Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for Trusted Types. #310

Merged
merged 4 commits into from
Oct 31, 2018
Merged

Added support for Trusted Types. #310

merged 4 commits into from
Oct 31, 2018

Conversation

koto
Copy link
Contributor

@koto koto commented Oct 31, 2018

DOMPurify detects if TrustedTypes are available. If so, will create an inner no-op policy, with a name 'dompurify', optionally suffixed with a value specified in a data-tt-policy-suffix attribute of the script using DOMPurify. It will use that policy when interacting with the (dirty) DOM, and will return a TrustedHTML object instead of a string.

See https://github.com/WICG/trusted-types.

This enables DOMPurify to be used on documents that have enforced Trusted Types API (see e.g. http://tinyurl.com/tttpac), and in general helps migrating web applications using DOMPurify to Trusted Types.

koto and others added 4 commits October 31, 2018 17:35
DOMPurify detects if TrustedTypes are available. If so, will create an inner no-op policy, with a name 'dompurify', optionally suffixed with a value specified in a data-tt-policy-suffix attribute of the script using DOMPurify. It will use that policy when interacting with the (dirty) DOM, and will return a TrustedHTML object instead of a string.

See https://github.com/WICG/trusted-types.
@cure53
Copy link
Owner

cure53 commented Oct 31, 2018

Wow, this looks amazing, thank you! I cannot spot any problems for now, going for a merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants