You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Igalia has been working on Trusted Types. We'll present the state of things for v1, as well as introduce some related topics for v2 discussions:
unsafe-hashes
Sanitizer API: current status of discussions and plans around it/imagining ways forward to disable the legacy types that are so problematic.
new keyword (name TBD) for handling eval() better See 473. It would cause eval() to throw in browsers that support CSP but don't support the new keyword. Its main benefit then is that it blocks random uses of eval() which are not TrustedScript and allows authors to control handles to policies which are more easily reviewed.
Type
Onsite
Other comments
No response
The text was updated successfully, but these errors were encountered:
Logistics
Facilitator(s)
@bkardell @lukewarlow
Summary
Igalia has been working on Trusted Types. We'll present the state of things for v1, as well as introduce some related topics for v2 discussions:
eval()
better See 473. It would causeeval()
to throw in browsers that support CSP but don't support the new keyword. Its main benefit then is that it blocks random uses ofeval()
which are notTrustedScript
and allows authors to control handles to policies which are more easily reviewed.Type
Onsite
Other comments
No response
The text was updated successfully, but these errors were encountered: