>>> >>>>> Risks >>>>> >>>>> Interoperability and Compatibility >>>>> >>>>> >>>>> *Gecko*: No signal. (Gecko has not implemented Trusted Types.) >>>>> >>>>> *WebKit*: No signal. (WebKit has not implemented Trusted Types.) >>>>> >>>>> *Web developers*: Positive ( >>>>> https://github.com/w3c/trusted-types/issues/347) >>>>> >>>> Can you point out specific signals in that thread that should be >>>> counted as web developer ones? >>>> >>> It's little hard to tell, but that issue was a feature request from a >>> developer (i.e. me). >>> At the time, I was working in Microsoft where I worked with Bing team to >>> deploy Trusted Types in some of their products, and that was a request that >>> I made. >>> >>> >>> >>>> >>>> >>>>> >>>>> *Other signals*: >>>>> >>>>> WebView application risks >>>>> >>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>> that it has potentially high risk for Android WebView-based applications? >>>>> No. >>>>> >>>>> >>>>> >>>>> Debuggability >>>>> >>>>> It's a new method. Its use can be readily debugged in DevTools. >>>>> >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, Chrome OS, Android, and Android WebView)?Yes >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ?Yes >>>>> >>>>> Flag nameTrustedTypesFromLiteral >>>>> >>>>> Requires code in //chrome?False >>>>> >>>>> Tracking bug >>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1271149 >>>>> >>>>> Estimated milestones >>>>> >>>>> 108 >>>>> >>>>> >>>>> Anticipated spec changes >>>>> >>>>> Open questions about a feature may be a source of future web compat or >>>>> interop issues. Please list open issues (e.g. links to known github >>>>> issues >>>>> in the project for the feature specification) whose resolution may >>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>> of >>>>> the API in a non-backward-compatible way). >>>>> >>>>> >>>>> Link to entry on the Chrome Platform Status >>>>> https://chromestatus.com/feature/6551852775112704 >>>>> >>>>> -- >>>>> >>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> >>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+...@chromium.org. >>>>> >>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com >>>>> >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5840a057-11d5-4c79-acec-8f78d7286ecfn%40chromium.org.
