Update: I pushed the release target out to 109, so we'll have more time to sort this out.
On Tue, Oct 25, 2022 at 1:38 PM Daniel Vogelheim <vogelh...@google.com> wrote: > On Tue, Oct 25, 2022 at 11:03 AM Yoav Weiss <yoavwe...@chromium.org> > wrote: > >> Thanks!! >> >> On Friday, October 21, 2022 at 11:30:22 AM UTC+2 Daniel Vogelheim wrote: >> >>> Apologies this took a while, but the explainer bit has now landed here: >>> https://github.com/w3c/trusted-types/blob/main/explainer.md#source-literals >>> >>> >> >> I'm guessing that "const value = TrustedHTML.fromLiteral`<b>Hello there >> ${user_provided_name}</b>`;" will throw as well, right? >> > > Yes. (spec, ยง3.3 #2 > <https://w3c.github.io/trusted-types/dist/spec/#create-a-trusted-type-from-literal-algorithm> > ) > > I proposed improved wording > <https://github.com/w3c/trusted-types/pull/377> for the explainer, but > kept it very brief to keep it within the spirit of an explainer. > > On Wed, Oct 19, 2022 at 5:34 PM Yoav Weiss <yoavwe...@chromium.org> wrote: >>> >>>> Friendly ping on an explainer update :) >>>> >>>> On Thursday, October 6, 2022 at 7:19:20 PM UTC+2 Jun Kokatsu wrote: >>>> >>>>> >>>>> >>>>> On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 yoav...@chromium.org >>>>> wrote: >>>>> >>>>>> On Thu, Sep 29, 2022 at 4:34 PM 'Daniel Vogelheim' via blink-dev < >>>>>> blin...@chromium.org> wrote: >>>>>> >>>>>>> Contact emailsvoge...@chromium.org >>>>>>> >>>>>> >>>>>>> >>>>>>> Specification >>>>>>> https://w3c.github.io/trusted-types/dist/spec/#trusted-html >>>>>>> >>>>>>> Summary >>>>>>> >>>>>>> Add a function to each "Trusted Type" to create an instance from a >>>>>>> JavaScript template literal (but not from a dynamically computed >>>>>>> string). >>>>>>> This makes it easy to mark literals in the JavaScript source text as >>>>>>> "trusted". Example: >>>>>>> >>>>>>> const html = TrustedHTML.fromLiteral`<p>Literal Text</p>`; >>>>>>> >>>>>>> Blink componentBlink>SecurityFeature>TrustedTypes >>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ETrustedTypes> >>>>>>> >>>>>>> TAG reviewn/a >>>>>>> >>>>>>> TAG review statusNot applicable >>>>>>> >>>>>>> Risks >>>>>>> >>>>>>> Interoperability and Compatibility >>>>>>> >>>>>>> >>>>>>> *Gecko*: No signal. (Gecko has not implemented Trusted Types.) >>>>>>> >>>>>>> *WebKit*: No signal. (WebKit has not implemented Trusted Types.) >>>>>>> >>>>>>> *Web developers*: Positive ( >>>>>>> https://github.com/w3c/trusted-types/issues/347) >>>>>>> >>>>>> Can you point out specific signals in that thread that should be >>>>>> counted as web developer ones? >>>>>> >>>>> It's little hard to tell, but that issue was a feature request from a >>>>> developer (i.e. me). >>>>> At the time, I was working in Microsoft where I worked with Bing team >>>>> to deploy Trusted Types in some of their products, and that was a request >>>>> that I made. >>>>> >>>>> >>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> *Other signals*: >>>>>>> >>>>>>> WebView application risks >>>>>>> >>>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>>> that it has potentially high risk for Android WebView-based >>>>>>> applications? >>>>>>> No. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Debuggability >>>>>>> >>>>>>> It's a new method. Its use can be readily debugged in DevTools. >>>>>>> >>>>>>> >>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)?Yes >>>>>>> >>>>>>> Is this feature fully tested by web-platform-tests >>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>> ?Yes >>>>>>> >>>>>>> Flag nameTrustedTypesFromLiteral >>>>>>> >>>>>>> Requires code in //chrome?False >>>>>>> >>>>>>> Tracking bug >>>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1271149 >>>>>>> >>>>>>> Estimated milestones >>>>>>> >>>>>>> 108 >>>>>>> >>>>>>> >>>>>>> Anticipated spec changes >>>>>>> >>>>>>> Open questions about a feature may be a source of future web compat >>>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>>> issues in the project for the feature specification) whose resolution >>>>>>> may >>>>>>> introduce web compat/interop risk (e.g., changing to naming or >>>>>>> structure of >>>>>>> the API in a non-backward-compatible way). >>>>>>> >>>>>>> >>>>>>> Link to entry on the Chrome Platform Status >>>>>>> https://chromestatus.com/feature/6551852775112704 >>>>>>> >>>>>>> -- >>>>>>> >>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>> >>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMEi667m-bH50DJRJyKd4hKwhSGGp9noHHpGoAxHwQ2uQ%40mail.gmail.com.