Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove TrustedURL requirement for non-navigational sinks. #192

Closed
koto opened this issue Jul 17, 2019 · 0 comments · Fixed by #198
Closed

Remove TrustedURL requirement for non-navigational sinks. #192

koto opened this issue Jul 17, 2019 · 0 comments · Fixed by #198
Labels
polyfill spec
Milestone
v1

Comments

@koto
Copy link
Member

koto commented Jul 17, 2019

Specifically, only leave the sinks that would execute a javascript: URL. This is to avoid giving the impression that TT aims to be the solution for containment or preventing resource fetching. We focus solely on DOM XSS-relevant sink protection.
@koto koto added this to the v1 milestone Jul 17, 2019
This was referenced Jul 17, 2019
Closed
Merged
@koto koto closed this as completed in #198 Jul 23, 2019
koto added a commit to koto/trusted-types that referenced this issue Mar 11, 2020
@koto
Deprecated TrustedURLs in the polyfill.
5437094 
See w3c#192.
@koto koto mentioned this issue Mar 11, 2020
Merged
koto added a commit that referenced this issue Mar 11, 2020
@koto
Deprecated TrustedURLs in the polyfill. (#269)
5d7cce8 
* Deprecated TrustedURLs in the polyfill.

See #192.

* Moved the tests from iframe.srcdoc to script.src (no support for srcdoc in IE).

* Fixed tests in IE.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
polyfill spec
Projects
None yet
Milestone
v1
Development

Successfully merging a pull request may close this issue.

Removed TrustedURL for non-navigational sinks. koto/trusted-types
1 participant
@koto