Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Figure out what to do with script.setAttribute('src') #402

Closed
lukewarlow opened this issue Jan 15, 2024 · 3 comments · Fixed by #430
Closed

Figure out what to do with script.setAttribute('src') #402

lukewarlow opened this issue Jan 15, 2024 · 3 comments · Fixed by #430
Milestone
v1

Comments

@lukewarlow
Copy link
Member

https://w3c.github.io/trusted-types/dist/spec/#setting-slot-values says

Figure out what to do with script.setAttribute('src'). See DOM#789.

We should try to progress that DOM PR as we have renewed implementor interest.
@mbrodesser-Igalia mbrodesser-Igalia added this to the v1 milestone Jan 23, 2024
@mbrodesser-Igalia
Copy link
Collaborator

Setting milestone to v1 since this is required to avoid XSS.

@mbrodesser-Igalia mbrodesser-Igalia mentioned this issue Jan 24, 2024
Closed
@lukewarlow
Copy link
Member Author

@koto does your DOM update address this or should it stay open?

@koto
Copy link
Member

koto commented Feb 1, 2024
edited

Yes, it covers that, you can remove the inline issue too.

@lukewarlow lukewarlow mentioned this issue Feb 6, 2024
Merged
@koto koto closed this as completed in #430 Feb 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1
Development

Successfully merging a pull request may close this issue.

Remove outdated inline issue lukewarlow/trusted-types
3 participants
@koto @lukewarlow @mbrodesser-Igalia