Adds use case to spec section 1.3. #158
Conversation
Addresses > Issue 3: Something about reducing the review surface Some more motivation might be timely since this is getting more eyes.
|
|
||
| The need to create trusted values to affect [=injection sinks=], | ||
| combined with additional scrutiny on changes that affect policy | ||
| code, incents developers to find novel ways to use safe |
There was a problem hiding this comment.
incents developers to use safe abstractions (consider removing "to find novel ways", that to me sounds like finding creative abuse methods, or bypasses).
|
|
||
| templating policy and enables enforcement for the DOM sinks. | ||
| * A large team maintains a complex client-side application. | ||
| They create a number of Trusted Types policies so that |
There was a problem hiding this comment.
I think you could remove the details of how the policies behave, and focus that there is a few of them and that they are reviewed. The current description might be too detailed for this section I feel.
There was a problem hiding this comment.
I thought I'd try to get cover tools integration use cases and application use cases in one place. Do you want the bullet points out altogether, separated into different use cases, or made shorter?
There was a problem hiding this comment.
Perhaps a second use case describing the actual policy shape? Such that it shows that useful restrictions can be defined via policies + types.
* Adds use case to 1.3. Addresses > Issue 3: Something about reducing the review surface Some more motivation might be timely since this is getting more eyes. * simplified the usecase. * Simplified the use case. Co-authored-by: Mike Samuel <mikesamuel@gmail.com>
|
Obsoleted by #335. |
Addresses
Some more motivation might be timely since this is getting more eyes.