Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trusted Types and The Sanitizer API #32

Closed
bkardell opened this issue May 8, 2024 · 1 comment
Closed

Trusted Types and The Sanitizer API #32

bkardell opened this issue May 8, 2024 · 1 comment

Comments

@bkardell
Copy link
Member

bkardell commented May 8, 2024

Logistics

Facilitator(s)

@bkardell @lukewarlow

Summary

Igalia has been working on Trusted Types. We'll present the state of things for v1, as well as introduce some related topics for v2 discussions:

  • unsafe-hashes
  • Sanitizer API: current status of discussions and plans around it/imagining ways forward to disable the legacy types that are so problematic.
  • new keyword (name TBD) for handling eval() better See 473. It would cause eval() to throw in browsers that support CSP but don't support the new keyword. Its main benefit then is that it blocks random uses of eval() which are not TrustedScript and allows authors to control handles to policies which are more easily reviewed.

Type

Onsite

Other comments

No response

@mrego
Copy link
Member

mrego commented Jun 11, 2024

@mrego mrego closed this as completed Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants