Skip to content

Fix minor inconsistencies #361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 1, 2022
Merged

Fix minor inconsistencies #361

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions spec/index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -629,7 +629,7 @@ initially empty.

<div class="example" id="get-attribute-type-example">
<xmp highlight="js">
trustedTypes.getAttributeType('script', 'SRC'); // "TrustedScriptURL"
trustedTypes.getAttributeType('script', 'src'); // "TrustedScriptURL"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The spec says it should be lowercased.

trustedTypes.getAttributeType('foo', 'bar'); // null
</xmp>
</div>
Expand Down Expand Up @@ -773,8 +773,8 @@ callback CreateScriptURLCallback = USVString (DOMString input, any... arguments)
One of the policies, the policy with a [=TrustedTypePolicy/name=] `"default"`, is special;
When an [=injection sink=] is passed a string (instead of a
Trusted Type object), this policy will be implicitly called by
the user agent with the string value as the first argument, and the sink name
as a second argument.
the user agent with the non trusted string value, Trusted Type of the sink and
the sink type, respectively.

This allows the application to define a fallback behavior to use instead of
causing a violation. The intention is to allow the applications to recover from
Expand Down Expand Up @@ -807,9 +807,9 @@ the default policy is applied.
// Content-Security-Policy: trusted-types default; require-trusted-types-for 'script'

trustedTypes.createPolicy('default', {
createScriptURL: (s, type, sink) => {
createScriptURL: (value, type, sink) => {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've renamed this to value based on the edits of the text above.

console.log("Please refactor.");
return s + '?default-policy-used&type=' + encodeURIComponent(type) +
return value + '?default-policy-used&type=' + encodeURIComponent(type) +
'&sink=' + encodeURIComponent(sink);
}
});
Expand Down