You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice if Trusted Types could recognize that
the "module-reference" in asset Name from "module-reference" is in the same protection domain as import * from "module-reference" when guarding dynamic import.
provide a policy function to bless at least one of
a dynamic asset reference
its underlying module specifier (perhaps before being passed to import.resolve.
import.resolve does not AFAICT, do any security work. No fetching happens. So it seems that import.resolve is not a sink.
The text was updated successfully, but these errors were encountered:
The TC39 asset reference +(@bmeck @sebmarkbage) separates information about modules from loading of modules.
Ir provides new syntax for [static asset references]:
and API for dynamic asset references:
It would be nice if Trusted Types could recognize that
"module-reference"
inasset Name from "module-reference"
is in the same protection domain asimport * from "module-reference"
when guarding dynamic import.import.resolve
.import.resolve
does not AFAICT, do any security work. No fetching happens. So it seems thatimport.resolve
is not a sink.The text was updated successfully, but these errors were encountered: