Contact emails [email protected]
Specification https://html.spec.whatwg.org/#:~:text=Trusted%20Types Summary Trusted Types (https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API) was originally implemented and launched in Chromium in 2019, and has since found use in numerous websites. It has recently gained interest from other browser vendors. The Trusted Type spec was co-written as a "monkey patch" spec along with our original implementation. It now receives fresh attention as others are trying to implement the same spec. It has now been "upstreamed" into HTML + DOM (plus a bit of CSP). As part of that process, various inconsistencies are being identified and fixed. Some of these fixes may be developer observable. This intent is to update our implementation to match the spec, as it's upstreamed into HTML. Meanwhile, WebKit has launched their implementation of the updated Trusted Types spec, which gives us high confidence that this update is highly web compatible. Blink component Blink>SecurityFeature>TrustedTypes Web Feature ID trusted-types Motivation The Trusted Types spec has been upstreamed into HTML, with some minor cleanups and changes. Our implementation should follow the updated spec to ensure cross-browser compatibility. Spec: https://w3c.github.io/trusted-types/dist/spec/ + https://html.spec.whatwg.org/ Initial public proposal No information provided TAG review No information provided TAG review status Not applicable Risks Interoperability and Compatibility The goal is to achieve full cross-browser interoperability. Meanwhile, both WebKit and Firefox have enabled their version -- at least in testing builds -- without any major incompatibility reports. This makes us rather confident that the compability risk is low. Gecko: Positive (https://github.com/mozilla/standards-positions/issues/20) Firefox has enabled their version in Nightly: https://www.firefox.com/en-US/firefox/145.0a1/releasenotes/ WebKit: Support (https://github.com/WebKit/standards-positions/issues/186) WebKit has launched their version: https://developer.apple.com/documentation/safari-release-notes/safari-26-release-notes#New-Features Web developers: Positive Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? No information provided Debuggability No information provided Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? Yes Is this feature fully tested by web-platform-tests? Yes https://wpt.fyi/results/trusted-types/ Flag name on about://flags No information provided Finch feature name TrustedTypesHTML Rollout plan Will ship enabled for all users Requires code in //chrome? False Tracking bug https://issues.chromium.org/u/1/issues/330516530 Estimated milestones Shipping on desktop 145 Shipping on desktop 145 Shipping on Android 145 Shipping on Android 145 Shipping on WebView 145 Shipping on WebView 145 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (eg links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (eg, changing to naming or structure of the API in a non-backward-compatible way). All anticipated spec changes have landed in HTML, DOM, and CSP specs. Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5163792014245888?gate=5109165432504320 Links to previous Intent discussions Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMLJR2%3DBqAugsavCtqSR0Z_CQOgWHjeiyzpU0crTphANQ%40mail.gmail.com This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/69319f7c.050a0220.107b62.1926.GAE%40google.com.
