Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect assertion within Example 18 #393

Closed
lukewarlow opened this issue Jan 11, 2024 · 2 comments · Fixed by #409
Closed

Incorrect assertion within Example 18 #393

lukewarlow opened this issue Jan 11, 2024 · 2 comments · Fixed by #409

Comments

@lukewarlow
Copy link
Member

Example 18 states:

An empty directive value indicates policies may not be created, and sinks expect Trusted Type values, i.e. no DOM XSS injection sinks can be used at all.
Content-Security-Policy: trusted-types; require-trusted-types-for 'script'

However, the fromLiteral tagged template function allows you to create a trusted type without any allowed policies afaict. This example should be updated to clarify this.
@lukewarlow
Copy link
Member Author

THis might be irellevant depending on #398

koto added a commit to koto/trusted-types that referenced this issue Jan 19, 2024
@koto
Added a comment about fromLiteral.
502551c 
Closes w3c#393.
@koto koto mentioned this issue Jan 19, 2024
Merged
@koto koto closed this as completed in #409 Jan 19, 2024
koto added a commit that referenced this issue Jan 19, 2024
@koto
Added a comment about fromLiteral. (#409)
4ae7917 
Closes #393.
@koto
Copy link
Member

koto commented Jan 19, 2024

Added a comment to the example. Will remove together with other fromLiteral references, depending on #398.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added a comment about fromLiteral. koto/trusted-types
2 participants
@koto @lukewarlow