Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upstream changes from trusted types #461

Closed
lukewarlow opened this issue Apr 3, 2024 · 1 comment · Fixed by #460
Closed

Upstream changes from trusted types #461

lukewarlow opened this issue Apr 3, 2024 · 1 comment · Fixed by #460
Labels
execCommand

Comments

@lukewarlow
Copy link
Member

This issue is to ask if it would be okay to upstream a change from the trusted types spec. Trusted types are a security mechanism to reduce XSS vulenerabilties, this is achieved via a new API that can allows creation of trusted objects based on policies. Most of the XSS sinks are covered by changing their IDL type to one defined in TT spec which handles all the checks neccessary.

The editing specific section of the spec changes execCommand: https://w3c.github.io/trusted-types/dist/spec/#integration-with-exec-command
@lukewarlow lukewarlow mentioned this issue Apr 3, 2024
Merged
5 tasks
@lukewarlow lukewarlow added the Agenda+ Agenda item to be inserted in the Editing TF meeting queue label Apr 3, 2024
@zcorpan
Copy link
Member

zcorpan commented Apr 9, 2024

Yes, I think it's OK to upstream.

@lukewarlow lukewarlow removed the Agenda+ Agenda item to be inserted in the Editing TF meeting queue label Apr 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
execCommand
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upstream changes from Trusted Types lukewarlow/editing
2 participants
@zcorpan @lukewarlow