Summary: The Sanitizer API provides new methods for HTML manipulation. As an example, element.setHTML() allows developers to insert HTML like element.innerHTML but without the security risks (like XSS). We have a pretty much finished implementation that we want to enable in Nightly soon. Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1650370 Specification: https://github.com/WICG/sanitizer-api Standards Body: WhatWG/HTML stage 2 ( https://github.com/whatwg/html/issues/7197) Platform coverage: all Preference: dom.security.sanitizer.enabled DevTools bug: n/a Link to standards-positions discussion: https://github.com/mozilla/standards-positions/issues/106 Other browsers:
- Blink: Previously shipped (and unshipped) an older version. Ongoing work on an updated version. - WebKit: positive (https://github.com/WebKit/standards-positions/issues/86 ) web-platform-tests: https://wpt.fyi/results/sanitizer-api -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CA%2BCWiYiR8WbJD6iyFvdZx5pXS9EfsTv6WNaLqbKZWrqS5yFORg%40mail.gmail.com.
