LGTM1 Thanks for explainer and extra explanations!!
On Tuesday, October 25, 2022 at 3:03:07 PM UTC+2 Daniel Vogelheim wrote: > Update: I pushed the release target out to 109, so we'll have more time to > sort this out. > > On Tue, Oct 25, 2022 at 1:38 PM Daniel Vogelheim <vogelh...@google.com> > wrote: > >> On Tue, Oct 25, 2022 at 11:03 AM Yoav Weiss <yoavwe...@chromium.org> >> wrote: >> >>> Thanks!! >>> >>> On Friday, October 21, 2022 at 11:30:22 AM UTC+2 Daniel Vogelheim wrote: >>> >>>> Apologies this took a while, but the explainer bit has now landed here: >>>> https://github.com/w3c/trusted-types/blob/main/explainer.md#source-literals >>>> >>>> >>> >>> I'm guessing that "const value = TrustedHTML.fromLiteral`<b>Hello there >>> ${user_provided_name}</b>`;" will throw as well, right? >>> >> >> Yes. (spec, ยง3.3 #2 >> <https://w3c.github.io/trusted-types/dist/spec/#create-a-trusted-type-from-literal-algorithm> >> ) >> >> I proposed improved wording >> <https://github.com/w3c/trusted-types/pull/377> for the explainer, but >> kept it very brief to keep it within the spirit of an explainer. >> >> On Wed, Oct 19, 2022 at 5:34 PM Yoav Weiss <yoavwe...@chromium.org> >>>> wrote: >>>> >>>>> Friendly ping on an explainer update :) >>>>> >>>>> On Thursday, October 6, 2022 at 7:19:20 PM UTC+2 Jun Kokatsu wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 >>>>>> yoav...@chromium.org wrote: >>>>>> >>>>>>> On Thu, Sep 29, 2022 at 4:34 PM 'Daniel Vogelheim' via blink-dev < >>>>>>> blin...@chromium.org> wrote: >>>>>>> >>>>>>>> Contact emailsvoge...@chromium.org >>>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Specification >>>>>>>> https://w3c.github.io/trusted-types/dist/spec/#trusted-html >>>>>>>> >>>>>>>> Summary >>>>>>>> >>>>>>>> Add a function to each "Trusted Type" to create an instance from a >>>>>>>> JavaScript template literal (but not from a dynamically computed >>>>>>>> string). >>>>>>>> This makes it easy to mark literals in the JavaScript source text as >>>>>>>> "trusted". Example: >>>>>>>> >>>>>>>> const html = TrustedHTML.fromLiteral`<p>Literal Text</p>`; >>>>>>>> >>>>>>>> Blink componentBlink>SecurityFeature>TrustedTypes >>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ETrustedTypes> >>>>>>>> >>>>>>>> TAG reviewn/a >>>>>>>> >>>>>>>> TAG review statusNot applicable >>>>>>>> >>>>>>>> Risks >>>>>>>> >>>>>>>> Interoperability and Compatibility >>>>>>>> >>>>>>>> >>>>>>>> *Gecko*: No signal. (Gecko has not implemented Trusted Types.) >>>>>>>> >>>>>>>> *WebKit*: No signal. (WebKit has not implemented Trusted Types.) >>>>>>>> >>>>>>>> *Web developers*: Positive ( >>>>>>>> https://github.com/w3c/trusted-types/issues/347) >>>>>>>> >>>>>>> Can you point out specific signals in that thread that should be >>>>>>> counted as web developer ones? >>>>>>> >>>>>> It's little hard to tell, but that issue was a feature request from a >>>>>> developer (i.e. me). >>>>>> At the time, I was working in Microsoft where I worked with Bing team >>>>>> to deploy Trusted Types in some of their products, and that was a >>>>>> request >>>>>> that I made. >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> *Other signals*: >>>>>>>> >>>>>>>> WebView application risks >>>>>>>> >>>>>>>> Does this intent deprecate or change behavior of existing APIs, >>>>>>>> such that it has potentially high risk for Android WebView-based >>>>>>>> applications? No. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Debuggability >>>>>>>> >>>>>>>> It's a new method. Its use can be readily debugged in DevTools. >>>>>>>> >>>>>>>> >>>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)?Yes >>>>>>>> >>>>>>>> Is this feature fully tested by web-platform-tests >>>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>>> ?Yes >>>>>>>> >>>>>>>> Flag nameTrustedTypesFromLiteral >>>>>>>> >>>>>>>> Requires code in //chrome?False >>>>>>>> >>>>>>>> Tracking bug >>>>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1271149 >>>>>>>> >>>>>>>> Estimated milestones >>>>>>>> >>>>>>>> 108 >>>>>>>> >>>>>>>> >>>>>>>> Anticipated spec changes >>>>>>>> >>>>>>>> Open questions about a feature may be a source of future web compat >>>>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>>>> issues in the project for the feature specification) whose resolution >>>>>>>> may >>>>>>>> introduce web compat/interop risk (e.g., changing to naming or >>>>>>>> structure of >>>>>>>> the API in a non-backward-compatible way). >>>>>>>> >>>>>>>> >>>>>>>> Link to entry on the Chrome Platform Status >>>>>>>> https://chromestatus.com/feature/6551852775112704 >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "blink-dev" group. >>>>>>>> >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>>> >>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com >>>>>>>> >>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bdeba401-3282-4ae6-a85f-689653eb4490n%40chromium.org.
