On 02.10.2017 18:43, Anne van Kesteren wrote: > On Mon, Oct 2, 2017 at 6:09 PM, Boris Zbarsky <bzbar...@mit.edu> wrote: >> On 10/2/17 12:03 PM, Daniel Veditz wrote: >>> Fair enough. Could we propose improvements to the APIs that would make >>> them more usable? For example an object argument to createElement() that >>> contained attribute/value pairs? >> >> This has definitely been proposed before. Worth checking with Anne to see >> what the status is. Specifically, did it die, and if so why? Because I, >> too, think this would be an interesting avenue to explore... > > See https://github.com/whatwg/dom/issues/150. There's not really any > dominant pattern that's succeeded here in libraries that we could > adopt. You typically end up looking at templating and that has its own > host of issues. The other thing that would solve some of this is > browser-backed sanitization, but that's also a hard problem to solve > nobody has been willing to tackle and get standardized. > >
Some folks are Google are working on a solution based on Types: <https://github.com/mikewest/trusted-types/> I've tried providing feedback here and there, but they are moving fast and I'm not included in all of their conversations, since they are not public (despite their good history of working with W3C WebAppSec). :( _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
