Is there a diff-document or changelog or something else that can
document what the actual change is? You say that "some [...] may be
developer observable", and I guess it is those changes that matter here,
but what are they?
/Daniel
On 2025-12-04 15:49, Chromestatus wrote:
*Contact emails*
[email protected]
*Specification*
https://html.spec.whatwg.org/#:~:text=Trusted%20Types
*Summary*
Trusted Types
(https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API)
was originally implemented and launched in Chromium in 2019, and has
since found use in numerous websites. It has recently gained interest
from other browser vendors. The Trusted Type spec was co-written as a
"monkey patch" spec along with our original implementation. It now
receives fresh attention as others are trying to implement the same
spec. It has now been "upstreamed" into HTML + DOM (plus a bit of
CSP). As part of that process, various inconsistencies are being
identified and fixed. Some of these fixes may be developer observable.
This intent is to update our implementation to match the spec, as it's
upstreamed into HTML. Meanwhile, WebKit has launched their
implementation of the updated Trusted Types spec, which gives us high
confidence that this update is highly web compatible.
*Blink component*
Blink>SecurityFeature>TrustedTypes
<https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3ESecurityFeature%3ETrustedTypes%22>
*Web Feature ID*
trusted-types <https://webstatus.dev/features/trusted-types>
*Motivation*
The Trusted Types spec has been upstreamed into HTML, with some minor
cleanups and changes. Our implementation should follow the updated
spec to ensure cross-browser compatibility. Spec:
https://w3c.github.io/trusted-types/dist/spec/ +
https://html.spec.whatwg.org/
*Initial public proposal*
/No information provided/
*TAG review*
/No information provided/
*TAG review status*
Not applicable
*Risks*
*Interoperability and Compatibility*
The goal is to achieve full cross-browser interoperability. Meanwhile,
both WebKit and Firefox have enabled their version -- at least in
testing builds -- without any major incompatibility reports. This
makes us rather confident that the compability risk is low.
/Gecko/:
Positive (https://github.com/mozilla/standards-positions/issues/20) Firefox
has enabled their version in Nightly:
https://www.firefox.com/en-US/firefox/145.0a1/releasenotes/
/WebKit/:
Support (https://github.com/WebKit/standards-positions/issues/186) WebKit
has launched their version:
https://developer.apple.com/documentation/safari-release-notes/safari-26-release-notes#New-Features
/Web developers/: Positive
/Other signals/:
*WebView application risks*
Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based applications?
/No information provided/
*Debuggability*
/No information provided/
*Will this feature be supported on all six Blink platforms (Windows,
Mac, Linux, ChromeOS, Android, and Android WebView)?*
Yes
*Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?*
Yes
https://wpt.fyi/results/trusted-types/
*Flag name on about://flags*
/No information provided/
*Finch feature name*
TrustedTypesHTML
*Rollout plan*
Will ship enabled for all users
*Requires code in //chrome?*
False
*Tracking bug*
https://issues.chromium.org/u/1/issues/330516530
*Estimated milestones*
Shipping on desktop 145
Shipping on desktop 145
Shipping on Android 145
Shipping on Android 145
Shipping on WebView 145
Shipping on WebView 145
*Anticipated spec changes*
Open questions about a feature may be a source of future web compat or
interop issues. Please list open issues (e.g. links to known github
issues in the project for the feature specification) whose resolution
may introduce web compat/interop risk (e.g., changing to naming or
structure of the API in a non-backward-compatible way).
All anticipated spec changes have landed in HTML, DOM, and CSP specs.
*Link to entry on the Chrome Platform Status*
https://chromestatus.com/feature/5163792014245888?gate=5109165432504320
*Links to previous Intent discussions*
Intent to Prototype:
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPMLJR2%3DBqAugsavCtqSR0Z_CQOgWHjeiyzpU0crTphANQ%40mail.gmail.com
This intent message was generated by Chrome Platform Status
<https://chromestatus.com>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/69319f7c.050a0220.107b62.1926.GAE%40google.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/69319f7c.050a0220.107b62.1926.GAE%40google.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9a49b0a7-e2c5-4833-8f11-2fa329804f1f%40gmail.com.
