LGTM3 On Wed, Oct 26, 2022 at 8:35 AM Daniel Bratell <bratel...@gmail.com> wrote:
> LGTM2 > > /Daniel > On 2022-10-26 17:34, Yoav Weiss wrote: > > LGTM1 > > Thanks for explainer and extra explanations!! > > > On Tuesday, October 25, 2022 at 3:03:07 PM UTC+2 Daniel Vogelheim wrote: > >> Update: I pushed the release target out to 109, so we'll have more time >> to sort this out. >> >> On Tue, Oct 25, 2022 at 1:38 PM Daniel Vogelheim <vogelh...@google.com> >> wrote: >> >>> On Tue, Oct 25, 2022 at 11:03 AM Yoav Weiss <yoavwe...@chromium.org> >>> wrote: >>> >>>> Thanks!! >>>> >>>> On Friday, October 21, 2022 at 11:30:22 AM UTC+2 Daniel Vogelheim wrote: >>>> >>>>> Apologies this took a while, but the explainer bit has now landed >>>>> here: >>>>> https://github.com/w3c/trusted-types/blob/main/explainer.md#source-literals >>>>> >>>>> >>>> >>>> I'm guessing that "const value = TrustedHTML.fromLiteral`<b>Hello there >>>> ${user_provided_name}</b>`;" will throw as well, right? >>>> >>> >>> Yes. (spec, ยง3.3 #2 >>> <https://w3c.github.io/trusted-types/dist/spec/#create-a-trusted-type-from-literal-algorithm> >>> ) >>> >>> I proposed improved wording >>> <https://github.com/w3c/trusted-types/pull/377> for the explainer, but >>> kept it very brief to keep it within the spirit of an explainer. >>> >>> On Wed, Oct 19, 2022 at 5:34 PM Yoav Weiss <yoavwe...@chromium.org> >>>>> wrote: >>>>> >>>>>> Friendly ping on an explainer update :) >>>>>> >>>>>> On Thursday, October 6, 2022 at 7:19:20 PM UTC+2 Jun Kokatsu wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 >>>>>>> yoav...@chromium.org wrote: >>>>>>> >>>>>>>> On Thu, Sep 29, 2022 at 4:34 PM 'Daniel Vogelheim' via blink-dev < >>>>>>>> blin...@chromium.org> wrote: >>>>>>>> >>>>>>>>> Contact emails voge...@chromium.org >>>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> Specification >>>>>>>>> https://w3c.github.io/trusted-types/dist/spec/#trusted-html >>>>>>>>> >>>>>>>>> Summary >>>>>>>>> >>>>>>>>> Add a function to each "Trusted Type" to create an instance from a >>>>>>>>> JavaScript template literal (but not from a dynamically computed >>>>>>>>> string). >>>>>>>>> This makes it easy to mark literals in the JavaScript source text as >>>>>>>>> "trusted". Example: >>>>>>>>> >>>>>>>>> const html = TrustedHTML.fromLiteral`<p>Literal Text</p>`; >>>>>>>>> >>>>>>>>> Blink component Blink>SecurityFeature>TrustedTypes >>>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ETrustedTypes> >>>>>>>>> >>>>>>>>> TAG review n/a >>>>>>>>> >>>>>>>>> TAG review status Not applicable >>>>>>>>> >>>>>>>>> Risks >>>>>>>>> >>>>>>>>> Interoperability and Compatibility >>>>>>>>> *Gecko*: No signal. (Gecko has not implemented Trusted Types.) >>>>>>>>> >>>>>>>>> *WebKit*: No signal. (WebKit has not implemented Trusted Types.) >>>>>>>>> >>>>>>>>> *Web developers*: Positive ( >>>>>>>>> https://github.com/w3c/trusted-types/issues/347) >>>>>>>>> >>>>>>>> Can you point out specific signals in that thread that should be >>>>>>>> counted as web developer ones? >>>>>>>> >>>>>>> It's little hard to tell, but that issue was a feature request from >>>>>>> a developer (i.e. me). >>>>>>> At the time, I was working in Microsoft where I worked with Bing >>>>>>> team to deploy Trusted Types in some of their products, and that was a >>>>>>> request that I made. >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> *Other signals*: >>>>>>>>> >>>>>>>>> WebView application risks >>>>>>>>> >>>>>>>>> Does this intent deprecate or change behavior of existing APIs, >>>>>>>>> such that it has potentially high risk for Android WebView-based >>>>>>>>> applications? No. >>>>>>>>> >>>>>>>>> >>>>>>>>> Debuggability >>>>>>>>> >>>>>>>>> It's a new method. Its use can be readily debugged in DevTools. >>>>>>>>> >>>>>>>>> >>>>>>>>> Will this feature be supported on all six Blink platforms >>>>>>>>> (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>>>>> Yes >>>>>>>>> >>>>>>>>> Is this feature fully tested by web-platform-tests >>>>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>>>> ? Yes >>>>>>>>> >>>>>>>>> Flag name TrustedTypesFromLiteral >>>>>>>>> >>>>>>>>> Requires code in //chrome? False >>>>>>>>> >>>>>>>>> Tracking bug >>>>>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1271149 >>>>>>>>> >>>>>>>>> Estimated milestones >>>>>>>>> >>>>>>>>> 108 >>>>>>>>> >>>>>>>>> >>>>>>>>> Anticipated spec changes >>>>>>>>> >>>>>>>>> Open questions about a feature may be a source of future web >>>>>>>>> compat or interop issues. Please list open issues (e.g. links to known >>>>>>>>> github issues in the project for the feature specification) whose >>>>>>>>> resolution may introduce web compat/interop risk (e.g., changing to >>>>>>>>> naming >>>>>>>>> or structure of the API in a non-backward-compatible way). >>>>>>>>> >>>>>>>>> >>>>>>>>> Link to entry on the Chrome Platform Status >>>>>>>>> https://chromestatus.com/feature/6551852775112704 >>>>>>>>> >>>>>>>> -- >>>>>>>>> >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "blink-dev" group. >>>>>>>>> >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>>>> >>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com >>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMW%2BtvbM8eAxv5HJC0JW192EWSX_VmE7Yugta5Z5G-nXg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bdeba401-3282-4ae6-a85f-689653eb4490n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bdeba401-3282-4ae6-a85f-689653eb4490n%40chromium.org?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9607f879-a78b-0d94-5ef2-81c0cf4ffc43%40gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9607f879-a78b-0d94-5ef2-81c0cf4ffc43%40gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw_VpstUr5r1-%3Dd39cP%3DyfLqup_cixWXk01S70m33%2BXayA%40mail.gmail.com.
